HomeMy WebLinkAboutG17-11 Ordinance No.G17-11
AN ORDINANCE
ADOPTING AN IDENTITY PROTECTION POLICY
IN ACCORDANCE WITH THE IDENTITY PROTECTION ACT
WHEREAS,the State of Illinois enacted the Identity Protection Act(5 ILCS 179/1,et seq.)
(the "Act"), effective June 1, 2010; and
WHEREAS, the Act requires state and local government agencies, including the City of
Elgin (the "City") to take certain steps to protect Social Security numbers from unauthorized
disclosure; and
WHEREAS,the Act further requires the City to implement an Identity Protection Policy,as
defined by the Act, by June 1, 2011; and
WHEREAS, the City has developed an Identity Protection Policy in the form provided
herein.
NOW, THEREFORE, BE IT ORDAINED BY THE CITY COUNCIL OF THE CITY OF
ELGIN, ILLINOIS:
Section 1. Recitals. The recitals set forth above are incorporated as part of this ordinance
by this reference.
Section 2. Approval of Policy. The City hereby approves and adopts the Identity
Protection Policy in the form attached to this ordinance.
Section 3. Effective Date. This ordinance shall be in full force and effect as of May 31,
2011, from and after its passage, approval and publication in the manner required by law.
cattie
David J. Kaptain ayor
Presented: May 25, 2011
Passed: May 25, 2011
Vote: Yeas: 6 Nays: 0 ;: '�. � C
Recorded: May 25, 2011 ""`
Published: May 27, 2011
rt
Attest:
/000
Je . ifer Q ;'ton, Acting City Clerk
CITY OF ELGIN
IDENTITY PROTECTION POLICY
WITH REGARD TO THE COLLECTION,USE AND
COMMUNICATION OF INDIVIDUALS'
SOCIAL SECURITY NUMBERS
This policy is to comply with the Identity Protection Act,as amended(5 ILCS 179/1, et seq.).
1. Definitions.
a. "Person"means any individual in the employ of the City of Elgin.
b. "Publicly post"or"publicly display"means to intentionally communicate or
otherwise intentionally make available to the general public.
2. Prohibited Activities.
a. No officer or employee of the City of Elgin shall do any of the following:
i. Publicly post or publicly display in any manner an individual's Social
Security number.
ii. Print an individual's Social Security number on any card required for the
individual to access products or services provided by the person or entity.
iii. Require an individual to transmit his or her Social Security number over the
internet, unless the connection is secure or the Social Security number is
encrypted.
iv. Print an individual's Social Security number on any materials that are mailed
to the individual through the U.S. Postal Service, any private mail service,
electronic mail or any similar method delivery, unless state or federal law
requires the Social Security number to be on the document to be mailed.
Notwithstanding any provision in this section to the contrary,Social Security
numbers may be included in applications and forms sent by mail,including,
but not limited to,any material mailed in connection with the administration
of the Unemployment Insurance Act,any material mailed in connection with
any tax administered by the Department of Revenue,and documents sent as
part of an application or enrollment process or to establish, amend or
terminate an account, contract or policy, or to confirm the accuracy of the
Social Security number. A Social Security number that may permissibly be
mailed under this section may not be printed, in whole or in part, on a
postcard or other mailer that does not require an envelope or be visible on an
envelope without the envelope having been opened.
- 1 -
b. Except as otherwise provided by this policy, no officer or employee of the
City of Elgin shall do any of the following:
i. Collect, use or disclose a Social Security number from an individual unless
(a) required to so under state or federal law, rules or regulations, or the
collection, use or disclosure of the Social Security number is otherwise
necessary for the performance of that agency's duties and responsibilities;(b)
the need and purpose for the Social Security number is documented before
collection of the Social Security number;and(c)the Social Security number
collected is relevant to the documented need and purpose.
ii. Require an individual to use his or her Social Security number to access an
interne website.
iii. Use the Social Security number for any purpose other than the purpose for
which it was collected.
c. The prohibitions in subsection (b) shall not apply in the following
circumstances:
i. The disclosure of Social Security numbers to agents,employees,contractors
or subcontractors of the City of Elgin or disclosure to another governmental
entity or its agents, employee, contractors or subcontractors if disclosure is
necessary in order for the entity to perform its duties and responsibilities;and,
if disclosing to a contractor or subcontractor, prior to such disclosure, the
officer or employee of the City of Elgin must first receive from the contractor
or subcontractor a copy of the contractor's or subcontractor's policy that sets
forth how the requirements imposed under this policy on the City of Elgin to
protect an individual's Social Security number will be achieved.
ii. The disclosure of Social Security numbers pursuant to a court order,warrant
or subpoena.
iii. The collection, use or disclosure of Social Security numbers in order to
ensure the safety of City of Elgin employees; persons committed to
correctional facilities, local jails and other law enforcement facilities or
retention centers; wards of the state; and all persons working in or visiting a
City of Elgin facility.
iv. The collection, use or disclosure of Social Security numbers for internal
verification or administrative purposes.
v. The City shall comply with the provisions of the Illinois Freedom of
Information Act(5 ILCS 140/1 et seq.)and any other state law with respect to
allowing the public inspection and copying of information or documents
- 2 -
containing all or any portion of an individual's Social Security number.
However,the City shall redact Social Security numbers from the information
or documents before allowing the public inspection or copying of the
information or documents. When collecting Social Security numbers, the
City shall request each Social Security number in a manner that makes the
Social Security number easy to redact, if required to be released as part of a
public records request.
vi. The collection or use of Social Security numbers to investigate or prevent
fraud; to conduct background checks; to collect a debt; to obtain a credit
report from a consumer reporting agency under the federal Fair Credit
Reporting Act; to undertake any permissible purpose that is enumerated
under the federal Gramm Leach Bliley Act; or to locate a missing person, a
lost relative or a person who is due a benefit,such as a pension benefit or an
unclaimed property benefit.
d. Any standards of the City of Elgin for the collection, use or disclosure of
Social Security numbers that are stricter than the standards under this policy
with respect to the protection of those Social Security numbers,then,in the
event of any conflict with the provisions of this policy,the stricter standards
adopted by the City of Elgin shall control.
3. Public Inspection and Copying of Documents. Notwithstanding any other provision
of this policy to the contrary, all officers and employees of the City of Elgin shall
comply with the provisions of the Illinois Freedom of Information Act,5 ILCS 140/1,
et seq., and any other state law with respect to allowing the public inspection and
copying of information or documents containing all or any portion of an individual's
Social Security number. All officers and employees of the City of Elgin shall redact
Social Security numbers from the information or documents before allowing the
public inspection or copying of the information or documents.
4. Applicability.
a. This policy shall not apply to the collection, use or disclosure of a Social
Security number as required by state or federal law, rule or regulation.
b. This policy does not apply to documents that are required to be open to the
public under any state or federal law,rule or regulation,applicable case law,
Supreme Court rule or the Constitution of the State of Illinois.
5. Compliance with Federal Law. If a federal law takes effect requiring any federal
agency to establish a national unique patient health identifier program, the City of
Elgin shall follow that law.
- 3 -
6. Embedded Social Security Numbers. No officer or employee of the City of Elgin
may encode or embed a Social Security number in or on a card or document,
including,but not limited to,using a bar code,chip,magnetic strip,RFID technology
or other technology, in place of removing the Social Security number as required by
this policy.
7. Identity Protection Requirements.
a. All officers, employees and agents of the City of Elgin identified as having
access to Social Security numbers in the course of performing their duties
shall be trained to protect the confidentiality of Social Security numbers.
Training shall include instructions on the proper handling of information that
contains Social Security numbers from the time of collection through the
destruction of the information.
b. Only employees who are required to use or handle information or documents
that contain Social Security numbers have access to such information or
documents.
c. Social Security numbers requested from an individual shall be provided in a
manner that makes the Social Security number easily redacted if required to
be released as part of a public records request.
d. When collecting a Social Security number or upon request by the individual,
a statement of the purposes for which the City of Elgin is collecting and using
the Social Security number shall be provided.
e. A written copy of this policy and any amendments thereto shall be filed with
the city council within thirty (30) days after approval of this policy or any
amendment thereto.
f. The City of Elgin shall advise its employees of the existence of this policy
and make a copy of the policy available to each employee, and shall also
make this privacy policy available to any member of the public upon request.
If the City of Elgin amends this policy,the City of Elgin shall also advise its
employees of the existence of the amended policy and make a copy of the
amended policy available to each employee.
8. Violation. Any person who intentionally violates the prohibitions in Section 10 of
the Identity Protect Act (paragraph 2 of this policy) is guilty of a Class B
misdemeanor.
9. Scope. This policy does not supersede any more restrictive law, rule or regulation
regarding the collection, use or disclosure of Social Security numbers.
- 4 -
10. Statement of Purpose. A Statement of Purpose is attached hereto and made a part
hereof as Attachment A.
- 5 -
ATTACHMENT A
STATEMENT OF PURPOSE FOR
COLLECTION OF SOCIAL SECURITY NUMBERS
BY THE CITY OF ELGIN
The Identity Protection Act(5 ILCS 179/1 et seq.) and the Identity Protection Policy of the City of
Elgin (the "City') require the City to provide an individual with a statement of the purpose or
purposes for which the City is collecting and using the individual's Social Security Number("SSN")
any time an individual is asked to provide the City with his or her SSN or upon request of the
individual. This Statement of Purpose is being provided to you because you have been asked by the
City to provide your SSN or because you requested a copy of this Statement of Purpose.
Why do we collect your Social Security number?
You are being asked for your SSN for one or more of the following reasons:
Employment
Volunteer(background check)
Contract payment
W-9
What do we do with your Social Security number?
We will only use your SSN for the purpose for which it was collected. We will not:
• Sell, lease, loan,trade or rent your SSN to a third party for any purpose;
• Publicly post or publicly display your SSN;
• Print your SSN on any card required for you to access our services;
• Require you to transmit your SSN over the interne,unless the connection is secure or
your SSN is encrypted; or
• Print your SSN on any materials that are mailed to you, unless state or federal law
requires that number to be on documents mailed to you. If mailed,your SSN will not be
visible without opening the envelope in which it is contained.
Questions or complaints about this Statement of Purpose:
Write to: City of Elgin
Attn: Human Resources Director
150 Dexter Court
Elgin, IL 60120
- 6 -
. r
• '.
ulh
REPORT TO MAYOR & MEMBERS OF CITY COUNCIL_ E L I N
THE CITY IN THE SUBURBS-
AGENDA ITEM: E
MEETING DATE: May 11, 2011
ITEM:
Ordinance Adopting an Identity Protection Policy
(No Cost to the City)
OBJECTIVE:
To protect social security numbers from unauthorized disclosure and to comply with the
requirements of the Illinois Identity Protection Act.
RECOMMENDATION:
Approval of the Ordinance adopting an identity protection policy.
• BACKGROUND
In response to growing concerns regarding fraudulent use of Social Security numbers, Illinois
created the Social Security Number Protection Task Force in 2004. The Task Force consisted of
various members representing interested state entities. The purpose of the Task Force was to
explore changes which would replace the use of Social Security numbers by state and local
governmental agencies.
In response to the recommendations of the Task Force, in January 2010, the Illinois State
Legislature passed the Identity Protection Act, which became effective on July 1, 2010. The Act
limits a municipality's ability to post or display an individual's Social Security number; print an
individual's Social Security number on cards for the access of products and services or on
mailed materials; require an individual to transmit a Social Security number via the internet; or
collect Social Security numbers in general. The Act also requires public sector employers to
have an identity protection policy in place by June 1, 2011.
OPERATIONAL ANALYSIS
The purpose of the Act and the required policy is to protect Social Security numbers from
unauthorized disclosure which can be used to facilitate identity theft. In addition, the Act
requires that all employees must be made aware of the policy and a copy must be made
• available to the public upon request. Staff who have access to Social Security numbers must be
• trained on the proper handling of information containing Social Security numbers from the time
of collection to the time of destruction.
The Act requires that the policies adopted by all affected governmental agencies must:
1.. Specifically designate the Identity Protection Act.
2. Require all employees with access to Social Security numbers in the course of
their work duties to receive training on protecting the confidentiality of Social
Security numbers. The training must include instructions on properly handling
information containing Social Security numbers from the time of collection
through the time of destruction.
3. Direct that only employees who are required to use or handle information or
documents containing Social Security numbers have access to such information
or documents.
4. Require that Social Security numbers requested from an individual be provided
in a format that allows Social Security numbers to be easily redacted if required
to be released as part of a public records requests.
5. Require the governmental agency to set forth a statement of the purpose or
purposes for which the agency is collecting and using the Social Security
numbers when collecting Social Security numbers from individuals.
• The city is required to fully implement the training aspects of the policy within twelve (12)
months of the approval of its identity protection policy.
Attached is a proposed ordinance adopting an identity protection policy in accordance with the
Identity Protection Act.
INTERESTED PERSONS CONTACTED
The recommended policy complies with the requirements of the Identity Protection Act and has
been drafted using a number of sources, including the Illinois Municipal League and the policies
adopted by various Illinois governmental agencies, including, but not limited to, the Village of
Lombard; the Lake County Forest Preserve District; the Illinois Board of Higher Education; the
Village of Sugar Grove; the City of Peoria; the City of Warrenville; and the Village of Rantoul.
The policy is also reflective of the issues raised by the report to the Illinois General Assembly of
the Social Security Number Protection Task Force.
FINANCIAL ANALYSIS
There are no direct costs associated with this initiative.
•
• BUDGET IMPACT
FUND(S) ACCOUNT(S) PROJECT#(S) AMOUNT AMOUNT
BUDGETED AVAILABLE
N/A N/A N/A N/A N/A
LEGAL IMPACT
The Illinois Identity Protection Act (5 ILCS 179/1) requires the city to adopt an identity
protection policy which conforms to certain minimum guidelines.
ALTERNATIVES
The city is required to adopt a policy on identity protection in conformance with the Identity
Protection Act's requirements. Therefore, the city must either adopt (1) the recommended
policy; or (2) an amended version of the recommended identity protection policy which
conforms to the Act's requirements.
NEXT STEPS
Implementation of the identity policy's provisions, including, but not limited to, training staff
• within the next year.
Originators: Michael R. Gehrman, Assistant Corporation Counsel
Final Review: Colleen Lavery, Chief Financial Officer
William A. Cogley, Corporation Counsel/Chief Development Officer
Richard G. Kozal, Assistant City Manager/Chief Operating Officer
Approved:
Sean R. Stegall, City Manager
ATTACHMENTS
A. Proposed Ordinance
•
• Ordinance No.Gxx-11
AN ORDINANCE
ADOPTING AN IDENTITY PROTECTION POLICY
IN ACCORDANCE WITH THE IDENTITY PROTECTION ACT
WHEREAS,the State of Illinois enacted the Identity Protection Act(5 ILCS 179/1,et seq.)
(the"Act"),effective June 1, 2010; and
WHEREAS, the Act requires state and local government agencies, including the City of
Elgin (the "City") to take certain steps to protect Social Security numbers from unauthorized
disclosure; and
WHEREAS,the Act further requires the City to implement an Identity Protection Policy,as
defined by the Act,by June 1, 2011; and
WHEREAS, the City has developed an Identity Protection Policy in the form provided
herein.
NOW, THEREFORE, BE IT ORDAINED BY THE CITY COUNCIL OF THE CITY OF
ELGIN, ILLINOIS:
• Section 1. Recitals. The recitals set forth above are incorporated as part of this ordinance
by this reference.
Section 2. Approval of Policy. The City hereby approves and adopts the Identity
Protection Policy in the form attached to this ordinance.
Section 3. Effective Date. This ordinance shall be in full force and effect as of May 31,
2011, from and after its passage,approval and publication in the manner required by law.
David J. Kaptain, Mayor
Presented:
Adopted:
Vote: Yeas Nays:
Recorded:
Attest:
Jennifer Quinton,Acting City Clerk
• F:\Legal Dept\Ordinances\dentity Protection Policy.doc
i CITY OF ELGIN
IDENTITY PROTECTION POLICY
WITH REGARD TO THE COLLECTION,USE AND
COMMUNICATION OF INDIVIDUALS'
SOCIAL SECURITY NUMBERS
This policy is to comply with the Identity Protection Act, as amended(5 ILCS 179/1, et seq.).
1. Definitions.
a. "Person"means any individual in the employ of the City of Elgin.
b. "Publicly post" or "publicly display" means to intentionally communicate
or otherwise intentionally make available to the general public.
2. Prohibited Activities.
a. No officer or employee of the City of Elgin shall do any of the following:
i. Publicly post or publicly display in any manner an individual's Social
Security number.
• ii. Print an individual's Social Security number on any card required for the
individual to access products or services provided by the person or entity.
iii. Require an individual to transmit his or her Social Security number over
the internet, unless the connection is secure or the Social Security number
is encrypted.
iv. Print an individual's Social Security number on any materials that are
mailed to the individual through the U.S. Postal Service, any private mail
service, electronic mail or any similar method delivery, unless state or
federal law requires the Social Security number to be on the document to
be mailed. Notwithstanding any provision in this section to the contrary,
Social Security numbers may be included in applications and forms sent
by mail, including, but not limited to, any material mailed in connection
with the administration of the Unemployment Insurance Act, any material
mailed in connection with any tax administered by the Department of
Revenue, and documents sent as part of an application or enrollment
process or to establish, amend or terminate an account, contract or policy,
or to confirm the accuracy of the Social Security number. A Social
Security number that may permissibly be mailed under this section may
not be printed, in whole or in part, on a postcard or other mailer that does
not require an envelope or be visible on an envelope without the envelope
having been opened.
•
Sb. Except as otherwise provided by this policy, no officer or employee of the
City of Elgin shall do any of the following:
i. Collect, use or disclose a Social Security number from an individual
unless (a) required to so under state or federal law, rules or regulations, or
the collection, use or disclosure of the Social Security number is otherwise
necessary for the performance of that agency's duties and responsibilities;
(b) the need and purpose for the Social Security number is documented
before collection of the Social Security number; and (c) the Social
Security number collected is relevant to the documented need and
purpose.
ii. Require an individual to use his or her Social Security number to access an
internes website.
iii. Use the Social Security number for any purpose other than the purpose for
which it was collected.
c. The prohibitions in subsection (b) shall not apply in the following
circumstances:
i. The disclosure of Social Security numbers to agents, employees,
• contractors or subcontractors of the City of Elgin or disclosure to another
governmental entity or its agents, employee, contractors or subcontractors
if disclosure is necessary in order for the entity to perform its duties and
responsibilities; and, if disclosing to a contractor or subcontractor, prior to
such disclosure, the officer or employee of the City of Elgin must first
receive from the contractor or subcontractor a copy of the contractor's or
subcontractor's policy that sets forth how the requirements imposed under
this policy on the City of Elgin to protect an individual's Social Security
number will be achieved.
ii. The disclosure of Social Security numbers pursuant to a court order,
warrant or subpoena.
iii. The collection, use or disclosure of Social Security numbers in order to
ensure the safety of City of Elgin employees; persons committed to
correctional facilities, local jails and other law enforcement facilities or
retention centers; wards of the state; and all persons working in or visiting
a City of Elgin facility.
iv. The collection, use or disclosure of Social Security numbers for internal
verification or administrative purposes.
v. The City shall comply with the provisions of the Illinois Freedom of
• Information Act (5 ILCS 140/1 et seq.) and any other state law with
-2 -
• respect to allowing the public inspection and copying of information or
documents containing all or any portion of an individual's Social Security
number. However,the City shall redact Social Security numbers from the
information or documents before allowing the public inspection or
copying of the information or documents. When collecting Social
Security numbers, the City shall request each Social Security number in a
manner that makes the Social Security number easy to redact, if required
to be released as part of a public records request.
vi. The collection or use of Social Security numbers to investigate or prevent
fraud; to conduct background checks; to collect a debt; to obtain a credit
report from a consumer reporting agency under the federal Fair Credit
Reporting Act; to undertake any permissible purpose that is enumerated
under the federal Gramm Leach Bliley Act; or to locate a missing person,
a lost relative or a person who is due a benefit, such as a pension benefit or
an unclaimed property benefit.
d. Any standards of the City of Elgin for the collection, use or disclosure of
Social Security numbers that are stricter than the standards under this
policy with respect to the protection of those Social Security numbers,
then, in the event of any conflict with the provisions of this policy, the
stricter standards adopted by the City of Elgin shall control.
3. Public Inspection and Copying of Documents. Notwithstanding any other
provision of this policy to the contrary, all officers and employees of the City of
Elgin shall comply with the provisions of the Illinois Freedom of Information Act,
5 ILCS 140/1, et seq., and any other state law with respect to allowing the public
inspection and copying of information or documents containing all or any portion
of an individual's Social Security number. All officers and employees of the City
of Elgin shall redact Social Security numbers from the information or documents
before allowing the public inspection or copying of the information or documents.
4. Applicability.
a. This policy shall not apply to the collection, use or disclosure of a Social
Security number as required by state or federal law, rule or regulation.
b. This policy does not apply to documents that are required to be open to the
public under any state or federal law, rule or regulation, applicable case
law, Supreme Court rule or the Constitution of the State of Illinois.
5. Compliance with Federal Law. If a federal law takes effect requiring any federal
agency to establish a national unique patient health identifier program, the City of
Elgin shall follow that law.
•
- 3 -
•
110 6. Embedded Social Security Numbers. No officer or employee of the City of Elgin
may encode or embed a Social Security number in or on a card or document,
including, but not limited to, using a bar code, chip, magnetic strip, RFID
technology or other technology, in place of removing the Social Security number
as required by this policy.
7. Identity Protection Requirements.
a. All officers, employees and agents of the City of Elgin identified as
having access to Social Security numbers in the course of performing their
duties shall be trained to protect the confidentiality of Social Security
numbers. Training shall include instructions on the proper handling of
information that contains Social Security numbers from the time of
collection through the destruction of the information.
b. Only employees who are required to use or handle information or
documents that contain Social Security numbers have access to such
information or documents.
c. Social Security numbers requested from an individual shall be provided in
a manner that makes the Social Security number easily redacted if
required to be released as part of a public records request.
• d. When collecting a Social Security number or upon request by the
individual, a statement of the purposes for which the City of Elgin is
collecting and using the Social Security number shall be provided.
e. A written copy of this policy and any amendments thereto shall be filed
with the city council within thirty(30)days after approval of this policy or
any amendment thereto.
f. The City of Elgin shall advise its employees of the existence of this policy
and make a copy of the policy available to each employee, and shall also
make this privacy policy available to any member of the public upon
request. If the City of Elgin amends this policy, the City of Elgin shall
also advise its employees of the existence of the amended policy and make
a copy of the amended policy available to each employee.
8. Violation. Any person who intentionally violates the prohibitions in Section 10 of
the Identity Protect Act (paragraph 2 of this policy) is guilty of a Class B
misdemeanor.
9. Scope. This policy does not supersede any more restrictive law, rule or regulation
regarding the collection, use or disclosure of Social Security numbers.
•
-4 -
. • •
• 10. Statement of Purpose. A Statement of Purpose is attached hereto and made a part
hereof as Attachment A.
•
•
- 5 -
•
iATTACHMENT A
STATEMENT OF PURPOSE FOR
COLLECTION OF SOCIAL SECURITY NUMBERS
BY THE CITY OF ELGIN
The Identity Protection Act (5 ILCS 179/1 et seq.) and the Identity Protection Policy of the City
of Elgin (the "City') require the City to provide an individual with a statement of the purpose or
purposes for which the City is collecting and using the individual's Social Security Number
("SSN") any time an individual is asked to provide the City with his or her SSN or upon request
of the individual. This Statement of Purpose is being provided to you because you have been
asked by the City to provide your SSN or because you requested a copy of this Statement of
Purpose.
Why do we collect your Social Security number?
You are being asked for your SSN for one or more of the following reasons:
Employment
Volunteer(background check)
Contract payment
W-9
• What do we do with your Social Security number?
We will only use your SSN for the purpose for which it was collected. We will not:
• Sell, lease, loan,trade or rent your SSN to a third party for any purpose;
• Publicly post or publicly display your SSN;
• Print your SSN on any card required for you to access our services;
• Require you to transmit your SSN over the internet, unless the connection is secure or
your SSN is encrypted; or
• Print your SSN on any materials that are mailed to you, unless state or federal law
requires that number to be on documents mailed to you. If mailed, your SSN will not
be visible without opening the envelope in which it is contained.
Questions or complaints about this Statement of Purpose:
Write to: City of Elgin
Attn: Human Resources Director
150 Dexter Court
Elgin, IL 60120
411
- 6 -