I Want To Departments & Agencies
News Events Employment Language

Human Resources Department

Employee Resources
County Of Sonoma Administrative Support & Fiscal Services Human Resources Employee Resources Administrative Policy Manual Section IV Risk Assessment and Sections V and VI
Employee Resources

6-5 Identity Theft Prevention Program

County Administrator's Office

Return to Identity Theft Prevention Program Table of Contents

Approved: Board of Supervisors                                                          
Authority: Board of Supervisors and Board of Directors, Community Development Commission                                                                                    Revised Date: July 21, 2009

What’s on this Page

Section IV. Risk Assessment

Section V. Outside Service Providers

Section VI. Categories and Types of Red Flags Applicable to Accounts

Read Next: Section VII. Prevention and Mitigation of Identity Theft

IV. Risk Assessment

  1. The County and the SCCDC is each a creditor due to its provision or maintenance of covered accounts for loan programs, general assistance, debt collection and health services.
  2. The County and the SCCDC have not encountered any reported incidents related to identity theft involving the County’s covered accounts.
  3. The County and the SCCDC limit access to personal identifying information to those employees responsible for or otherwise involved in opening or restoring covered accounts or accepting payment for use of covered accounts.
  4. The County and the SCCDC must comply with many regulations that protect an individual’s right to privacy such as HIPAA, AB2985 (2006) Foster Youth Identity Theft, SB1104 Welfare and Institutions code, etc.
  5. The County and the SCCDC have well established IT (Information Technology) security policies that cover the computer systems that store personal information.
  6. In addition to County and SCCDC security policies and procedures, each covered department has security policies and procedures of their own.
  7. The County and the SCCDC have secure campuses where appropriate, where employees must pass through a security network to obtain physical access.
  8. Access to covered accounts is limited to authorized County or SCCDC personnel.
  9. Each Stakeholder Department has established procedures for opening and maintaining covered accounts.

V. Outside Service Providers

As listed above, the County and the SCCDC use service providers to assist in collecting accounts. Each Stakeholder Department is responsible for the oversight of their service providers.

VI. Categories and Types of Red Flags Applicable to Accounts

Because of the wide range of County and the SCCDC activities, each Stakeholder Department identifies the categories and types of red flags, as listed in Appendix A that are unique to their situation.

Back to top