The URL can be used to link to this page

Home My WebLink AboutRes 30-10 07/20/2010 RESOLUTION NO. 30-10 A RESOLUTION APPROVING A PRIVACY POLICY REGARDING INFORMATION OBTAINED FOR VILLAGE OF MOUNT PROSPECT GRANT AND LOAN PROGRAMS WHEREAS, the Village of Mount Prospect provides financial assistance to qualified persons (the "Borrower ") under certain of its grant and loan programs (the "Program "); and WHEREAS, the Federal Trade Commission has established policies and procedures for safeguarding certain information obtain from or about Borrowers, as required by the Gramm - Leach Bliley Act (Pub. L. 106 -102, 113 Stat. 1338, enacted November 12, 1999), and also requires that financial institutions take appropriate measures to dispose of such information; and WHEREAS, the Illinois Personal Information Act, 815 ILCS 530/1 et seq., requires any entity that handles, collects, disseminates, or otherwise deals with non - public personal information to provide notice of any breach of the security of such information to that person; and WHEREAS, the Corporate Authorities of the Village of Mount Prospect have considered the Privacy Policy Regarding Information Obtained For Village Of Mount Prospect Grant and Loan Programs (the "Privacy Policy "), a copy of which is attached hereto and made a part hereof as Exhibit 1, and have determined that said Policy is in the best interest of the Village of Mount Prospect and its residents and complies with the aforementioned state and federal laws and rules. NOW, THEREFORE, BE IT RESOLVED BY THE PRESIDENT AND BOARD OF TRUSTEES OF THE VILLAGE OF MOUNT PROSPECT, COOK COUNTY, ILLINOIS, AS FOLLOWS: 2503552 SECTION 1: The recitals as set forth above are incorporated herein by reference and made a part hereof as material and operative provisions of this Resolution. SECTION 2: The Privacy Policy is hereby adopted and approved. SECTION 3: The Village of Mount Prospect and all its officers and employees, who have access to Borrower Information as defined in the attached Privacy Policy, are subject to its provisions and shall follow and abide by the provisions thereof. SECTION 4: The Village Clerk shall cause a copy of this Resolution and the attached Policy to be delivered to each officer and employee of the Village who is subject to the provisions of the Privacy Policy. SECTION 5: This Resolution shall be in full force and effect from and after its adoption and approval as provided by law. ADOPTED this 20 day of July, 2010, pursuant to a roll call vote as follows: AYES: Juracek, Korn, Matuszak, Polit, Zadel NAYS: None ABSENT: Hoefert 250355_2 CERTIFICATION OF THE VILLAGE OF MOUNT PROSPECT REGARDING THE ILLINOIS HOUSING DEVELOPMENT AUTHORITY'S PRIVACY POLICY REQUIREMENTS The undersigned hereby certifies to the ILLINOIS HOUSING DEVELOPMENT AUTHORITY ( "IHDA ") that the Village of Mount Prospect has complied with the requirements of IHDA, as set forth in its letter to the undersigned dated the 1 day of March, 2010, including the Village of Mount Prospect's adoption of a Privacy Policy Regarding Information Obtained For Village of Mount Prospect Grant and Loan Programs (the "Privacy Policy ") that complies with the GLB Act, the Safeguard Rule, the Disposal Rule and the PIP Act, as described in the Privacy Policy, a copy of which is attached hereto as Exhibit 1. IN WITNESS WHEREOF, the undersigned has caused this Certification to be duly executed as of this Q /S7' day of Z72' /y , 2010. 250355_2 EXHIBIT 1 PRIVACY POLICY REGARDING INFORMATION OBTAINED FOR VILLAGE OF MOUNT PROSPECT GRANT AND LOAN PROGRAMS A. Policy. The Village of Mount Prospect (the "Village ") provides financial assistance to qualified persons (the "Borrower ") under certain of its grant and loan programs (the "Program "). In that regard, the Federal Trade Commission has established policies and procedures for safeguarding certain information obtained from or about Borrowers (the "Safeguard Rule "), as required by the Gramm -Leach Bliley Act (Pub.L. 106 -102, 113 Stat. 1338, enacted November 12, 1999) (the "GLB Act "), and also requires that financial institutions take appropriate measures to dispose of such information (the "Disposal Rule "). In addition, the Illinois Personal Information Protection Act, 815 ILCS 530/1 et seq. (the "PIP Act "), requires any entity that handles, collects, disseminates, or otherwise deals with non - public personal information to provide notice of any breach of the security of such information to that person. The Village is subject to the requirements of both Acts whenever Borrowers provide it with non - public personally identifiable information or the Village otherwise obtains such information about a Borrower in connection with providing Program services to the Borrower. The Village hereby establishes and adopts this information security policy ( "Privacy Policy ") to assure compliance with the GLB Act, the Safeguard Rule, the Disposal Rule and the PIP Act. This Policy is designed to: • Ensure the security and confidentiality of Borrower Information. • Protect against any anticipated threats or hazards to the security or integrity of such information. • Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to Borrowers. • Provide notice to Borrowers in the event of a breach in the security protecting the information occurs. • Properly dispose of any of the Borrowers' information. B. Definitions. "Borrower Information" is defined as any record containing non - public, personally identifiable information, whether in paper or electronic form, that the Village obtains from an applicant, a Borrower, an employee or other third party, in the process of offering a financial 250355_2 product or service from the Village; or such information about a Borrower provided to the Village by another financial institution; or such information that the Village otherwise obtains about a Borrower in connection with providing a financial product or service to the Borrower. "Non- Record Material" shall mean (1) material not filed as evidence of administrative activity or for the informational content thereof; (2) extra copies of documents preserved only for convenience of reference; (3) stocks of printed or reproduced documents kept for supply purposes, where file copies have been retained for record purposes; (4) books, periodicals, newspapers, posters, and other library and museum materials made or acquired and preserved solely for reference or exhibition purposes; and (5) private materials neither made nor received by the Village pursuant to state law or in connection with the transaction of the Village's business. Duplicate files, copies, library materials, and stocks of obsolete blank forms or pamphlets originally intended for distribution are not considered to be official records or record copies. "Program" means Village- sponsored financial assistance through 1) non - commercial loans; and 2) all loans or grants which require the applicant to provide name, address and any one (1) of the following: social security number, state drivers license or identification card number, or an account number, credit card number or debit card number. "Records" mean all books, papers, maps, photographs, digitized electronic material, or other official documentary materials, regardless of physical form or characteristics, made, produced, executed, or received by the Village in connection with the transaction of public business and must be preserved or appropriate for preservation as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the Village, or because of the informational data contained therein. "Record Retention Policy" means the Village's record retention policy that provides guidance in establishing and maintaining an efficient records management program. "Service Providers" mean all third parties who, in the ordinary course of the Village's business, are provided access to Borrower Information. C. The Information Security Policy. The five elements of this Policy require the Village to: (1) designate one or more employees to coordinate this Policy, (2) identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of Borrower Information, (3) ensure that safeguards are employed to control the identified risks and that the effectiveness of these safeguards is regularly tested and monitored, (4) select Service Providers that are capable of maintaining appropriate safeguards and require them, by contract, to implement and maintain such safeguards and (5) evaluate and adjust this Policy based on the results of the testing and monitoring, any material changes to operations, or any other circumstances that have or may have a material impact on this Policy. 1. Safeguard Program Coordinator 2503552 The Village hereby designates the Village's Deputy Director of Community Development as the person who will be responsible for implementing and maintaining this Policy (the "Safeguard Program Coordinator "). The responsibilities of the Safeguard Program Coordinator include, but are not limited to, the following: (a) The Safeguard Program Coordinator must identify the individuals at the Village's office who have access to Borrower Information and the Safeguard Program Coordinator must maintain a current listing of these individuals. (b) The Safeguard Program Coordinator must identify potential and actual risks to the security and privacy of Borrower Information, evaluate the effectiveness of current safeguards for controlling these risks, design and implement additional required safeguards, and regularly monitor and test the application of this Policy. (c) The Safeguard Program Coordinator must ensure that (i) adequate training and education programs are developed and provided to all employees with access to Borrower Information and that (ii) existing policies and procedures that provide for the security of Borrower Information are reviewed and adequate. (d) The Safeguard Program Coordinator must identify Service Providers with access to Borrower Information, ensure that these Service Providers are included within the scope of this Policy and maintain a current listing of these Service Providers. 2. Risk Identification and Assessment Under the guidance of the Safeguard Program Coordinator, each employee or member of the Village with access to Borrower Information must take steps to identify and assess internal and external risks to the security, confidentially and integrity of the Borrower Information. At a minimum, such risk assessment must consider: (a) employee training and management, (b) information systems, including network and software design, (c) information processing, storage, transmission and disposal and (d) detecting, preventing and responding to attacks or other system failures. The Safeguard Program Coordinator must ensure that risk assessments are conducted at least annually and more frequently when needed. (a) Employee training and management include: (i) checking references prior to hiring employees who will have access to Borrower Information; (ii) asking every new employee to sign an agreement to follow the Village's confidentially and security standards for handling Borrower Information; (iii) training employees to take basic steps to maintain the security, confidentiality and integrity of Borrower Information, such as: (a) locking 250355_2 rooms and file cabinets where paper records are kept; (b) using password - activated screensavers; (c) using computer passwords with at least six characters long including numbers; (d) changing computer passwords periodically and not posting passwords near employees' computers; (e) referring calls or other requests for Borrower Information to the Safeguard Program Coordinator; and (f) recognizing any fraudulent attempt to obtain Borrower Information and reporting it to the Safeguard Program Coordinator; (iv) reminding all employees of this Policy and the legal requirements; (v) limiting access to Borrower Information to employees who have a business reasons for seeing it; and (vi) imposing disciplinary measures for any breaches. 3. Borrower Information Safeguards and Monitoring The Safeguard Program Coordinator must verify that employees with access to Borrower Information design and implement reasonable safeguards to control identified risks to the security, confidentiality and integrity of Borrower Information and that the effectiveness of these safeguards is monitored regularly. Such safeguards and monitoring must include the following: (a) Employee Management and Training Safeguards for information security include training of those individuals with authorized access to Borrower Information. The Safeguard Program Coordinator must develop appropriate training and education programs for all affected current and new employees. (b) Records Safeguards Safeguards for Records and Non - Record Material containing Borrower Information must include: (i) creating and implementing access limitation to Records containing Borrower Information; (ii) storing Records containing Borrower Information in a secure area with limited access; (iii) protecting Records containing Borrower Information from physical hazards such as fire or water damage; (iv) disposing of outdated records containing Borrower Information pursuant to the Secured Destruction of Borrower Information section of this Policy; 2503552 (v) disposing of Non - Record Materials containing Borrower Information when they cease to be useful pursuant to the Secured Destruction of Borrower Information section of this Policy; and (vi) other reasonable measures to secure Records and Non - Record Materials containing Borrower Information during the course of its life cycle while in the Village's possession or control. (c) Information Systems Safeguards "Information Systems" include network and software design, as well as data processing storage, transmission and disposal. The Village must implement and maintain safeguards to control the risks to Information Systems, as identified through the risk assessment process. Safeguards for the Information Systems must include: (i) creating and implementing access limitation to Information Systems that stores Borrower Information; (ii) using secure, password - protected systems within and outside the Village for access to the Information Systems that stores Borrower Information; (iii) regularly obtaining and installing patches to correct software vulnerabilities; (iv) permanently removing Borrower Information from computers, diskettes, magnetic tapes, hard drives or other electronic media prior to disposal; (v) protecting the Information Systems from physical hazards such as fire or water damage; (vi) detecting, preventing and responding to network attacks or other Information Systems failures; and (vii) other reasonable measures to secure the Information System that stores Borrower Information during the course of its life cycle while in the Village's possession or control. 4. Service Providers The Safeguard Program Coordinator must identify Service Providers with access to Borrower Information. The Safeguard Program Coordinator must ensure that reasonable steps are take to select and retain Service Providers that are capable of maintaining appropriate safeguards for Borrower Information and must require Service Providers, by contract, to 2503552 implement and maintain such safeguards. Non - public personal Borrower Information shall not be provided to third parties for marketing purposes. 5. Monitoring And Testing Safeguards The Safeguard Program Coordinator must develop and implement procedures to test and monitor the effectiveness of information security safeguards. Monitoring levels must be appropriate to the probability and potential impact of the risks identified, as well as the sensitivity of the information involved. Monitoring may include sampling, systems checks, systems access reports and any other reasonable measure. D. Notice To Illinois Borrowers. 1. Notice of Privacy Policy: The Village will annually provide notice of its Privacy Policy, in substantially the form set forth in Attachment A, which is attached to this Policy, to applicants and recipients of its Programs during the continuation of such customer relationship. Such notice will also be provided prior to establishing a relationship with an applicant, i.e., before the applicant discloses any nonpublic personal information to the Village Such notice may be provided in the manner described in subsection 3 below. 2. The Village shall display the Privacy Notice where it will be visible to all applicants and Borrowers. 3. Notice of Breach: Following discovery or notification of a breach of the Village's security of Borrower Information, the Safeguard Program Coordinator shall notify Illinois residents at no charge that there has been a breach. The notice shall be made in the most expedient time possible and without unreasonable delay, consistent with any measures necessary to determine the scope of the breach and restore the reasonable integrity, security and confidentiality of the data system. The notice shall be provided in writing, by mail to the last known address or in person, or electronically so long as the electronic notice is consistent with provisions regarding electronic records and signatures for notices legally required to be in writing pursuant to 15 U.S.C. § 7001. E. Secured Destruction Of Borrower Information The Village shall dispose of outdated Records and Non - Record Material containing Borrower Information in accordance with its Record Retention Policy and in such manner as to ensure the security and confidentiality of such information. Pursuant to the Disposal Rule, the Village must take reasonable measures to dispose of Borrower Information to avoid the unauthorized use of, or access to, Borrower Information in connection with its disposal. Although the Disposal Rule does not mandate a specific form of disposal, the Village has determined that such disposal shall be conducted by shredding. Outdated Records and Non - Record Material containing Borrower Information shall be shredded only at the direction and approval of the Safeguard Program Coordinator and as provided in the Record Retention Policy. F. Review And Adjustment Of This Policy 250355_2 The Safeguard Program Coordinator must evaluate and annually revise this Policy in connection with the results of the testing and monitoring described above, as well as any material changes to the Village's operations, including changes in technology, the sensitivity of Borrower Information and any other circumstances that may reasonably impact this Policy. The Safeguard Program Coordinator must review this Policy annually to assure ongoing compliance with GLB Act, the Safeguard Rule, the Disposal Rule, and the PIP Act, and as well as consistency with other existing and future laws and regulations. G. Strict Adherence To Information Security Policy Employees of the Village, who may have access to or receive Borrower Information shall become familiar with the requirements of this Policy regarding information security and strictly adhere to them. 2503552 ATTACHMENT A PRIVACY NOTICE TO APPLICANTS AND RECIPIENTS OF VILLAGE OF MOUNT PROSPECT GRANT AND LOAN PROGRAMS As an applicant and /or recipient of a Village of Mount Prospect grant or loan program that requires the Village to collect non - public personal information from your application and consumer reporting agencies, the Village of Mount Prospect would like to advise you of its privacy policy. This non - public personal information includes your address and other contact information, demographic background, loan status, family income, social security number, employment information, collection and repayment history, and credit history. We disclose non - public personal information to third parties: 1) only as necessary to process and service your grant or loan; 2) only as necessary to effect, administer or enforce your grant or loan; 3) with your consent; or 4) as permitted or provided by applicable laws, including the Illinois Freedom of Information Act ( "FOIA ") and the Privacy Act of 1974. Applicable laws permit disclosure to third parties for certain purposes. Examples of such disclosures include (i) disclosure in connection with enforcement purposes or litigation, audits or other investigations; (ii) to comply with proper requests under FOIA or other federal, state, or other local laws and regulations; and (iii) to federal and state agencies to the extent specifically permitted or required by law. We do not sell or otherwise make available any non - public personal information about you to any third parties for marketing purposes. We protect the security and confidentiality of non - public personal information by limiting and monitoring all physical access to sites where non - public personal information is kept. A complete copy of our written privacy policy is available upon request. If we decide to change our privacy policy, we will provide you with a revised privacy policy containing such changes. If you have any questions, please contact , Phone Number: VILLAGE: The Village of Mount Prospect By: Printed Name: Title: 250355_2