FEM Electric Association, Inc.

Policy No. 527

Policy on Privacy, Confidentiality and Identity Theft

  1. Objective:
    1. To establish fair information principles for FEM Electric Association, Inc. in carrying out its responsibility to respect the privacy and confidentiality of member-consumer information.
    2. To provide a guide in complying with the Federal Trade Commission "Red Flags" Rule.  These guidelines are designed to detect, prevent, and mitigate identity theft.
  2. Identity records and the purpose of use. Records that we obtain from our member-owners for operational purposes, which are considered targets of identity theft, are listed below.
    1. Social Security Number (SSN)/Employer Identification Number (EIN): We will request social security numbers or employer identification numbers for our energy members when new membership applications are completed.  If the applicant is a business entity, the EIN will be used.  The SSN/EIN will be input in our billing system and security rights will be set for non-administrators to have all digits marked except for the last four digits.  This information, along with our past applications that requested the SSN/EIN, are stored in the members file that are secured in a file cabinet that is locked.  Only authorized employees have access to these files.  Member files are also scanned and kept electronically in our NISC Document Vault which authorized employees have access to.  The security levels of our software are approved by our General Manager/CEO.
    2. Drivers License or Photo Identification Number: As part of the Application for Service, job order customers and electrical department customers, members are required to provide a copy of their driver's license or a photo identification.  The copy will be kept in the secure file cabinet that is locked with limited access by authorized employees.  The drivers license or photo identification number may be input in the billing system with the last four digits being masked.  This information will be maintained under the same security as SSN/EIN numbers in paragraph #1 above.
    3. Member's Address Records: These records are a critical part of the operation of our business.  We do ask for this information on the member's application, enter this information in our software and file the application in the member's file.  A current drivers license or photo identification for the member and co-member will be required with their Application for Electric Service.  All employees have access to a member's address due to emergency situations so as a power outage.  FEM Electric will do periodic surveys to update this information.  Members can also update this information at any time by calling, emailing, faxing or stopping in our office.  To identify the member we will ask for their date of birth, the member can set up a code word to be used, or photo identification for verification.
    4. Credit Card Information: As bill paying becomes more electronic, we do allow our members to pay their electric bill by credit card.  We use First Data through NISC to process credit card transactions and also have a credit card terminal in-house for consumers to swipe and process a payment.  All credit card payments are initiated by the consumer and the employees will not have direct control of credit card numbers.  All credit card information is masked and all reports are shredded after a month.  Security levels are set to allow only authorized employees to access these files.
    5. ACH Payments: Another form of payment our consumers can utilize is ACH or automatic withdrawal from bank account.  Members must complete an ACH authorization form and send it back to our office.  We will input this information into our accounting software and file the completed authorization form in the member's file.  Again only authorized employees have access to these files.
    6. Electronic Check Payments: We do allow our consumers to pay their electric bill by electronic check, we use ProfitStars through NISC as the electronic check processors.  Electronic checks are initiated by the consumer so no data will be stored in NISC billing software.
    7. Online Banking and Mobile App: Consumers have the option of using FEM Electric's on-line banking option and mobile app.  Consumers initiate and finalize all payments which are handled through First Data or ProfitStars.
  3. Policy
    1. Notice
      1. FEM Electric Association, Inc. discloses to its member-consumers its bylaws, policies and practices for the collection, maintenance, use and disclosure of identifiable information about its member-consumers.
      2. FEM Electric Association, Inc. collects and maintains appropriate information about its member-consumers as a routine part of its operations.
      3. When providing electricity and related services, FEM Electric Association, Inc. collects information from member-consumers, including name, address, telephone number, payments and usage history.  SSN/EIN numbers, credit card information, drivers license/photo identification, and certificates of good standing for businesses will be obtained when needed.  Usage history may include information on a member-consumer's property and appliances, and information maintained for meter reading purposes (e.g., warning about a dog in yard).
      4. Membership and governance activities may result in the maintenance of capital and patronage account information for members and former members, and contact information for former members.
      5. Occasionally, FEM Electric Association, Inc. may survey a sample of its member-consumers to collect information to identify needs or improve service.
      6. Other activities by FEM Electric Association, Inc. or its affiliates, including security and home improvement services, will result in the collection of additional information about a member-consumer's property, appliances, and activities.  This information will be collected and maintained only when and to the extent appropriate to provide the services.
      7. This notice general describes FEM Electric Association, Inc.'s privacy and confidentiality policies.  The policy is not a formal limitation on the ability of FEM Electric Association, Inc. to use, manage, and disclose its records as FEM Electric Association, Inc. determines to be necessary, appropriate, or as required by Law.  It is subject to change without notice.
    2. Trust
      1. General Practices: FEM Electric Association, Inc. maintains information about member-consumers for purposes that are suitable to its operations and management.  Information is collected only through lawful and fair means and for appropriate purposes.  FEM Electric Association, Inc. is committed to maintaining accurate, complete, timely, relevant, and appropriate information about member-consumers as necessary for the purpose for which the information is to be used.
      2. Access and Correction: FEM Electric Association, Inc. generally permits its member-consumers to access and seek correction of records about themselves that are used by FEM Electric Association, Inc. to provide service, for billing, and to manage capital accounts.  Any person who wants to identify personal records maintained by FEM Electric Association, Inc., access the records, or correct the records should contact the FEM Electric office.  To identify the member we will ask for their date of birth, the member can also set up a code word for the Customer Service/billing application module, or drivers license/photo identification which must be provided before we allow access to any personal information.
    3. Security
      1. FEM Electric Association, Inc. maintains member-consumer information with technical, administrative, and physical safeguards to protect against loss, unauthorized access, destruction, misuse, modification, and improper disclosure.  No record or computer system can ever be fully protected against every possible hazard.  FEM Electric Association, Inc. provides reasonable and appropriate security to protect against foreseeable hazards.
      2. FEM Electric Association, Inc. requires its employees and, when practicable, its affiliates and contractors who have access to identifiable member-consumer information to sign a statement acknowledging that they have read this privacy and confidentiality policy and agreeing to comply with it.  Any employee or contractor who fails to comply with these rules may be subject to disciplinary action up to and including dismissal.
      3. FEM Electric Association, Inc. maintains various safeguards to prevent the unlawful dissemination of member's information.  However, in the event that member's personal or protected information is reasonably believed to have been acquired by an unauthorized person or entity, FEM Electric Association, Inc. will disclose such breach to the member within sixty (60) days from discovery or notification of the breach, unless a longer period of time is required due to the legitimate needs of law enforcement.  In addition, FEM Electric Association, Inc. will also notify the South Dakota Attorney General regarding the breach of member's information.
    4. Use and Disclosure
      1. FEM Electric Association, Inc. uses and discloses identifiable information about member-consumers in defined and responsible ways in order to carry out its operations.  This section describes how identifiable information about member-consumers may be used and disclosed.
      2. Records may be disclosed to affiliates of contractors hired by FEM Electric Association, Inc. to assist in carrying out operations, such as service, billing, and management functions including legal, audit, and collection services.
      3. Member-consumer information may be disclosed to and shared with commercial and consumer credit reporting agencies for credit-related activities (e.g., the reporting of bad debts).
      4. Records may be disclosed to government regulators and other government agencies when authorized or required by law.
      5. Records may also be compiled in aggregate form for FEM Electric Association, Inc. management activities.
      6. Records may be disclosed when required by law, such as in response to a search warrant, subpoena, or court order.  FEM Electric Association, Inc. may use and disclose records for investigations into employee misconduct or for law enforcement investigations related to our business.  Disclosures may also be made when appropriate to protect FEM Electric Association, Inc.'s legal rights or during emergencies if physical safety is believed to be at risk.  These events are unlikely, but they are possible.  FEM Electric Association, Inc. will take reasonable steps to limit the scope and consequences of any of these disclosures.
      7. Records may be shared with other utilities under shared service agreements or to meet operational requirements.
      8. Records about member-consumer may be disclosed with written permission of the member-consumer
      9. In addition, member-consumer information may be shared with affiliates and partners of FEM Electric Association, Inc. that offers products and services to member-consumers.
      10. Membership lists of FEM Electric Association, Inc. may be disclosed to a member of the cooperative for a proper purpose, such as in connection with FEM Electric Association, Inc. election activities.  In some instances, lists may be made available for appropriate uses without disclosing the list to a third party.  For example, FEM Electric Association, Inc. may undertake a mailing on behalf of and at the expense of a third party.
      11. FEM Electric Association, Inc. does not sell, rent, loan, exchange or otherwise release mailing lists of telephone lists of member-consumers for marketing purposes.  FEM Electric Association, Inc. does not disclose any information about a member-consumer to nonaffiliated third parties without the prior, written consent of the member-consumer
      12. The members of FEM Electric Association, Inc. have the right to vote to authorize other uses and disclosures of information.
      13. Member-consumers may request that their information not be shared with affiliates for the offer of new products and services.  In such event, the member-consumer should contact the FEM Electric office in writing.
    5. Questions and Disputes
      1. This policy is maintained and supervised by FEM Electric Association, Inc. PO Box 468, Ipswich, SD 57451, 605-426-6891, fem@femelectric.coop.  Questions about the policy may be directed to that office.  Any disputes over access, correction, or other matters may also be directed to that office.  FEM Electric Association, Inc. will do its best to resolve any questions or problems that arise regarding the use of member-consumer information.
  4. Responsibility
    1. The board shall ensure that this policy reflects current practices for personal information about member-consumers.
    2. The General Manager/CEO shall ensure that this policy is adhered to.

REFERENCE: 12/18/2007 (Adopted) 10/27/2008 (Revised); 04/21/2009 (Revised); 08/16/11 (Revised); 11/17/2015 (Revised); 09/27/2016 (revised); 06/26/2018 (Revised); 02/19/19 (Revised); 05/19/2020 (Revised); 07/20/21 (revised)
Eric Odenbach, Secretary