Birth of the internet

CBC News

The internet was originally conceived for the U.S. military as a means of allowing a community of computers to share information over distance. It’s generally accepted that its later development was spurred on as much for research purposes as for military applications.

The body in charge of setting up the network was the Advanced Research Projects Agency (ARPA). In 1967, ARPA enlisted the help of the Stanford Research Institute in Menlo Park, Calif., to design the system. Within a year, Stanford researchers had designed a framework, which ARPA contracted out for implementation.

The first two nodes were installed at UCLA and Stanford Research Institute in August of 1969, but it wasn’t until two months later that the machines made first contact.

On October 29, 1969, at 10:30 p.m., UCLA engineering professor Leonard Kleinrock and student Charley Kline attempted to send a message from one Honeywell computer to a similar unit 600 kilometres away at Stanford Research Institute in Palo Alto. The connection speed was 50 kb/s.

The first message was supposed to be the word “login,” but the system crashed as they typed in the letter “g.” The first message, then, was “lo.” Although it was a bumpy – if not prophetic – beginning, the researchers were able to complete the message one hour later.

And so the ARPANET (the term internet was not coined until 1982) was born.

+++++++++++++++++++++++++++++++++++++

Portugal, Mark

happy birthday porch

From Astro-Databank

 

Mark Portugal
natal chart (Placidus)
natal chart English style (Equal houses)

Name	Portugal, Mark Gender: M
Birthname	Portugal, Mark Steven
born on	30 October 1962 at 07:45 (= 07:45 AM )
Place	Los Angeles CA, USA, 34n03, 118w14
Timezone	PST h8w (is standard time)
Data source	From memory Rodden Rating A
Astrology data	06°44′ 00°13 Asc. 25°18′

Biography

American pro baseball pitcher who has played on the American League for four years and the National League for nine years as of 1998. Portugal was signed as a non-drafted free agent by the Minnesota Twins organization 10/23/1980, right out of high school. Playing solid for five years, he was placed on the disabled list, August 1985 and in 1988. He was then traded to the Houston Astros 12/04/1988 and has since played with the San Francisco Giants, Cincinnati Reds and the Philadelphia Phillies 12/12/1996. Portugal was honored with pitcher on The Sporting News N.L. Silver Slugger team in 1994, appeared in one game as a pinch-runner, 1991, had one sacrifice hit in his only appearance as a pinch-hitter in 1981 and pitched in the Championship Series games of 1995. At 6’0″, 190 lbs., he throws right and bats right.

Link to Wikipedia biography

Events

• Work : Contracts, agreements 23 October 1980 (Signed with the Minnesota Twins)

• Health : Job related injury August 1985 (Placed on the disabled list)

• Health : Job related injury 1988 (Disabled list)

• Work : Contracts, agreements 4 December 1988 (Singed with the Houston Astros)

• Work : Contracts, agreements 12 December 1996 (Signed with the Philadelphia Phillies)

• Work : Prize 1994 (The Sporting News Silver Slugger team pitcher)

• Work : New Job 1991 (One appearance as a pinch-runner)

• Work : New Job 1996 (One appearance as a pinch-hitter)

• Work : Gain social status 1995 (Pitched in Championship Series game)

Categories

• Notable : Awards : Vocational award (Pitching award)

• Vocation : Sports : Baseball (Pro, pitcher)

+++++++++++++++++++++++++++++++++++

Halloween

From Wikipedia, the free encyclopedia

Halloween
Jack-o’-lantern
Also called	All Hallows’ Eve All Saints’ Eve
Observed by	Numerous Western countries (see article)
Type	Secular, with roots in Christian and Celtic tradition
Begins	Sunset
Ends	Midnight
Date	October 31
Celebrations	Costume parties, trick-or-treating in costumes, bonfires, divination
Related to	Samhain, All Saints’ Day

Halloween (also spelled Hallowe’en) is an annual holiday celebrated on October 31. It has roots in the Celtic festival of Samhain and the Christian holy day of All Saints. It is largely a secular celebration but some have expressed strong feelings about perceived religious overtones.^[1][2][3]

The day is often associated with the colors black and orange, and is strongly associated with symbols like the jack-o’-lantern. Halloween activities include trick-or-treating, wearing costumes and attending costume parties, ghost tours, bonfires, visiting haunted attractions, pranks, telling scary stories, and watching horror films.

//

History

Halloween has origins in the ancient festival known as Samhain (pronounced sow-in or sau-an),^[4][5] which is derived from Old Irish and means roughly “summer’s end”.^[5] This was a Gaelic festival celebrated mainly in Ireland and Scotland. However, similar festivals were held by other Celts – for example the festival of Calan Gaeaf (pronounced kalan-geyf) which was held by the ancient Britons.

 

Snap-Apple Night by Daniel Maclise showing a Halloween party in Blarney, Ireland, in 1832. The young children on the right bob for apples. A couple in the center play a variant, which involves retrieving an apple hanging from a string. The couples at left play divination games.

The festival of Samhain celebrates the end of the “lighter half” of the year and beginning of the “darker half”, and is sometimes^[6] regarded as the “Celtic New Year”.^[7]

The celebration has some elements of a festival of the dead. The ancient Celts believed that the border between this world and the Otherworld became thin on Samhain, allowing spirits (both harmless and harmful) to pass through. The family’s ancestors were honoured and invited home whilst harmful spirits were warded off. It is believed that the need to ward off harmful spirits led to the wearing of costumes and masks. Their purpose was to disguise oneself as a harmful spirit and thus avoid harm. In Scotland the spirits were impersonated by young men dressed in white with masked, veiled or blackened faces.^[8][9] Samhain was also a time to take stock of food supplies and slaughter livestock for winter stores. Bonfires played a large part in the festivities. All other fires were doused and each home lit their hearth from the bonfire. The bones of slaughtered livestock were cast into its flames.^[10] Sometimes two bonfires would be built side-by-side, and people and their livestock would walk between them as a cleansing ritual.

Another common practise was divination, which often involved the use of food and drink.

The name Halloween and many present-day traditions, derive from the Old English era.^{[11][12][13][14][15]}

Origin of name

The term Halloween, originally spelled Hallowe’en, is shortened from All Hallows’ Even – e’en is a shortening of even, which is a shortening of evening. This is ultimately derived from the Old English Eallra Hālgena ǣfen.^[16] It is now known as “Eve of” All Saints’ Day, which is November 1st.

A time of pagan festivities,^[7] Popes Gregory III (731–741) and Gregory IV (827–844) tried to supplant it with the Christian holiday (All Saints’ Day) by moving it from May 13 to November 1.

In the 800s, the Church measured the day as starting at sunset, in accordance with the Florentine calendar. Although All Saints’ Day is now considered to occur one day after Halloween, the two holidays were once celebrated on the same day.

Symbols

 

A traditional Irish halloween Jack-o’-lantern from the early 20th century on display in the Museum of Country Life, Ireland.

On All Hallows’ eve, many Irish and Scottish people have traditionally placed a candle on their western window sill to honor the departed. Other traditions include carving lanterns from turnips or rutabagas, sometimes with faces on them, as is done in the modern tradition of carving pumpkins. Welsh, Irish and British myth are full of legends of the Brazen Head, which may be a folk memory of the ancient Celtic practice of headhunting. The heads of enemies may have decorated shrines, and there are tales of the heads of honored warriors continuing to speak their wisdom after death. The name jack-o’-lantern can be traced back to the Irish legend of Stingy Jack, a greedy, gambling, hard-drinking old farmer.^[17][18] He tricked the devil into climbing a tree and trapped him by carving a cross into the tree trunk. In revenge, the devil placed a curse on Jack, condemning him to forever wander the earth at night with the only light he had: a candle inside of a hollowed turnip. The carving of pumpkins is associated with Halloween in North America where pumpkins are both readily available and much larger- making them easier to carve than turnips.^[19] Many families that celebrate Halloween carve a pumpkin into a frightening or comical face and place it on their doorstep after dark. The American tradition of carving pumpkins preceded the Great Famine period of Irish immigration^{[20][dead link]} and was originally associated with harvest time in general, not becoming specifically associated with Halloween until the mid-to-late 1800s.^{[citation needed]}

The imagery surrounding Halloween is largely a mix of the Halloween season itself, works of Gothic and horror literature, in particular novels Frankenstein and Dracula, and nearly a century of work from American filmmakers and graphic artists,^[21] and British Hammer Horror productions, also a rather commercialized take on the dark and mysterious. Modern Halloween imagery tends to involve death, evil, the occult, magic, or mythical monsters. Traditional characters include the Devil, the Grim Reaper, ghosts, ghouls, demons, witches, goblins, vampires, werewolves, zombies, skeletons, black cats, spiders, bats, and crows.^[22]

Particularly in America, symbolism is inspired by classic horror films (which contain fictional figures like Frankenstein’s monster and The Mummy). Elements of the autumn season, such as pumpkins, corn husks, and scarecrows, are also prevalent. Homes are often decorated with these types of symbols around Halloween.

The two main colors associated with Halloween are orange and black.^[23]

Trick-or-treating and guising

 

Typical Halloween scene in Dublin, Ireland.

Trick-or-treating is a customary celebration for children on Halloween. Children go in costume from house to house, asking for treats such as candy or sometimes money, with the question, “Trick or treat?” The word “trick” refers to a (mostly idle) threat to perform mischief on the homeowners or their property if no treat is given. In some parts of Ireland and Scotland children still go guising. In this custom the child performs some sort of show, i.e. sings a song or tells a ghost story, in order to earn their treats.

Costumes

Halloween costumes are traditionally those of monsters such as ghosts, skeletons, witches, and devils. They are said to be used to scare off demons. Costumes are also based on themes other than traditional horror, such as those of characters from television shows, movies, and other pop culture icons.

Costume sales

BIGresearch conducted a survey for the National Retail Federation in the United States and found that 53.3% of consumers planned to buy a costume for Halloween 2005, spending $38.11 on average (up $10 from the year before). They were also expected to spend $4.96 billion in 2006, up significantly from just $3.3 billion the previous year.^[24]

UNICEF

“Trick-or-Treat for UNICEF” has become a common sight during Halloween in North America. Started as a local event in a Philadelphia suburb in 1950 and expanded nationally in 1952, the program involves the distribution of small boxes by schools (or in modern times, corporate sponsors like Hallmark, at their licensed stores) to trick-or-treaters, in which they can solicit small-change donations from the houses they visit. It is estimated that children have collected more than $118 million (US) for UNICEF since its inception. In Canada, in 2006, UNICEF decided to discontinue their Halloween collection boxes, citing safety and administrative concerns; after consultation with schools, they instead redesigned the program.^[25][26]

Games and other activities

This section is missing citations or needs footnotes. Please help add inline citations to guard against copyright violations and factual inaccuracies. (October 2008)

 

In this Halloween greeting card from 1904, divination is depicted: the young woman looking into a mirror in a darkened room hopes to catch a glimpse of the face of her future husband.

There are several games traditionally associated with Halloween parties. One common game is dunking or apple bobbing, in which apples float in a tub or a large basin of water and the participants must use their teeth to remove an apple from the basin.^[27] A variant of dunking involves kneeling on a chair, holding a fork between the teeth and trying to drop the fork into an apple^[28]. Another common game involves hanging up treacle or syrup-coated scones by strings; these must be eaten without using hands while they remain attached to the string, an activity that inevitably leads to a very sticky face.

Some games traditionally played at Halloween are forms of divination. A traditional Irish and Scottish form of divining one’s future spouse is to carve an apple in one long strip, then toss the peel over one’s shoulder. The peel is believed to land in the shape of the first letter of the future spouse’s name.^[29] Unmarried women were told^[who?] that if they sat in a darkened room and gazed into a mirror on Halloween night, the face of their future husband would appear in the mirror. However, if they were destined to die before marriage, a skull would appear. The custom was widespread enough to be commemorated on greeting cards^[30] from the late 19th and early 20th centuries.

The telling of ghost stories and viewing of horror films are common fixtures of Halloween parties. Episodes of TV series and specials with Halloween themes (with the specials usually aimed at children) are commonly aired on or before the holiday, while new horror films, are often released theatrically before the holiday to take advantage of the atmosphere.

Haunted attractions

 

In front of “haunted house” during Halloween season, Northern California.

Haunted attractions are entertainment venues designed to thrill and scare patrons; most are seasonal Halloween businesses. Origins of these paid scare venues are difficult to pinpoint, but it is generally accepted that they were first commonly used by the Junior Chamber International (Jaycees) for fundraising.^[31] They include haunted houses, corn mazes, and hayrides,^[32] and the level of sophistication of the effects has risen as the industry has grown. Haunted attractions in the United States bring in an estimate $300–500 million each year, and draw some 400,000 customers, although trends suggest a peak in 2005^[31]. This increase in interest has led to more highly technical special effects and costuming that is comparable with that in Hollywood films.^[33]

Foods

 

Candy apple

Because the holiday comes in the wake of the annual apple harvest, candy apples (known as toffee apples outside North America), caramel or taffy apples are a common Halloween treat made by rolling whole apples in a sticky sugar syrup, sometimes followed by rolling them in nuts.

At one time, candy apples were commonly given to children, but the practice rapidly waned in the wake of widespread rumors that some individuals were embedding items like pins and razor blades in the apples.^[34] While there is evidence of such incidents,^[35] they are quite rare and have never resulted in serious injury. Nonetheless, many parents assumed that such heinous practices were rampant. At the peak of the hysteria, some hospitals offered free x-rays of children’s Halloween hauls in order to find evidence of tampering. Virtually all of the few known candy poisoning incidents involved parents who poisoned their own children’s candy, and there have been occasional reports of children putting needles in their own (and other children’s) candy in need of a bit of attention.^{[citation needed]}

One custom that persists in modern-day Ireland is the baking (or more often nowadays, the purchase) of a barmbrack (Irish: báirín breac), which is a light fruitcake, into which a plain ring, a coin and other charms are placed before baking. It is said that those who get a ring will find their true love in the ensuing year. This is similar to the tradition of king cake at the festival of Epiphany.

List of foods associated with the holiday:

• Barmbrack (Ireland)
• Bonfire toffee (Britain)
• Candy apples
• Candy corn (North America)
• Caramel apples
• Caramel corn
• Colcannon (Ireland)
• Pumpkin, pumpkin pie, pumpkin bread
• Roasted pumpkin seeds
• Roasted sweet corn
• Soul cakes
• Novelty candy shaped like skulls, pumpkins, bats, worms, etc.

Around the world

With its roots in Celtic cultures, Halloween is not celebrated in all countries and regions of the world, and among those that do the traditions and importance of the celebration vary significantly. Celebration in the United States has had a significant impact on how the holiday is observed in other nations. The history of Halloween traditions in a given country also lends context to how it is presently celebrated.

Religious perspectives

 

A natural Halloween decoration in Muir Woods National Monument

In North America, Christian attitudes towards Halloween are quite diverse. In the Anglican Church, some dioceses have chosen to emphasize the Christian traditions of All Saints’ Day,^[36][37] while some other Protestants celebrate the holiday as Reformation Day, a day to remember the Protestant Reformation.^[38][39]

Many Christians ascribe no negative significance to Halloween, treating it as a purely secular holiday devoted to celebrating “imaginary spooks” and handing out candy. Halloween celebrations are common among Roman Catholic parochial schools throughout North America and in Ireland. In fact, the Roman Catholic Church sees Halloween as having a Christian connection.^[40] Father Gabriele Amorth, a Vatican-appointed exorcist in Rome, has said, “[I]f English and American children like to dress up as witches and devils on one night of the year that is not a problem. If it is just a game, there is no harm in that.”^[1]

Most Christians hold the view that the tradition is far from being “satanic” in origin or practice and that it holds no threat to the spiritual lives of children: being taught about death and mortality, and the ways of the Celtic ancestors actually being a valuable life lesson and a part of many of their parishioners’ heritage.^[41] Other Christians feel concerned about Halloween, and reject the holiday because they believe it trivializes (and celebrates) “the occult” and what they perceive as evil.^[2] A response among some fundamentalists in recent years has been the use of Hell houses or themed pamphlets (such as those of Jack T. Chick) which attempt to make use of Halloween as an opportunity for evangelism.^{[42][dead link]}

Some consider Halloween to be completely incompatible with the Christian faith^[43] due to its origin as a pagan “Festival of the Dead.” In more recent years, the Roman Catholic Archdiocese of Boston has organized a “Saint Fest” on the holiday.^[42] Many contemporary Protestant churches view Halloween as a fun event for children, holding events in their churches where children and their parents can dress up, play games, and get candy. Jehovah’s Witnesses do not celebrate Halloween for they believe anything that originated from a pagan holiday should not be celebrated by true Christians.^[44]

Religions other than Christianity also have varied views on Halloween. Celtic Pagans consider the season a holy time of year.^[45] Celtic Reconstructionists, and others who maintain ancestral customs, make offerings to the Gods and the ancestors.^[45]

Some Wiccans feel that the tradition is offensive to “real witches” for promoting stereotypical caricatures of “wicked witches”.^[3] Traditional Judaism frowns upon the celebration of Halloween.”^[46]

In Arab countries where it is celebrated, devotion is given to St. Barbara.

+++++++++++++++++++++++++++++++++++++++++++

The Red Flags Rule:

Frequently Asked Questions

The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program to detect the warning signs – or “red flags” – of identity theft in their day-to-day operations.  The staff of the Federal Trade Commission (FTC) has heard from companies across the country that are developing Programs.  Their questions – and the FTC’s answers – may help you develop a Program for your business.

These FAQs relate only to the Red Flags Rule and don’t address the applicability of other laws.  If you work for a bank, federally chartered credit union, or savings and loan, check with your federal regulatory agency for guidance.  The FAQs represent the opinions of the FTC staff, and aren’t binding on the Commission.  FTC staff will update these FAQs to address new questions from businesses.

A.  General Questions

About the Red Flags Rule

<!–

1. Where can I find the Red Flags Rule?
2. I’m not an attorney.  Where can I find plain-language guidance on complying with the Rule?

–>

B.  Who’s Covered by the

Red Flags Rule?

<!–

1. What types of businesses and organizations are covered by the Red Flags Rule?
2. Do all creditors and financial institutions need to have a written Identity Theft Prevention Program?
3. Is my coverage under the Red Flags Rule based on whether I pull credit reports or collect personal information like Social Security Numbers?
4. Am I a creditor because I accept certain forms of payment – say, checks, credit or debit cards, or automatic account debits – even if I don’t extend or arrange for credit myself?
5. Our clients pay a retainer before we provide services.  Although we may send an invoice for our charges, we satisfy it by drawing on the retainer.  Does this make us a creditor under the Red Flags Rule?
6. My law firm brings cases on a contingency basis.  Does this type of fee arrangement make me a creditor under the Red Flags Rule?
7. What does it mean to “regularly” extend credit?
8. Am I a creditor under the Rule if I extend credit to other businesses?
9. Do I have covered accounts if I’m a business creditor?
10. Am I a creditor if I regularly refer customers to third parties for credit?
11. I regularly arrange for the extension, renewal, or continuation of credit for my customers, so I’ve determined I’m a “creditor” under the Red Flags Rule. Do I need to have a written Identity Theft Prevention Program?
12. Our company offers individual retirement plans that allow participants to get loans from their own plan account.  Does that make us or the plan a creditor under the Rule?
13. If our company meets the definition of a “financial institution” or “creditor,” are the individual retirement accounts we make available to our employees considered “covered accounts” that must be included in our written Identity Theft Prevention Program?
14. Am I a creditor if I offer my employees health care flexible spending accounts that reimburse them for elected amounts that are more than they’ve contributed to date?  Am I a creditor if I serve as a third-party administrator that maintains those accounts for employees of other companies?
15. Are we a “financial institution” under the Red Flags Rule if we have accounts for our clients and offer a way for them to make payments or transfers to third parties with a debit card, check, or wire transfer?

–>

C.  The Red Flags Rule and

Government Agencies,

Non-Profit Organizations,

and Schools

<!–

1. Does the Red Flags Rule apply to government agencies and non-profit organizations?
2. What about municipalities, cities, or counties that send tax bills, issue parking tickets, or impose fines?  Are they “creditors” under the Rule?
3. What if I work for a municipality, city, or county, and we’ve already determined our activities fall within the Rule’s definition of “creditor” or “financial institution”?  Do our taxes, fines, etc., become “covered accounts” under the Red Flags Rule?
4. If we provide a mandatory municipal service that a customer can’t decline – like sewage – are we considered a “creditor” under the Rule?
5. Are schools that regularly offer tuition payment plans creditors under the Rule?

–>

D.  Designing Your

Identity Theft Prevention Program

<!–

1. Do creditors or financial institutions have to develop an Identity Theft Prevention Program if they already comply with data security requirements like the Health Insurance Portability and Accountability Act (HIPAA) or the Gramm-Leach-Bliley Act (GLB)?
2. Does the Rule require that I have specific practices or procedures in my Program – like identifying a particular red flag or reporting suspected identity theft?
3. Does the Red Flags Rule require me to check photo IDs of my customers?  If I check photo IDs, should I keep copies?
4. Does the Red Flags Rule require that I use Social Security numbers to verify my customers’ identity?
5. How do my obligations under other laws affect the implementation of my Identity Theft Prevention Program?
6. Under what circumstances should I contact law enforcement?  Who handles identity theft?
7. Are there samples or templates to help me set up my Program?
8. Is there a Red Flags certification or accreditation that will ensure our Program complies with the Rule?
9. We’re a creditor that regularly arranges for our customers to get credit from third parties and we have covered accounts.  What should our Identity Theft Prevention Program look like?
10. Does the FTC have a sample training policy for employees?
11. What if we hire service providers?  If our business has to have a Program under the Rule, do our service providers need a Program, too?

–>

E.  Red Flags Rule

Compliance and Enforcement

November 2008
Kevin D. Lyles

You may be surprised to learn that your business must comply with the new identity theft Red Flag Rules. Not only are credit card companies and financial institutions subject to these rules, but any company that regularly extends or merely arranges for the extension of credit is also subject to them. Thus, finance companies, mortgage brokers, automobile dealers, telecommunications companies, and utility companies, among others, will have to comply with the Red Flag Rules. If your company extends or arranges for the extension of credit, the Red Flag Rules require you to have an identity theft prevention program.

Background

On December 4, 2003, the President signed into law the Fair and Accurate Credit Transactions Act (“FACTA”). FACTA was enacted by Congress to provide consumers with increased protection from identity theft. The regulations directed six agencies to jointly “establish and maintain guidelines . . . [that] identify patterns, practices, and specific forms of activity that indicate the possible existence of identity theft.”[1] Accordingly, the six agencies published the final regulations on November 9, 2007, and those regulations became effective January 1, 2008,[2] with a mandatory compliance date of November 1, 2008.[3]

On October 22, 2008, one of the six agencies, the Federal Trade Commission (“FTC”), announced that it will suspend enforcement of the Red Flag Rules until May 1, 2009, to give creditors and financial institutions additional time in which to develop and implement written identity theft prevention programs. The FTC’s delay in enforcement, however, does not affect the other federal agencies’ enforcement of the original November 1, 2008, compliance deadline for financial institutions subject to their oversight. But for most creditors, the FTC’s delay in enforcement will give them much-needed time to become compliant with the Red Flag Rules.

The final regulations contain three parts. First, they require covered entities to create a written identity theft program designed to detect, prevent, and mitigate identity theft in connection with certain covered accounts (the “Red Flag Rules” or the “Rules”). Second, the regulations require users of consumer reports to adopt policies for verifying identity when they receive a notice of address discrepancy from a consumer reporting agency. Third, the regulations impose requirements on debit and credit card issuers to implement procedures to assess the validity of address changes under certain circumstances. This Commentary focuses on only the Red Flag Rules portion of the regulations.

Covered Entities

The Red Flag Rules cover financial institutions and creditors that offer or maintain covered accounts. The breadth of the Rules comes from the broad definition of “creditors.” The term “creditor” means “any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit.”[4] Consequently, many entities involved in the process of extending or maintaining credit must comply with the Red Flag Rules despite the fact that they do not extend credit themselves. For example, a retailer that takes applications for a third-party credit card or the car dealer that partners with a local bank branch to facilitate car loans will likely be subject to the Rules. Similarly, where nonprofit and government entities, such as many hospitals, defer payment for goods and services, they too will be considered creditors.

In addition to creditors, financial institutions are also required to comply with the Red Flag Rules. For purposes of the Rules, “financial institution” means a bank, savings and loan association, mutual savings bank, credit union, or any other person who, directly or indirectly, holds a transaction account belonging to a consumer.[5]

Under the Red Flag Rules, only those creditors and financial institutions that offer or maintain covered accounts are required to develop and implement an identity theft prevention program. A “covered account” is “(i) [a]n account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions . . . and (ii) any other account . . . for which there is a reasonably foreseeable risk to customers . . . from identity theft . . . .”[6] Covered accounts include credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, and checking and savings accounts. In determining whether the Red Flag Rules apply, a company should consider the types of accounts it offers, the methods it provides to open its accounts, the methods it provides to access its accounts, and its previous experiences with identity theft.[7] Additionally, the company should periodically perform a reassessment of all of its accounts to determine whether they are covered accounts that trigger the application of the Rules.

Designing a Program

Companies subject to the Red Flag Rules must design and implement a written identity theft prevention program that is designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account.[8] The Rules do not specify the contents of the program that must be adopted. An Appendix to the Rules contains Guidelines to assist companies in creating and maintaining their programs. The Rules require that the Guidelines be considered, but companies are free to tailor their programs as they see fit. The Rules give companies a great deal of flexibility, requiring merely that a company design and implement a program that is appropriate to the size and complexity of the company and the nature and scope of its activities.

The Red Flag Rules do require identity theft prevention programs to include “reasonable policies and procedures” to identify relevant red flags and incorporate them into the program, to detect those red flags, to respond appropriately when red flags are detected, and to ensure that the program is updated periodically. Each of these elements is discussed below.

Identify Relevant Red Flags. The first step in creating an identity theft prevention program, as required by the Red Flag Rules, is to determine which red flags are relevant to the company and to incorporate those red flags into its program.[9] “Red flags” are patterns, practices, or specific activities that indicate the possible existence of identity theft in connection with a covered account. The company should examine the covered accounts it currently offers or maintains and identify potential sources of red flags. A Supplement to the Rules sets forth 26 examples of potential red flags. While not all 26 of the example red flags must be incorporated, the company should seriously consider each example and have legitimate reasons for not incorporating any of them in the final written program. The company also should take into account its previous experience with identity theft in determining the appropriate red flags for its program. Red flags may include the following:

• An application that appears to have been forged, altered, or destroyed and reassembled.
• A consumer report that includes a fraud alert, credit freeze, or address discrepancy.
• A change-of-address notice that is followed shortly by a request for a new credit card, bank card, or cell phone.
• A Social Security number supplied by an applicant that is the same as that submitted by another person opening an account.
• An address or telephone number supplied by an applicant that is the same or similar to the account number or telephone number submitted by an unusually large number of other persons.
• Notification of the financial institution or creditor that the customer is not receiving account statements.
• Use of an account that has been inactive for a reasonably lengthy period of time.

Detect Red Flags. The company should implement procedures to detect the identified red flags. The company should be sure to verify the identity of persons opening new covered accounts and should authenticate customers with existing covered accounts.[10] For guidance, the company can refer to the verification procedures set forth in the Customer Identification Program rules that apply to financial institutions.[11

Establish Response Procedures. The company should develop appropriate policies and procedures to respond to any red flags that are detected. The responses, which should be commensurate with the degree of risk posed, may include monitoring an account, contacting the customer, changing passwords, or notifying law enforcement. In some situations, it may be appropriate to determine that no response is necessary.[12]

Ensure That the Program Is Updated Periodically. It is important for the company to periodically update its program to reflect changes in risks. The company must remain up to date with changes in identity theft, and as necessary, it must incorporate new methods of combating identity theft. Additionally, the company should be aware that risks may change when it alters its business arrangements or modifies the types of accounts it offers.[13]

Methods for Administering the Program

Approval of the initial written program must be obtained from the company’s board of directors or an appropriate committee thereof.[14] Oversight of the implementation and administration of the program must be done by the board, a board committee, or a designated employee at the level of senior management.[15] This oversight also includes reviewing reports and approving material changes to the program.[16] If the company has any arrangements with service providers, it must exercise oversight of those providers.[17] This can be done, for example, by requiring service providers to have their own Red Flag programs or by requiring them to follow the company’s program.

Consequences of Noncompliance

Failure to comply with the Red Flag Rules can result in various penalties. Consequences may include a civil money penalty for each violation, regulatory enforcement action, and negative publicity.[18] Although the Rules do not allow for any private legal action in the event of a violation,[19] there is the potential for private-plaintiff lawsuits under other laws because a violation of federal rules may itself be a violation of state laws. These state laws may permit actions by consumers or state attorneys general. In any event, it is likely that, over time, the Red Flag Rules will become a de facto standard of care applied to determine whether a company has negligently allowed a customer’s identity to be stolen.

Conclusion

In general, the new Red Flag Rules require companies with covered accounts to take reasonable measures to ensure the safety of sensitive consumer information. The Rules are intended to detect, prevent, and mitigate the risk of identity theft, but they do not require companies to adopt any particular policy or procedure. Rather, companies can scale their programs to match the size, complexity, and nature of their businesses. The process a company follows in adopting its identity theft prevention program will go a long way toward establishing that the program is reasonable. At a minimum, the company should be capable of justifying the policies and procedures it adopts by demonstrating that it has seriously considered the pertinent risks and has attempted to minimize them.

Lawyer Contact

For further information, please contact your principal Firm representative or the lawyer listed below. General email messages may be sent using our “Contact Us” form, which can be found at www.jonesday.com.

Kevin D. Lyles
1.614.281.3821
// <![CDATA[
PrintMail('kdlyles','jonesday.com','kdlylesjonesday.com', ' ');
// ]]>kdlyles@jonesday.com

This Commentary was prepared with assistance from Corey Dickey, a summer associate in the Columbus Office.

dealer plate use

regulations from the CCR =

dealer education at its best

• Location: california code of regulations dictates dealer plate use

 

cops for free dealer education for law enforcement