Alcohol at University Events and Identity Theft Prevention Plan: Difference between pages

From Appalachian State University Policy Manual
(Difference between pages)
imported>Deaskc
 
>Hildebranwl
 
Line 1: Line 1:
Policy 106.1
Policy 105.3
== Introduction ==
== Introduction ==
Campus underage drinking and alcohol abuse is a significant national problem resulting in consequences such as assaultive and self-destructive behavior, property damage, and loss of life. Appalachian State University (the "University") is concerned about the harmful effects of illegal and abusive alcohol practices on our campus and in the Boone community. The University is committed to establishing rules and regulations related to alcohol use and to providing appropriate prevention education and alternative activities for students, faculty, staff, alumni and guests. These actions represent a part of the University's comprehensive effort to maintain an environment that supports and encourages wellness, including appropriate decision-making about alcohol use.
=== Program Adoption ===
 
1.1.1 As a best practice and using as a guide the Federal Trade Commission's Red Flags Rule (16 CFR Part 681, implementing Section 114 of the Fair and Accurate Credit Transactions Act of 2003, Public Law 108-159) and North Carolina General Statutes, Chapter 75, Article 2A, Appalachian State University (the "University") has developed an Identity Theft Prevention Program (the "Program") described below. This Program was developed with oversight and approval of the Board of Trustees of Appalachian State University (the "Board"). After consideration of the size and complexity of the Universitys operations and account systems, and the nature and scope of the Universitys activities, the Board determined that this Program was appropriate for the University, and approved it on September 24, 2010 (the "Effective Date"). The purpose of this Program is to detect, prevent and mitigate identity theft in connection with any covered account. This Program envisions the implementation of policies and procedures subject to the Chancellor's approval in order to achieve these goals.
The University also recognizes that many choose not to use alcohol for personal, medical, family, religious and other reasons. These people have the right to live, work and learn in an environment that respects and supports abstinence. This document articulates the policies and procedures governing the use or possession of alcohol at the University in order to assist faculty, staff, students, alumni, and guests in planning for and making intelligent, legal decisions regarding alcohol.
 
Persons seeking clarification or further information should contact the University Police (262-2150), the Office of General Counsel (262-2751), or the Office of Student Development (262-2060).


== Scope ==
== Scope ==
 
2.1 All University personnel whose employment duties require or allow access to identifying information of other employees or students are responsible for implementing this Program.


== Definitions  ==
== Definitions  ==
=== ABC Permit ===
: any written or printed authorization, issued by the North Carolina Alcoholic Beverage Control Commission ("ABC Commission") that is valid for a particular location or event.
=== Alcohol or alcoholic beverages ===
: with respect to prohibitions stated in this policy, means "any beverage containing at least one-half of one percent (0.5%) alcohol by volume, including malt beverages, unfortified wine, fortified wine, spirituous liquor, and mixed beverages." With respect to provisions of this policy that allow possession or consumption of "alcohol" or "alcoholic beverages", those terms refer to beer or unfortified wine unless an ABC permit allowing service of fortified wine, spirituous liquor and mixed beverages has been issued.
=== Fortified wine ===
: means any wine, of more than sixteen percent (16%) and no more than twenty-four percent (24%) alcohol by volume, made by fermentation from grapes, fruits, berries, rice, or honey; or by the addition of pure cane, beet, or dextrose sugar; or by the addition of pure brandy from the same type of grape, fruit, berry, rice, or honey that is contained in the base wine and produced in accordance with the regulations of the United States.
=== Malt beverage ===
: means beer, lager, malt liquor, ale, porter, and any other brewed or fermented beverage containing at least one-half of one percent (0.5%), and not more than fifteen percent (15%), alcohol by volume.
=== Mixed beverage ===
: means either of the following:<br />
: a. A drink composed in whole or in part of spirituous liquor and served in a quantity less than the quantity contained in a closed package.<br />
: b. A premixed cocktail served from a closed package containing only one serving.
=== Public or general public ===
: means any person other than current employees, students or invited guests. [Invited guests are not members of the "public" or "general public" for purposes of State law and this policy.]
=== Serve ===
: means the act of University employees, contractors, volunteers or agents furnishing, selling, or giving alcoholic beverages to another person or persons.
=== Spirituous liquor or liquor ===
: means distilled spirits or ethyl alcohol, including spirits of wine, whiskey, rum, brandy, gin and all other distilled spirits and mixtures of cordials, liqueur, and premixed cocktails, in closed containers for beverage use regardless of their dilution.
=== Unfortified wine ===
: means any wine of sixteen percent (16%) or less alcohol by volume made by fermentation from grapes, fruits, berries, rice, or honey; or by the addition of pure cane, beet, or dextrose sugar; or by the addition of pure brandy from the same type of grape, fruit, berry, rice, or honey that is contained in the base wine and produced in accordance with the regulations of the United States.


== Policy and Procedure Statements ==
=== "Covered Account" ===
:Any account that constitutes a continuing financial relationship or is designed to permit multiple payments or transactions between the University and a person for a service, such as extension of credit, debit cards, Perkins Loans, Federal Family Education Loan Program (FFELP), institutional loans, accounts covered by the Health Insurance Portability and Accountability Act (HIPAA), deposit accounts, scholarship accounts, student accounts, and tuition payment plans.


=== General Policy ===
:Any other account that the University offers or maintains for which there is a reasonably foreseeable risk to holders of the account or to the University from identity theft, such as use of consumer reports for employee background checks, credit applications and institutional debit card applications. This may include operations of utilities (e.g., New River Light & Power Company), clinical and research activities, and public service activities.


The University supports and complies with all State and federal laws that pertain to the use of alcohol. Under University policy, it is illegal for any person under the age of 21 to possess or consume alcoholic beverages, or for any person to provide alcohol to an intoxicated person or to anyone under the legal drinking age. Campus rules and regulations, while being consistent with local, State and federal laws, reflect the educational mission of the University.  Notwithstanding the foregoing, North Carolina law permits license and ABC Permit holders to employ persons eighteen (18) years or older to prepare, serve, dispense or sell any alcoholic beverages, including mixed beverages pursuant to their employment duties (N.C.G.S. § 95-25.5(j)(2)).
=== Identifying Information ===
:Means any name or number that may be used, alone or in conjunction with any other information, to identify a specific person, including, but not limited to:


Persons who provide alcoholic beverages to anyone who is not of legal drinking age are in violation of North Carolina law and University policies and may be subject to both criminal prosecution and University disciplinary action. They may also be liable for personal injuries or property damages resulting from acts committed by intoxicated persons, whether underage or otherwise.
#name
#address
#telephone number
#social security number
#date of birth
#government-issued driver's license or identification number
#alien registration number
#government passport number
#employer or taxpayer identification number
#individual identification number
#computer's Internet Protocol address
#bank or other financial account routing code


Members of the University community who choose to drink will be held responsible for their behavior while under the influence of alcohol. Loss of control due to intoxication in no way excuses or justifies violation of state law, University regulations, or the rights of others. See Policy and Procedures on the Illegal or Abusive Use of Alcohol and Other Drugs in the University Resource Manual at
=== Identity Theft ===
http://www.resourcemanual.appstate.edu/administrative/pol9.htm and information provided by the Office of Student Conduct at http://www.studentconduct.appstate.edu/.
:Means a fraud committed or attempted using the identifying information of another person without authority [16 CFR 603.2(a)].


Except as otherwise expressly provided in this policy, possession or use of alcoholic beverages on University property is prohibited, unless specifically approved in writing by the Chancellor or the Chancellor's designee (e.g., the Director of Athletics for events falling within his/her jurisdiction, or the appropriate Vice Chancellor for events hosted by University departments, divisions, or entities reporting to that Vice Chancellor), or their respective designees.  The Chancellor or the Chancellor’s designee shall pre-approve any event held on campus and establish procedures for approval of alcoholic beverage service, provided, that use of the facility must be approved and scheduled prior to approval of alcohol use for a specific event.  The Approval shall be in the form of the “Request for Approval: Events Involving Possession or Consumption of Alcoholic Beverages on Campus”, hereinafter “Request for Approval” (See attached Appendix A).  
=== Program Administrator ===
:Means the individual designated with primary responsibility for oversight of this Program.
Events requiring approval fall into one of the following categories: 


1.  Malt beverages and/or unfortified wine will be served but not sold to guests (including members of the public).  Neither fortified wine nor spirituous liquor will be served or sold.  No ABC Permit shall be necessary for the event.  
=== Red Flag ===
:Means a pattern, practice, alert or specific activity that indicates the possible existence of identity theft.


2.  A BYOB event, at which individuals may not enter or participate with more than a six-pack of 12 oz containers of beer or wine coolers (72 oz) or 750 ml of unfortified wine.  Individuals may not enter or participate with spirituous liquor or fortified wine.  No ABC Permit shall be necessary.
=== Service Provider ===
:Means a person or entity that provides a service directly to the University.


3.  Spirituous liquor and/or fortified wine will be served but not sold to invited guests at a  reception, party, or other special occasion held on campus by a third party.  The third party seeking to use a University facility for such a special occasion must obtain a Limited Special Occasion Permit issued by the ABC Commission.
== Policy and Procedure Statements ==
4.  Malt beverages, unfortified wine, or fortified wine will be sold at a single fund-raising event of the University.  A Special One-Time Permit issued by the ABC Commission shall be necessary. 
 
5.  Brown-bagging (allowing each patron to bring up to eight liters of fortified wine or spirituous liquor, or eight liters of the two combined, onto the premises and to consume those alcoholic beverages on the premises) will be permitted at a single fund-raising event of the University.  A Special One-Time Permit issued by the ABC Commission shall be necessary. 
 
6.  Wine, malt beverages, and/or spirituous liquor will be served but not sold to patrons at a ticketed event held to allow the University to raise funds.  A Special One-Time Permit issued by the ABC Commission shall be necessary.
 
=== Broyhill Inn and Conference Center ===
The sale, use, and consumption of alcoholic beverages at the Broyhill Inn and Conference Center (“BICC”) shall conform to applicable law. Because the BICC operates on a daily basis under an ABC Permit, the BICC is not subject to the Request for Approval requirements of this policy.
 
=== Legends ===
The use and consumption of alcoholic beverages at Legends shall conform to applicable law. Legends is not subject to the Request for Approval requirements of this policy.
 
=== Performing Arts Centers ===
Although State law generally forbids the issuance of a "permit for the sale of malt beverages, unfortified wine, or fortified wine on the campus or property of a public school or college," the statute provides an exception permitting "constituent institutions of The University of North Carolina" to obtain a permit allowing "the sale of beer and wine at performing arts centers located on property owned or leased by the institutions if the seating capacity does not exceed 2,000 seats."  The Chancellor has designated the following as performing arts centers for purposes of this statute:  Farthing Auditorium, Rosen Concert Hall, Valborg Theater, and the Turchin Center.  Each performing arts center intending to sell malt beverages or unfortified wine must obtain an "On-Premises Malt Beverage Permit" and/or an "On-Premises Unfortified Wine Permit," depending on which alcoholic beverage is to be sold.  In addition, spirituous liquor may not be sold at a performing arts center.  For events at which an ASU performing arts center will sell malt beverages or unfortified wine pursuant to an On-Premises Malt Beverage Permit or an On-Premises Unfortified Wine Permit, such events are not subject to the Request for Approval requirements of this policy.
 
=== Residence Halls ===
Only persons twenty-one (21) years of age or older '''may possess''' alcoholic beverages in their own residence hall rooms or in rooms where they are invited guests and the host is at least twenty-one (21) years of age. Housing & Residence Life has adopted restrictions on the amounts of alcoholic beverages that residents who are twenty-one (21) years of age or older may bring into a residence hall or maintain in their residence hall rooms. '''Guests''', regardless of age, '''may not bring''' alcoholic beverages into residence halls.
 
=== Yosef Club Hospitality Events ===
The sale, use, and consumption of alcoholic beverages at the Yosef Club Hospitality Events shall conform to applicable law. Because the Yosef Club operates under an ABC permit, a Yosef Club Hospitality Event is not subject to the Request for Approval requirements of this policy
 
=== Athletics Complex at Kidd Brewer Stadium ===
'''Club Level'''
 
Alcoholic beverages (malt beverages and unfortified or fortified wine) will be made available for purchase for individuals over twenty-one (21) years of age on the club level of the Athletics Complex during publicly ticketed events. Appropriate permits must be obtained from the ABC Commission for alcohol to be present during events. A Request for Approval form must be completed prior to any non-football game events.
 
'''Suite Level'''


Suite holders may bring their own unfortified wine, fortified wine, spirituous liquor and malt beverages into their suite for football games. Suite holders will be allowed to access their suites on the Friday prior to home football games by arrangement with Athletics Department staff. No alcohol may be brought into the Athletics Complex on game day. Suite holders are responsible for controlling distribution of alcoholic beverages to their guests and for ensuring that individuals consuming alcohol are over twenty-one (21) years of age.
=== Identification of Red Flags ===
4.1.1 In order to identify relevant red flags, the University considers the types of covered accounts it offers or maintains, the methods it provides to open its covered accounts, the methods it provides to access its covered accounts, and its previous experiences with identity theft. Red flags may be detected while implementing existing account opening and servicing procedures (example: individual identification, caller authentication, third party authorization, and address changes).


=== Responsibilities of Hosts for On-Campus Events Where Alcoholic Beverages are Allowed ===
4.1.2 The University identifies the following as red flags in each of the listed categories:
All University students, employees, units and recognized organizations hosting activities, events, and programs where possession or consumption of alcohol is to be allowed must complete the Request for Approval, unless the event is to be held at Legends, the BICC, or another facility (such as a performing arts center) operating under its own ABC Permit, and comply with the following requirements:


1. Any participant who consumes alcoholic beverages at such events must produce for University officials, upon request, a valid driver's license or other photographic identification that reflects the person's age.
#Notifications and warnings from consumer reporting agencies
##Report of fraud accompanying a credit report;
##Notice or report from a credit agency of a credit freeze on an applicant;
##Notice or report from a credit agency of an active duty alert for an applicant;
##Receipt of a notice of address discrepancy in response to a credit report request; and
##Indication from a credit report of activity that is inconsistent with an applicant's usual pattern or activity
#Suspicious documents
##Identification document or card that appears to be forged, altered or inauthentic;
##Identification document or card on which a person?s photograph or physical description is not consistent with the person presenting the document;
##Other document with information that is not consistent with existing individual information; and
##Application that appears to have been altered or forged.
#Suspicious personal identifying information
##Identifying information that is inconsistent with other information the individual provides (example: inconsistent birth dates);
##Identifying information that is inconsistent with other sources of information (example: an address not matching an address on a loan application);
##Identifying information that is the same as information shown on other applications that were found to be fraudulent;
##Identifying information that is consistent with fraudulent activity (examples: an invalid phone number or fictitious billing address);
##Social security number that is the same as one given by another individual;
##An address or phone number that is the same as that of another person;
##A person fails to provide complete personal identifying information on an application when reminded to do so; and
##A person's identifying information is not consistent with the information that is on file for the individual. 
#Suspicious covered account activity
##Change of address for an account followed by a request to change the individual's name;
##Payments stop on an otherwise consistently up-to-date account;
##Account used in a way that is not consistent with prior use;
##Mail sent to the individual is repeatedly returned as undeliverable;
##Notice to the University that an individual is not receiving mail sent by the University;
##Notice to the University that an account has unauthorized activity;
##Breach in the University's computer system security; and
##Unauthorized access to or use of individual account information. 
#Alerts from others
##Notice to the University from an identity theft victim, law enforcement officer or other person that the University has opened or is maintaining a fraudulent account for a person engaged in identity theft.


2. All recognized University clubs, organizations, departments, and officially sanctioned activities must abide by all laws and policies of the State of North Carolina and the University.
=== Detection of Red Flags ===


3. Hosts must ensure that only individuals twenty-one (21) years of age possess or consume alcoholic beverages and that intoxicated individuals are not served alcohol.  Also, only persons eighteen (18) years of age or older may be employed to serve, dispense or sell alcoholic beverages, including mixed beverages, pursuant to their employment duties.
==== Student Enrollment ====


4. Individuals may not enter or participate in a BYOB event on campus with more than a six-pack of 12 oz containers of beer or wine coolers (72 oz) or 750 ml of unfortified wine. Neither spirituous liquor nor fortified wine is permitted at a BYOB event.  Facility managers may adopt more stringent limitations for specific events.
4.2.1.1 In order to detect any of the red flags identified above associated with the enrollment of a student, University personnel shall take the following steps to obtain and verify the identity of the person opening the account:


5. Except as otherwise required by law, regulation or ordinance, no University student or employee shall be denied access to any benefit or opportunity that the University provides on the basis of age. The University wishes to ensure that no University student or employee shall be prohibited from attending an event or participating fully in the program benefits offered, within the limits of the law, solely on the basis of his or her age. University units and recognized organizations are responsible for arranging supervision of an event where alcohol is served to assure access for all eligible participants, and that no underage consumption of alcoholic beverages occurs.
#Require certain identifying information such as name, date of birth, academic records, home address or other identification; and
#Verify the individual's identity at time of issuance of individual
   
   
6. Drinking games or other activities that encourage excessive consumption of alcohol will not be tolerated and are prohibited.
4.2.1.2 Identification card (example: review of driver's license or other government-issued photo identification).


7. Alternative beverages must be available at each event in sufficient quantities for those participants who cannot legally drink and for those who choose not to drink alcoholic beverages.
==== New Customers or Clients ====


8. A sufficient amount of food products (based upon number of participants) must be available at all times.
4.2.2.1 In order to detect any of the red flags identified above associated with service to a new customer or client, University personnel shall take the following steps to obtain and verify the identity of the person opening the account:


9. Adequate restroom facilities are required and must be in close proximity to these events.
#Require certain identifying information such as name, date of birth, academic records, home address or other identification; and
#Verify the individual's identity at time of issuance of individual


10. A copy of the completed Request for Approval must be delivered to the University Police at least seventy-two (72) hours in advance. When the nature and size of the event require greater than normal staffing on a given date, as determined in the sole discretion of the University Police Chief or that official's designee, the sponsor or host will be required to pay the expense of University Police officers to be in attendance.
4.2.2.2 Identification card (example: review of driver's license or other government-issued photo identification).


11. It is the responsibility of the University departments as well as the organizations' sponsors and/or advisors to inform their constituents of North Carolina law and University Policy in regard to events where alcohol is allowed. It is also the responsibility of sponsors to recognize their individual and/or group liability if violations of state law or University policy occur.
==== Existing Accounts ====


12. Non students and/or guests of members of the community are subject to all state laws and University policies while on University premises. Failure to abide by the laws and policies may result in a state citation and/or appropriate disciplinary action by the University.
4.2.3.1 In order to detect any of the red flags identified above for an existing covered account, University personnel shall take the following steps to monitor transactions on an account:


13. Except as otherwise specified herein, this policy applies to all on-campus University functions at which alcohol is served or consumed, including faculty, staff, student, athletic, alumni, and other University events.
#Verify the identification of individuals if they request information (in person, via telephone, via facsimile, via email);
#Verify the validity of requests to change billing addresses by mail or email and provide the individual a reasonable means of promptly reporting incorrect billing address changes; and
#Verify changes in banking information given for billing and payment purposes.


The Chancellor, or his designee, may supplement these requirements upon assessment of the special circumstances of a specific event.
==== Consumer ("Credit") Report Requests ====


=== Advertisement/Solicitation for Events Involving Alcoholic Beverages On-or Off-Campus ===
In order to detect any of the red flags identified above in regard to an employment or volunteer position for which a credit or background report is sought, University personnel shall take the following steps to assist in identifying address discrepancies:


All University units and recognized organizations that advertise events or activities where alcoholic beverages will be consumed will adhere to the following requirements:
#Require written verification from any applicant that the address provided by the applicant is accurate at the time the request for the credit report is made to the consumer reporting agency; and  
#In the event that notice of an address discrepancy is received, verify that the credit or background report pertains to the applicant for whom the requested report was made and report to the consumer reporting agency an address for the applicant that the University has reasonably confirmed is accurate.


As stated above, if an event at which alcoholic beverages are sold is open to the general public, an ABC Permit issued by the North Carolina ABC Commission is required.  Advertisement of such events in publicly accessible media will designate which alcoholic beverages may be sold pursuant to the appropriate ABC Permit;
=== Response to Red Flags ===


Drinking will not be promoted or glamorized;
4.3.1 Once potentially fraudulent activity is detected, an employee must act promptly to protect individuals and the University from damages and loss. At a minimum, the employee must gather all related documentation, write a description of the situation, and present this information to the program administrator.


Advertisements will clearly support the 21 year old legal age limit as established by North Carolina law;
4.3.2 The program administrator will complete additional investigation if necessary to determine whether the attempted transaction was fraudulent or authentic.


When advertising events where alcohol will be consumed, only the theme or the purpose of the event    is to be emphasized.  While the availability of alcoholic beverages at the event may be stated, it is not to be emphasized. Announcements for an approved BYOB event must specify the limitations on alcohol that may be brought into the facility (e.g., a six-pack of 12 oz containers of beer or wine coolers (72 oz) or 750 ml of unfortified wine);
4.3.3 If a transaction is determined to be fraudulent, appropriate actions must be taken immediately. Actions may include (1) canceling the transaction; (2) notifying and cooperating with appropriate law enforcement personnel; (3) determining the extent of liability of the University; and (4) notifying the individual upon whom fraud has been attempted or whose identifying information has been subjected to a security breach.


Each department within the University that engages in advertisement and sponsorship of clubs and organizations will be responsible for understanding and implementing this policy; and
=== Prevention and Mitigation of Identity Theft ===


Each department will establish a mechanism for review of alcohol advertising and will assure that guidelines are met.
In the event University personnel detect any identified red flags, such personnel shall take one or more of the following steps to prevent and mitigate identity theft, depending on their determination of the degree of risk posed by the red flag:


=== Special Provisions Concerning Tailgating ===
#Continue to monitor a covered account for evidence of identity theft; 
#Contact the individual or applicant (for whom a credit or background report was run);
#Change any passwords or other security devices that permit access to covered accounts;
#Refuse to open a new covered account;
#Provide the individual with a new individual identification number;
#Notify the program administrator for determination of the appropriate step(s) to take;
#Notify appropriate law enforcement personnel;
#File or assist in filing a Suspicious Activity Report ("SAR") with the Financial Crimes Enforcement Network, United States Department of the Treasury; and/or
#Determine that no response is warranted under the particular circumstances.


In addition to the other provisions of this policy, the following provisions apply specifically to tailgating involving alcoholic beverages.
==== Protect Identifying Information ====


'''Definition: Tailgating''' is defined as parking in a designated location or area and/or setting up non-permanent facilities (such as tents and tables) to consume food and beverages prior to an officially sanctioned University event to which the public is invited and the event has been approved for tailgating.  If the Chancellor or his designee pre-approves the consumption of alcohol for a specific tailgating event, only malt beverages and unfortified wine may be consumed by individuals twenty-one (21) years of age or older. 
In order to further prevent the likelihood of identity theft occurring with respect to covered accounts, the University will take the following steps to protect individual identifying information:


'''APPALACHIAN STATE UNIVERSITY DOES NOT SANCTION THE CONSUMPTION OR POSSESSION OF ALCOHOLIC BEVERAGES BY UNDERAGE PERSONS; NOR DOES IT SANCTION THE VIOLATION OF FEDERAL, STATE OR LOCAL LAW'''.  
#Ensure that its website is secure or provide clear notice that the website is not secure;  
#Ensure complete and secure destruction of paper documents and computer files containing individual account information when a decision has been made to no longer maintain such information;
#Ensure that office computers with access to covered account information are password protected;
#Ensure that laptops are password protected and encrypted;
#Avoid use of social security numbers;
#Ensure the security of the physical facility that contains covered account information;
#Ensure that transmission of information is limited and encrypted when necessary;
#Ensure computer virus protection is up to date; and
#Require and keep only the kinds of individual identifying information that is necessary for University purposes.


'''Areas and Times for Tailgating Involving Alcoholic Beverages'''
=== Additional Identity Theft Prevention Measures ===
==== Hard Copy Distribution ====
Each employee and contractor performing work for the University will comply with the following procedures:


Tailgating involving alcoholic beverages generally will be permitted only in one or more of the following areas as stipulated by the University Administration:
#File cabinets, desk drawers, overhead cabinets, and any other storage space containing documents with identifying information will be locked when not in use.
{|
#Storage rooms containing documents with identifying information and record retention areas will be locked at the end of each workday or when unsupervised.
|Broyhill Music Building Lot
#Desk workstations, work areas, printers and fax machines, and common shared work areas will be cleared of all documents containing identifying information when not in use.
|Chemistry and Physics (CAP) Lot
#Whiteboards, dry-erase boards, writing tablets, and other writing surfaces in common shared work areas will be erased, removed, or shredded when not in use.
|-
#When documents containing identifying information are discarded, they will be placed inside a locked shred bin or immediately shredded using a mechanical cross cut or Department of Defense-approved shredding device. Locked shred bins are labeled "Confidential paper shredding and recycling."
|Duck Pond Field
|Durham Park
|-
|Edwin Duncan Hall Lot
|Farthing Auditorium Lot
|-
|Greenwood Lot
|Holmes Center Lot
|-
|John Thomas Hall Lot
|Justice/Coltrane Halls Lot
|-
|Katherine Harper Hall
|Raley Lot
|-
|Rivers Street Parking Deck
|South Lot
|-
|Stadium Lot
|Legends Lot
|-
|Student Recreation Center Lot
|University Drive Parking Spaces
|-
|New parking deck next to the Carol Grotnes Belk Library and Information Commons
|}
For a map and description of tailgating and parking locations, click on the following links:  http://www.alumni.appstate.edu/tailgateattherock/tailgatemap.html and http://www.alumni.appstate.edu/tailgateattherock/tailgatezones.html#C.


The above-designated areas are the ONLY locations approved for tailgating with alcohol.  Consumption of alcohol outside designated areas and/or time periods constitutes a violation of Appalachian State University Football Tailgating Policy (See http://www.alumni.appstate.edu/PDFs/tailgatepolicy.pdf).  Violators may be subject to prosecution under the Appalachian State University Code of Student Conduct (See http://studentconduct.appstate.edu), the laws of the Town of Boone, and/or the laws of the State of North Carolina.
=== Program Administration ===
==== Oversight ====
The responsibility for developing, implementing and updating this Program lies with the program administrator designated by the Chancellor. The program administrator shall be responsible for ensuring appropriate training of University staff on the Program, for reviewing any staff reports regarding the detection of red flags and the steps for preventing and mitigating identity theft, determining which steps of prevention and mitigation should be taken in particular circumstances and considering periodic changes to the Program.


'''Consumption of Alcohol'''
==== Staff Training ====
University employees responsible for implementing the Program shall be trained under the direction of the program administrator in the detection of red flags and the responsive steps to be taken when a red flag is detected.


1. Only malt beverages and unfortified wine may be possessed or consumed. Spirituous liquor (including mixed drinks) is not permitted.
==== Reports ====
Appropriate staff shall report to the program administrator at least annually on compliance with this Program. The report shall address matters such as the effectiveness of the policies and procedures of the University in addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts; service provider arrangements; significant incidents involving identity theft and the University's response; and recommendations for material changes to the Program.


2. Kegs and other common containers are not allowed at any time.
==== Service Provider Arrangements ====
In the event the University engages a service provider to perform an activity in connection with one or more covered accounts, the University will take the following steps to ensure the service provider performs its obligations in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft, including the following:


3. Glass containers are not allowed.  
#Require, by signed contract, that service providers have such policies and procedures in place; and
#Require, by signed contract, that service providers review the University's Program and report any red flags to the program administrator.  


4. Drinking games, including but not limited to beer pong, and the use of devices intended to accelerate the consumption of alcohol, including but not limited to funnels or beer bongs, are prohibited.
==== Program Updates ====
The program administrator shall review and update this Program at least annually to reflect changes in risks to individuals and the University from identity theft. In doing so, the program administrator shall consider the University's experiences with identity theft situations, changes in identity theft methods, changes in identity theft detection and prevention methods, and changes in the University's business arrangements with other entities.


5. Any participant who consumes alcoholic beverages at such events must be able to produce a valid driver’s license or other photo ID that reflects the person’s age upon request.
== Additional References ==
This Program incorporates by reference the following policies and procedures:


6. Consumption of alcoholic beverages is prohibited on any other part of the campus or on public streets that run through or are adjacent to the campus.
#[http://policy.appstate.edu/Use_of_Computers_and_Data_Communications Policy on the Use of Computers and Data Communication]
#[http://www.nss.appstate.edu/standards/open-servers-vlan-policy Computer Systems Security Policy]
#[http://policy.appstate.edu/Remote_Access_Policy Remote Access Policy]
#[http://policy.appstate.edu/Trusted_Access_Policy Trusted Access Policy]
#[http://policy.appstate.edu/Network_Risk_Assessment_Policy Network Risk Assessment Policy]
#[http://policy.appstate.edu/Virtual_Private_Network_(VPN)_Policy Virtual Private Network (VPN) Policy]
#[http://policy.appstate.edu/Wireless_Networking_Policy_and_Process Wireless Networking Policy]
#[http://policy.appstate.edu/Wireless_Networking_Policy_and_Process Wireless to Trusted Network Policy]
#[http://policy.appstate.edu/Statement_of_Confidentiality Statement of Confidentiality]


7. Alcohol consumption will not be permitted in any area during or after the event.
== Authority ==


8. Consumption of alcoholic beverages may begin no more than three and half (3 ½) hours before the starting time of the event. Consumption of alcoholic beverages after commencement of the event is prohibited.
16 CFR Part 681
 
'''Sanctions'''
Fair and Accurate Credit Transactions Act of 2003, Public Law 108-159
 
Individuals who fail or refuse to comply with the requirements of this policy may be subject to legal sanctions and/or University discipline, as appropriate.
 
'''References''':
 
North Carolina General Statutes, §§ 18B 101, et.seq., § 95-25.5(j)(2)
North Carolina Administrative Code, Chapter 4, § 02S.0205
Town of Boone, NC Code of Ordinances, Title XII: General Offenses, Chapter 130, § 130.15; § 130.16, § 130.17, § 130.18, and § 130.99.
 
== Additional References ==
 
== Authority ==


North Carolina General Statutes, Chapter 75, Article 2A


== Contact Information ==
== Contact Information ==




== Effective Date ==
== Original Effective Date ==
July 16, 2009


== Revision Dates ==
== Revision Dates ==
:November 5, 2021 - previously policy 105.5
[[Category:Contents]]
[[Category:Governance and Administration]]
[[Category:Records]]

Revision as of 17:24, 3 March 2023

Policy 105.3

Introduction

Program Adoption

1.1.1 As a best practice and using as a guide the Federal Trade Commission's Red Flags Rule (16 CFR Part 681, implementing Section 114 of the Fair and Accurate Credit Transactions Act of 2003, Public Law 108-159) and North Carolina General Statutes, Chapter 75, Article 2A, Appalachian State University (the "University") has developed an Identity Theft Prevention Program (the "Program") described below. This Program was developed with oversight and approval of the Board of Trustees of Appalachian State University (the "Board"). After consideration of the size and complexity of the Universitys operations and account systems, and the nature and scope of the Universitys activities, the Board determined that this Program was appropriate for the University, and approved it on September 24, 2010 (the "Effective Date"). The purpose of this Program is to detect, prevent and mitigate identity theft in connection with any covered account. This Program envisions the implementation of policies and procedures subject to the Chancellor's approval in order to achieve these goals.

Scope

2.1 All University personnel whose employment duties require or allow access to identifying information of other employees or students are responsible for implementing this Program.

Definitions

"Covered Account"

Any account that constitutes a continuing financial relationship or is designed to permit multiple payments or transactions between the University and a person for a service, such as extension of credit, debit cards, Perkins Loans, Federal Family Education Loan Program (FFELP), institutional loans, accounts covered by the Health Insurance Portability and Accountability Act (HIPAA), deposit accounts, scholarship accounts, student accounts, and tuition payment plans.
Any other account that the University offers or maintains for which there is a reasonably foreseeable risk to holders of the account or to the University from identity theft, such as use of consumer reports for employee background checks, credit applications and institutional debit card applications. This may include operations of utilities (e.g., New River Light & Power Company), clinical and research activities, and public service activities.

Identifying Information

Means any name or number that may be used, alone or in conjunction with any other information, to identify a specific person, including, but not limited to:
  1. name
  2. address
  3. telephone number
  4. social security number
  5. date of birth
  6. government-issued driver's license or identification number
  7. alien registration number
  8. government passport number
  9. employer or taxpayer identification number
  10. individual identification number
  11. computer's Internet Protocol address
  12. bank or other financial account routing code

Identity Theft

Means a fraud committed or attempted using the identifying information of another person without authority [16 CFR 603.2(a)].

Program Administrator

Means the individual designated with primary responsibility for oversight of this Program.

Red Flag

Means a pattern, practice, alert or specific activity that indicates the possible existence of identity theft.

Service Provider

Means a person or entity that provides a service directly to the University.

Policy and Procedure Statements

Identification of Red Flags

4.1.1 In order to identify relevant red flags, the University considers the types of covered accounts it offers or maintains, the methods it provides to open its covered accounts, the methods it provides to access its covered accounts, and its previous experiences with identity theft. Red flags may be detected while implementing existing account opening and servicing procedures (example: individual identification, caller authentication, third party authorization, and address changes).

4.1.2 The University identifies the following as red flags in each of the listed categories:

  1. Notifications and warnings from consumer reporting agencies
    1. Report of fraud accompanying a credit report;
    2. Notice or report from a credit agency of a credit freeze on an applicant;
    3. Notice or report from a credit agency of an active duty alert for an applicant;
    4. Receipt of a notice of address discrepancy in response to a credit report request; and
    5. Indication from a credit report of activity that is inconsistent with an applicant's usual pattern or activity
  2. Suspicious documents
    1. Identification document or card that appears to be forged, altered or inauthentic;
    2. Identification document or card on which a person?s photograph or physical description is not consistent with the person presenting the document;
    3. Other document with information that is not consistent with existing individual information; and
    4. Application that appears to have been altered or forged.
  3. Suspicious personal identifying information
    1. Identifying information that is inconsistent with other information the individual provides (example: inconsistent birth dates);
    2. Identifying information that is inconsistent with other sources of information (example: an address not matching an address on a loan application);
    3. Identifying information that is the same as information shown on other applications that were found to be fraudulent;
    4. Identifying information that is consistent with fraudulent activity (examples: an invalid phone number or fictitious billing address);
    5. Social security number that is the same as one given by another individual;
    6. An address or phone number that is the same as that of another person;
    7. A person fails to provide complete personal identifying information on an application when reminded to do so; and
    8. A person's identifying information is not consistent with the information that is on file for the individual.
  4. Suspicious covered account activity
    1. Change of address for an account followed by a request to change the individual's name;
    2. Payments stop on an otherwise consistently up-to-date account;
    3. Account used in a way that is not consistent with prior use;
    4. Mail sent to the individual is repeatedly returned as undeliverable;
    5. Notice to the University that an individual is not receiving mail sent by the University;
    6. Notice to the University that an account has unauthorized activity;
    7. Breach in the University's computer system security; and
    8. Unauthorized access to or use of individual account information.
  5. Alerts from others
    1. Notice to the University from an identity theft victim, law enforcement officer or other person that the University has opened or is maintaining a fraudulent account for a person engaged in identity theft.

Detection of Red Flags

Student Enrollment

4.2.1.1 In order to detect any of the red flags identified above associated with the enrollment of a student, University personnel shall take the following steps to obtain and verify the identity of the person opening the account:

  1. Require certain identifying information such as name, date of birth, academic records, home address or other identification; and
  2. Verify the individual's identity at time of issuance of individual

4.2.1.2 Identification card (example: review of driver's license or other government-issued photo identification).

New Customers or Clients

4.2.2.1 In order to detect any of the red flags identified above associated with service to a new customer or client, University personnel shall take the following steps to obtain and verify the identity of the person opening the account:

  1. Require certain identifying information such as name, date of birth, academic records, home address or other identification; and
  2. Verify the individual's identity at time of issuance of individual

4.2.2.2 Identification card (example: review of driver's license or other government-issued photo identification).

Existing Accounts

4.2.3.1 In order to detect any of the red flags identified above for an existing covered account, University personnel shall take the following steps to monitor transactions on an account:

  1. Verify the identification of individuals if they request information (in person, via telephone, via facsimile, via email);
  2. Verify the validity of requests to change billing addresses by mail or email and provide the individual a reasonable means of promptly reporting incorrect billing address changes; and
  3. Verify changes in banking information given for billing and payment purposes.

Consumer ("Credit") Report Requests

In order to detect any of the red flags identified above in regard to an employment or volunteer position for which a credit or background report is sought, University personnel shall take the following steps to assist in identifying address discrepancies:

  1. Require written verification from any applicant that the address provided by the applicant is accurate at the time the request for the credit report is made to the consumer reporting agency; and
  2. In the event that notice of an address discrepancy is received, verify that the credit or background report pertains to the applicant for whom the requested report was made and report to the consumer reporting agency an address for the applicant that the University has reasonably confirmed is accurate.

Response to Red Flags

4.3.1 Once potentially fraudulent activity is detected, an employee must act promptly to protect individuals and the University from damages and loss. At a minimum, the employee must gather all related documentation, write a description of the situation, and present this information to the program administrator.

4.3.2 The program administrator will complete additional investigation if necessary to determine whether the attempted transaction was fraudulent or authentic.

4.3.3 If a transaction is determined to be fraudulent, appropriate actions must be taken immediately. Actions may include (1) canceling the transaction; (2) notifying and cooperating with appropriate law enforcement personnel; (3) determining the extent of liability of the University; and (4) notifying the individual upon whom fraud has been attempted or whose identifying information has been subjected to a security breach.

Prevention and Mitigation of Identity Theft

In the event University personnel detect any identified red flags, such personnel shall take one or more of the following steps to prevent and mitigate identity theft, depending on their determination of the degree of risk posed by the red flag:

  1. Continue to monitor a covered account for evidence of identity theft;
  2. Contact the individual or applicant (for whom a credit or background report was run);
  3. Change any passwords or other security devices that permit access to covered accounts;
  4. Refuse to open a new covered account;
  5. Provide the individual with a new individual identification number;
  6. Notify the program administrator for determination of the appropriate step(s) to take;
  7. Notify appropriate law enforcement personnel;
  8. File or assist in filing a Suspicious Activity Report ("SAR") with the Financial Crimes Enforcement Network, United States Department of the Treasury; and/or
  9. Determine that no response is warranted under the particular circumstances.

Protect Identifying Information

In order to further prevent the likelihood of identity theft occurring with respect to covered accounts, the University will take the following steps to protect individual identifying information:

  1. Ensure that its website is secure or provide clear notice that the website is not secure;
  2. Ensure complete and secure destruction of paper documents and computer files containing individual account information when a decision has been made to no longer maintain such information;
  3. Ensure that office computers with access to covered account information are password protected;
  4. Ensure that laptops are password protected and encrypted;
  5. Avoid use of social security numbers;
  6. Ensure the security of the physical facility that contains covered account information;
  7. Ensure that transmission of information is limited and encrypted when necessary;
  8. Ensure computer virus protection is up to date; and
  9. Require and keep only the kinds of individual identifying information that is necessary for University purposes.

Additional Identity Theft Prevention Measures

Hard Copy Distribution

Each employee and contractor performing work for the University will comply with the following procedures:

  1. File cabinets, desk drawers, overhead cabinets, and any other storage space containing documents with identifying information will be locked when not in use.
  2. Storage rooms containing documents with identifying information and record retention areas will be locked at the end of each workday or when unsupervised.
  3. Desk workstations, work areas, printers and fax machines, and common shared work areas will be cleared of all documents containing identifying information when not in use.
  4. Whiteboards, dry-erase boards, writing tablets, and other writing surfaces in common shared work areas will be erased, removed, or shredded when not in use.
  5. When documents containing identifying information are discarded, they will be placed inside a locked shred bin or immediately shredded using a mechanical cross cut or Department of Defense-approved shredding device. Locked shred bins are labeled "Confidential paper shredding and recycling."

Program Administration

Oversight

The responsibility for developing, implementing and updating this Program lies with the program administrator designated by the Chancellor. The program administrator shall be responsible for ensuring appropriate training of University staff on the Program, for reviewing any staff reports regarding the detection of red flags and the steps for preventing and mitigating identity theft, determining which steps of prevention and mitigation should be taken in particular circumstances and considering periodic changes to the Program.

Staff Training

University employees responsible for implementing the Program shall be trained under the direction of the program administrator in the detection of red flags and the responsive steps to be taken when a red flag is detected.

Reports

Appropriate staff shall report to the program administrator at least annually on compliance with this Program. The report shall address matters such as the effectiveness of the policies and procedures of the University in addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts; service provider arrangements; significant incidents involving identity theft and the University's response; and recommendations for material changes to the Program.

Service Provider Arrangements

In the event the University engages a service provider to perform an activity in connection with one or more covered accounts, the University will take the following steps to ensure the service provider performs its obligations in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft, including the following:

  1. Require, by signed contract, that service providers have such policies and procedures in place; and
  2. Require, by signed contract, that service providers review the University's Program and report any red flags to the program administrator.

Program Updates

The program administrator shall review and update this Program at least annually to reflect changes in risks to individuals and the University from identity theft. In doing so, the program administrator shall consider the University's experiences with identity theft situations, changes in identity theft methods, changes in identity theft detection and prevention methods, and changes in the University's business arrangements with other entities.

Additional References

This Program incorporates by reference the following policies and procedures:

  1. Policy on the Use of Computers and Data Communication
  2. Computer Systems Security Policy
  3. Remote Access Policy
  4. Trusted Access Policy
  5. Network Risk Assessment Policy
  6. Virtual Private Network (VPN) Policy
  7. Wireless Networking Policy
  8. Wireless to Trusted Network Policy
  9. Statement of Confidentiality

Authority

16 CFR Part 681

Fair and Accurate Credit Transactions Act of 2003, Public Law 108-159

North Carolina General Statutes, Chapter 75, Article 2A

Contact Information

Original Effective Date

Revision Dates

November 5, 2021 - previously policy 105.5
Retrieved from "https://policy.appstate.edu/index.php?title=Alcohol_at_University_Events&oldid=12752"