On November 18th 2004, the Federal Trade Commission (FTC) issued a final consumer information disposal rule, FACTA,which is a Federal law designed to reduce the risk of consumer fraud and identity theft created by the improper disposal of consumer information.
The rule targets individuals or organizations of any kind who use consumer reports, including but not limited to, consumer reporting companies, lenders, insurers, employers,landlords, government agencies, mortgage brokers, car dealers, attorneys, private investigators, debt collectors and other entities that maintain or collect consumer information as part of their role as a “service provider organization.”
The rule talks to “reasonable measures” for the disposal of consumer records. It states that every person and/or business must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
FACTA Disposal Rules requires reasonable practices to prevent the unauthorized access to consumer information. This could include establishing and complying with policies to: burn, pulverize or shred papers containing consumer report information to the extent that the information cannot be read or reconstructed; destroy or erase electronic files or media containing consumer information or conduct due diligence and hire a document destruction company to dispose of such material in a manner that is consistent with the rule. Due diligence would be to make sure that company hired is certified by a recognized trade association, obtaining references and/or reviewing the companies policy and procedure for Data Destruction.
How Can Your Company Become Compliant With FACTA Rules?
We would recommend that your business consider the following:
- Maintain documented “Proof” that all documents have been shredded in in acompliant manner. For electronic media serial numbers of computers, hard drivesand the users should be documented
- Have written Policies and Procedures in place
- Make sure that you have regularly scheduled shredding to avoidaccumulation of old data.
- Conduct training sessions in regard to the proper storage and shreddingof documents
- Avoid disposal practices internally. Internal methods and the use of internalpersonnel can easily be called into question if disputes or violations occur.
- Have a specific disposal plan for electronic media i.e. tapes, disks,hard drives etc.
- You should understand that the fines for violations can run into the thousands of dollars.
Written by: Frank Perrotto, Sales Manager for DP Electronic Recycling in Elkhorn, Wisconsin. DPElectronic Recycling is an e -Stewards certified and award winning recycler in the State of Wisconsin.