If you handle consumer information in any way, you are subject to Fair and Accurate Credit Transactions Act of 2003 (FACTA). This act was created as an amendment to the Fair Credit Reporting Act (FCRA) to set forth provisions intended to protect consumers from identity theft. The amendment sets forth requirements for the safeguarding of certain information and FACTA compliant destruction when the data is no longer needed.
What is FACTA?
FACTA, which stands for Fair and Accurate Credit Transactions Act, is a U.S. federal law designed to help prevent identity theft and consumer fraud. Enacted in 2003, it is an amendment to the Fair Credit Reporting Act and has a set of rules that dictate how businesses should handle and dispose of consumer information. One critical part of FACTA is its Disposal Rule, which mandates that businesses must take appropriate measures to dispose of sensitive information derived from consumer reports, including shredding, burning, or pulverizing documents, to protect against unauthorized access or use.
FACTA and Your Business
One of the ways FACTA protects consumers is by the FACTA Disposal Rule: requiring the secure disposal of any records that contain identifying consumer information or that could be used to identify individuals. This information, referred to as “personally identifiable information” (PII) might include:
- Email addresses
- Physical addresses
- Social security numbers
- Driver’s license numbers
The law states that “reasonable measures” must be taken to dispose of this information. Typically, shredding, burning, or otherwise destroying records with this information is sufficient to comply with FACTA’s disposal rule.
While most of the regulations under FACTA mainly concern financial institutions and consumer reporting agencies, the disposal rule applies to anyone who handles consumer information, so making sure you have a plan for secure document destruction is key to preventing liability issues.
How to Ensure FACTA Compliance?
Ensuring FACTA compliance requires following the specific set of rules outlined in the act. Here are some crucial steps:
- Understand what constitutes as sensitive information: This includes any data derived from consumer reports such as credit reports, credit scores, or any other information that could lead to identity theft if mishandled.
- Establish a secure document destruction process: Utilize secure methods of document destruction, such as cross-cut shredding, burning, or pulverization. These methods render the information unreadable and irreparable.
- Train employees: Staff handling sensitive data should be adequately trained on the disposal requirements stipulated by FACTA. Regular training can ensure that everyone understands their role in maintaining compliance.
- Contract with a reliable document destruction service: Professional document destruction companies can help you ensure your business is FACTA compliant. Look for a service that offers secure document destruction and provides certificates of destruction to confirm the secure disposal of your documents.
- Regular audits and reviews: Regularly review your disposal procedures and perform audits to ensure compliance. This includes assessing the performance of third-party service providers you may be using for document destruction.
Remember, compliance isn’t a one-time event but an ongoing process. Staying up-to-date with the latest updates to the FACTA law and continuously evaluating your procedures can help keep your business compliant and secure.
Need FACTA-Compliant Shredding and Disposal?
At Armstrong Archives, we provide secure document shredding services for paper files, hard drives, computer tapes, CDs, and other media. We are fully compliant with FACTA in that we take every reasonable measure possible to make sure your documents are fully protected throughout the disposal and destruction process. Some of the methods we use to ensure security include:
- Locked destruction bins and consoles which we empty out as needed
- Discreet retrieval and transport of documents
- Destruction of documents in a facility surveilled by cameras
- Thorough, professional shredding of all media types
- Up-to-date technology
Why worry with the hassle and liability of handling document destruction yourself? The find for failing to properly dispose of PII is up to $2,500 per file! For more information on the benefits of third party secure document destruction, contact Armstrong Archives today.
Posted By: Sherri Taylor – President/Managing Partner
Sherri Taylor is the Managing Partner and President of Armstrong Archives, one of the largest independent records and information management companies in the Dallas/Ft Worth area.