Staying in Compliance With the FACTA Disposal Rule and FCRA
There are a pair of rules you need to keep in mind when it comes to credit reporting and the disposal of any customer data that you use. These are:
- The Fair Credit Reporting Act (FCRA)
- The Fair and Accurate Credit Transactions Act of 2003 (FACTA)
The two laws were designed to work together. The FCRA is a federal law that gives individuals and consumers the right to look at their own files maintained by any company that does consumer reporting (including agencies and their partners).
FACTA served to amend the FCRA in a variety of ways, creating further explanations for things like disclosure of information and disposal of data. FACTA also sets new standards about what can be included in a consumer report and modifies, in part, the process by which consumer disputes are handled – which is an important part of the record that must be kept.
Current Disposal Requirements under the Code of Federal Regulations
FACTA has been edited and adjusted since its passing in 2003, so we’ve put together a roundup of current requirements that keep FACTA, FCRA, and the current Electronic Code of Federal Regulations.
Here’s what you need to know about the proper disposal of consumer information.
- Current standard: Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
- This includes reasonable protections against unauthorized access while you store and keep the information as well as when you dispose of it.
- For disposal purposes, it is recommended to find a partner who certifies destruction and provides a complete audit of the process to show that data was not accessed during or after destruction.
- Implementing and monitoring compliance with policies and procedures require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed.
- Implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media containing consumer information so that the information cannot practicably be read or reconstructed.
- After due diligence, entering into and monitoring compliance with a contract with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with this rule.
- Due diligence may include reviewing an independent audit of the disposal company’s operations and/or its compliance with this rule, obtaining information about the disposal company from several references or other reliable sources, requiring that the disposal company be certified by a recognized trade association or similar third party, reviewing and evaluating the disposal company’s information security policies or procedures, or taking other appropriate measures to determine the competency and integrity of the potential disposal company.
- For persons subject to the Gramm-Leach-Bliley Act,, and the Federal Trade Commission’s Standards for Safeguarding Customer Information, 16 CFR part 314 (“Safeguards Rule”), incorporating the proper disposal of consumer information as required by this rule into the information security program required by the Safeguards Rule.
How Securis Can Help
Securis is here to completely destroy all of your data safely, securely, and effectively. You risk no loss or theft of data, because we keep your business secure in every aspect of data destruction.
We’re also fully compliant with FCRA, FACTA, eCFR, and many other federal regulations. We’ll help you properly destroy your data with a reliable service that has a complete audit trail and ensures your information is secure.
We keep all of our partners on the right side of the law so they avoid penalties that come with violating a wide range of regulations and Acts.
Learn more and see how much you can save by working with Securis with a free quote here.