Go to Content

January 20, 2022

The FACTA Disposal Rule: How to Ensure Compliance

As most business owners are aware, identity theft and fraud are a huge problem in the U.S., affecting millions of consumers every year. This number continues to grow as thieves find new ways to take over accounts, obtain credit card information, and generate fake IDs.

As a business owner, you know that safeguarding the confidential data you obtain from your customers is paramount to protect their identities and shield them from fraud. There are other benefits of protecting consumer information, including maintaining the reputation you’ve worked hard to build, and of course, avoiding fines that come with violating the Fair and Accurate Credit Transactions Act (FACTA).

What is the FACTA Disposal Rule?

FACTA is an amendment to the Fair Credit Reporting Act. This amendment expanded consumer access to credit reports, giving them a right to obtain a free copy of their credit report every year. The act also enables consumers to get information about how their scores are calculated, and place fraud alerts on their credit files.

FACTA also requires businesses to limit the risk of identity theft by protecting the sensitive information of individuals. In 2005, the act was expanded to include the Disposal Rule, which requires businesses to take “reasonable measures” to protect consumer information from unauthorized access.

This includes destroying sensitive consumer information once it is no longer necessary to hold onto it. This rule was put in place to help reduce the risk of identity theft as a result of improperly discarded business records.

FACTA - HIPAA Compliance
FACTA Compliance

Who needs to comply with the Disposal Rule?

The FACTA Disposal Rule applies to almost every business that exists, including private employers. It covers any company or individual who uses consumer reports for business purposes.

Businesses that fall under that umbrella can include:

  • Consumer reporting companies
  • Insurance companies
  • Landlords
  • Government agencies
  • Attorneys
  • Debt Collectors
  • Lenders

What are the penalties for non-compliance?

There are several different outcomes and penalties that result from failure to comply with the Disposal Rule. Noncompliance can result in penalties that range from thousands of dollars on the state and federal level to millions or even billions in the case of a class action lawsuit.


How to Make Sure You Comply with FACTA

The best way to make sure you stay in compliance with the Disposal Rule is to have a secure document disposal policy that you and your employees stick to. Note how your company will track material before, during, and after destruction, and make sure the plan covers electronic media, like hard drives and USB drives. Train staff on their role in the secure disposal process: your employees should know what the legislation covers and what their responsibilities are. And perhaps most importantly, consider using a professional shredding company to dispose of all of your consumer data.

The Disposal Rule states that burning, pulverizing, or shredding are all acceptable ways to destroy consumer information. Security experts will recommend shredding as a way to ensure that the information is completely destroyed, but know that most office shredders aren’t up to this task. These shredding machines create strips of paper that can easily be reassembled by an industrious data thief. A professional shredding company will have equipment that will turn your papers into tiny, confetti-like pieces that can’t be put back together.

Get Regular Document Destruction from PROSHRED® San Diego

If you decide to contract a shredding company to help you stay in compliance with FACTA, it’s important to ensure that they have the capability to meet FACTA requirements. Companies that are NAID AAA certified not only follow the best practices for document destruction, but also comply with any and all known data protection laws.

At PROSHRED® San Diego, we have NAID AAA certification, which means you will have third-party assurance that your information is being securely handled throughout the destruction process. In addition to helping ensure your business is in compliance with the FACTA Disposal Rule, we can provide mobile shredding services and hard drive destruction services for your convenience. Setting up a recurring shredding service is the best way to protect your customers and your business—give us a call today to set up an appointment!

Mobile Document Shredding

Cookie Policy

We use cookies and other tracking technologies to ensure you get the best experience on our website, assist with navigation, analyze your use of our services, and assist with our promotional and marketing efforts. If you continue without changing your browser settings, you are providing consent to our Cookie Policy. Click here to learn more about our privacy policy.