Go to Content

December 20, 2022

What You Need to Know About FACTA Compliance

In the world we live in today, scams, hacking, and identity theft are commonplace. As a result, not only is personal security a concern in many areas of the country, but your data is exposed every time you send a tweet, comment on social media, or purchase something online.

With 1 in 10 Americans affected by identity theft every year, and with losses exceeding $17 billion, it’s no wonder consumers have asked for stricter laws on personal data collection and encouraged entities like Google and Meta to strengthen privacy protection for users.

But protecting customers’ privacy isn’t just for large companies. Every business owner who collects personal data is required to protect clients’ sensitive information by properly storing or disposing of the records according to the FACTA Disposal Rule. Read on to learn more about FACTA compliance and how it applies to your business.

What is FACTA?

The United States Government enacted the Fair Credit Report Act (FCRA) in 1970 to promote accuracy and fairness and protect the privacy of personal information collected by credit agencies across the country. The Fair and Accurate Credit Transactions Act (FACTA), passed in 2003, is an amendment to FCRA that requires business owners to adhere to strict guidelines regarding customer data to minimize exposure to criminal elements.

FACTA allows consumers to receive one copy of their credit report for free each year from the big three credit bureaus and also places fraud alerts on accounts to protect against unauthorized use. Because identity theft has morphed into such a significant problem, financial institutions and other businesses that collect personal information now have larger caches of data stored, which are used to determine the true identity of a customer if a red flag warning (fraud alert) is triggered.

FACTA - HIPAA Compliance

What is the FACTA Disposal Rule?

The FACTA Disposal Rule requires that businesses take reasonable measures when it’s time to dispose of documents containing the personal information of clients and customers. If you are a new business owner or have been struggling to understand what “reasonable measures” are, here are a few examples.

Burning – While burning documents with sensitive data isn’t ideal in some geographic locations, business owners in rural areas can use fire pits, burn barrels, or metal cages that function as incinerators to dispose of documents. However, in office and commercial environments, burning methods that require documents to be taken off-site are often deemed less secure than onsite destruction methods such as shredding.

Pulverizing – The destruction of documents with sensitive data by crushing, chopping, and pushing through a screen into minute particles is called pulverizing. It works well with documents that might have a plastic coating on them.

Shredding – The shredding of documents is done by running the paperwork through a device that cuts the paper into small, unidentifiable strips, which are then disposed of properly. Shredding services can often be performed onsite which is an ideal form of document destruction.

Security experts recommend secure document shredding as the best way to ensure that files with sensitive data are completely destroyed. While home shredders do a good job of shredding documents, a resourceful criminal could piece the tiny strips back together to steal your personal information. A professional shredding company will have the equipment necessary to turn papers into material that closely resembles confetti and is impossible to put back together.

Who needs to comply with the disposal rule?

The FACTA Disposal Rule applies to most businesses. If you collect personal data from customers or clients, like banking information, credit card numbers, and driver and social security numbers, you must protect their information.

Some businesses that fall under FACTA’s Disposal Rule include:

  • Debt collectors
  • Lenders
  • Government agencies
  • Utility companies
  • Landlords
  • Insurance companies

If you’re unsure if your business falls within one of these categories, it’s best to reach out to your local small business administration office, which can help you with this and other business-related questions.


How can I ensure FACTA compliance?>h2>

The easiest way to comply with the FACTA law is to outsource the destruction of documents with sensitive data to professionals. If you’re in the greater Washington, D.C. area, PROSHRED® Washington D.C. offers secure mobile paper shredding and hard drive destruction services. Locally owned and operated, we help large and small businesses comply with FACTA laws to help protect the data of clients, customers, and employees.

At PROSHRED®, we have NAID AAA certification, which means you will have the third-party assurance that all sensitive data is handled correctly during destruction. In addition, we recommend setting up regular scheduled shredding services to ensure all paperwork is dealt with and destroyed properly.

As a business owner, you owe it to your customers to provide quality service and products and protect their sensitive information. Not only is it good business, but it’s also the law. So contact us today to set up an appointment!

Cookie Policy

We use cookies and other tracking technologies to ensure you get the best experience on our website, assist with navigation, analyze your use of our services, and assist with our promotional and marketing efforts. If you continue without changing your browser settings, you are providing consent to our Cookie Policy. Click here to learn more about our privacy policy.