|
|
|
Are there laws that say I have
to protect discarded information?
What is FACTA?
Does FACTA apply to me?
What does FACTA require me to do?
What does "reasonable measures" mean?
When does FACTA take effect?
Are there penalties if I don't comply?
How do I satisfy my obligations to protect discarded consumer
information under FACTA?
What does "due diligence" mean?
Can ShredAssured help me meet these requirements?
What do I need to do? |
|
|
|
•
Are there laws that say I have to protect discarded
information? |
Yes. The Federal Privacy Act, the Health
Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley
Act all mandate that businesses establish procedures ensuring the protection
of discarded information.
In addition, The Federal Trade Commission issued a new consumer information
disposal rule, FACTA, on November 18, 2004.
|
|
return to top |
|
|
•
What is FACTA? |
FACTA, or Fact Act, is the Fair and Accurate
Credit Transaction Act, a federal law designed to reduce the risk of consumer
fraud and identity theft created by improper disposal of consumer information.
|
|
return to top |
|
|
•
Does FACTA apply to me? |
The FACTA Disposal Rule applies to every
individual and business over which the Federal Trade Commission has jurisdiction
that, for a business purpose, maintains or otherwise possesses consumer
information. The rule will apply to virtually every person and business
in the United States.
|
|
return to top |
|
|
•
What does FACTA require me to do? |
FACTA states that every person and/or business
“must properly dispose of such information by taking reasonable measures
to protect against unauthorized access to or use of the information in
connection with its disposal.”
|
|
return to top |
|
|
•
What does "reasonable measures" mean? |
|
The FTC defines reasonable measures as
“burning, pulverizing, or shredding of papers containing consumer information.”
|
|
return to top |
|
|
•
When does FACTA take effect? |
FACTA goes into effect on June 1, 2005.
|
|
return to top |
|
|
•
Are there penalties if I don't comply? |
|
Yes. Potentially severe penalties await
violators:
- Civil Liability: Consumers may be entitled to recover
their actual damages sustained as a result of a violation which, in
the case of identity theft, could be very large. Consumers also may
be able to recover statutory damages of up to $1,000 for each consumer
affected by a violation.
- Class Action: Where large numbers of consumers are
affected, they may be able to bring class actions seeking potentially
massive statutory damages. In addition, a successful plaintiff, or class
of plaintiffs may recover reasonable attorneys’ fees.
- Federal Enforcement: The federal government is also
authorized to bring enforcement actions in federal court for violations.
In some cases, the government may bring an action for up to $2,500 in
penalties for each independent violation of the rule.
- State Enforcement: The states are also authorized
to bring actions on behalf of their residents and may recover up to
$1,000 for each willful or negligent violation. In addition, the state
may recover its attorneys’ fees if successful in such action.
|
|
return to top |
|
|
•
How do I satisfy my obligations to protect discarded
consumer information under FACTA? |
One example the FTC suggests: “that, after
due diligence, entering into a contract with another party engaged in
the business of record destruction to dispose of material, specifically
identified as consumer information, in a manner consistent with this rule.”
In short, a person or business can satisfy the rule by contracting with
a qualified record disposal company to destroy the records at issue and
monitor compliance with that contract.
|
|
return to top |
|
|
•
What does "due diligence" mean? |
|
The rule describes due diligence to include:
- Reviewing an independent audit of the disposal company’s
operations and/or its compliance with this rule;
- Obtaining information about the disposal company from
several references or other reliable sources;
- Requiring that the disposal company be certified by
a recognized trade association or similar third party;
- Reviewing and evaluating the disposal company’s information
security policies or procedures; or
- Taking other appropriate measures to determine the
competency and integrity of the potential disposal company.
|
|
return to top |
|
|
•
Can
ShredAssured help me meet these requirements? |
|
Yes. ShredAssured
can provide you with everything you need to ensure
your complete compliance with FACTA regulations. ShredAssured
will:
- Provide you with documentation that we are certified
by The National Association for Information Destruction (NAID), a recognized
trade association and the leading authority on document destruction;
- Provide you with a Service Contract including documentation
on our policies and procedures;
- Provide you with a Certificate of Destruction – establishing
your compliance with the new privacy requirements.
|
|
return to top |
|
|
•
What do I need to do? |
|
Contact the ShredAssured
FACTA specialists
at 1-800-838-3840. We can assist you in implementing a FACTA compliant document
management program that is secure, economical, and effortless. We will
provide you with free document containers, high security shredding, and
certified destruction that will ensure your compliance in every way. |
|
|
