FACTA
The Fair and Accurate Credit Transactions Act, known as FACTA, is a consumer rights bill designed to protect consumers' private information and prevent identity theft. It was published on November 24, 2004 in the Federal Register and became effective June 1, 2005. Full PDF
Why is FACTA Important to Your Business?
All companies that collect any private information about its consumers or use credit cards to sell goods and services are required to adhere to FACTA requirements. FACTA requires all businesses, regardless of size and industry, to properly protect personal information and dispose it in a safe and secure manner. This is to protect customers, as well as employees.
FACTA aims to protect consumers, employees and employers alike from identity theft. As identity theft is considered the fastest growing crime in the country, this bill seeks to enforce the proper disposal of confidential consumer and employee information.
Not only does FACTA require the proper disposal of information, it requires companies and organizations (anyone taking private information) to be able to demonstrate that they have a proper information protection and disposal plan in place.
Proper Disposal Techniques (paper)
- Shredding
- Burning
- Pulverizing
Proper Disposal techniques (computers/hard drives)
- Secure Erase
- Shredding
- Disintegration
Penalties for Non-Compliance
Your business can be liable, should a customer' identity be stolen!
If your business is found to be non-compliant with FACTA rules and regulations, you could be subject to severe fines, penalties and civil lawsuits.
State Fines: Up to $1,000 per violation
Federal Fines: Up to $2,500 per violation
Civil Liability: If Identities are stolen or lost due to lack of protective procedures and actual damages are sustained as a result of corporate inaction. Statutory damages are up to $1,000 per employee.
Class-Action Lawsuits: If a large number of employees or customers are affected, a class-action suit may evolve against the organization suspected of improper disposal procedures.
Loss of Customers: According to a recent study*, 19 percent of customers said they would terminate their relationship with any company that encounters a data breach. An additional 40 percent said they would strongly consider terminating their relationship with the company.
*Cost of Data Breach, Ponemon Institute, LLC
What To Shred?
Documents:
Information that should be destroyed includes:
- Names and Addresses (when they appear together)
- Social Security Numbers
- Credit Card Information
- Finance Statements
- Any Data Compiled From the Above Information
Electronic Media:
Digital storage devices such as Hard drives, zip disks, floppy disks, CDs and DVD's are also subject to the above FACTA regulations. Upon disposal, these digital storage mediums must either be completely destroyed or the content must be completely erased.
*NOTE* Simply selecting the delete function on your computer system will NOT completely remove the file.
Outsourcing Destruction Tips
Make sure your outsource company complies with FACTA. They must take the proper steps to properly dispose consumer information. A business is still liable to insure the data has been properly destroyed and must prove they partner with a compliant destruction agent. When selecting and outsource company, consider the following:
- Be sure the service provider is aware you are giving them materials that contain confidential information.
- Obtain information about the disposal company from several references.
- Enter a contract that ensures the service provider complies with FACTA policies and is certified by a recognized trade association or similar third party.
- Make sure you are aware of the process the service provider takes to guarantee your documents and data is properly destroyed.
- Make sure the company provides you with Certificates of Destruction –for each transaction—as proof that your materials have been securely destroyed.
- Monitor your provider's compliance with FACTA on an ongoing basis.