Federal Trade Commission Disposal RuleThis rule defines the destruction of data process for most financial data
FTC Disposal Rule
The consumer information disposal rule is yet another piece of legislation guiding the proper handling of your personal information. The data here is from the Federal Trade commission, a link to the site is at the bottom of this page. This rule applies to the FACTA (Fair and Accurate Credit Transactions Act) disposal guideline as well as the a href=”https://erecycler.net/Gramm-Leach-Bailey Act/” target=”_blank”>Gramm-Leach-Bailey Act disposal guideline. Erecycler knows the Facta rules and can help get your company into compliance, contact us today.
In an effort to protect the privacy of consumer information and reduce the risk of fraud and identity theft, a federal rule is requires businesses to take appropriate measures to dispose of sensitive information derived from consumer reports.
Any business or individual who uses a consumer report for a business purpose is subject to the requirements of the Disposal Rule. The Rule requires the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” The Federal Trade Commission, the nation’s consumer protection agency, enforces the Disposal Rule.
According to the FTC, the standard for the proper disposal of information derived from a consumer report is flexible, and allows the organizations and individuals covered by the Rule to determine what measures are reasonable based on the sensitivity of the information, the costs and benefits of different disposal methods, and changes in technology.
Although the Disposal Rule applies to consumer reports and the information derived from consumer reports, the FTC encourages those who dispose of any records containing a consumer’s personal or financial information to take similar protective measures.
What information does the Disposal Rule cover?
The Disposal Rule applies to consumer reports or information derived from consumer reports. The Fair Credit Reporting Act defines the term consumer report to include information obtained from a consumer reporting company that is used – or expected to be used – in establishing a consumer’s eligibility for credit, employment, or insurance, among other purposes. Credit reports and credit scores are consumer reports. So are reports businesses or individuals receive with information relating to employment background, check writing history, insurance claims, residential or tenant history, or medical history.
Who must comply?
The Disposal Rule applies to people and both large and small organizations that use consumer reports. Among those who must comply with the Rule are:
- Consumer reporting companies
- Government agencies
- Mortgage brokers
- Automobile dealers
- Attorneys or private investigators
- Debt collectors
- Individuals who obtain a credit report on prospective nannies, contractors, or tenants
- Entities that maintain information in consumer reports as part of their role as service providers to other organizations covered by the Rule
What is “proper” disposal?
The Disposal Rule requires disposal practices that are reasonable and appropriate to prevent the unauthorized access to – or use of – information in a consumer report. For example, reasonable measures for disposing of consumer report information could include establishing and complying with policies to:
- burn, pulverize, or shred papers containing consumer report information so that the information cannot be read or reconstructed;
- destroy or erase electronic files or media containing consumer report information so that the information cannot be read or reconstructed;
- conduct due diligence and hire a document destruction contractor to dispose of material specifically identified as consumer report information consistent with the Rule. Due diligence could include:
- reviewing an independent audit of a disposal company’s operations and/or its compliance with the Rule;
- obtaining information about the disposal company from several references;
- requiring that the disposal company be certified by a recognized trade association;
- reviewing and evaluating the disposal company’s information security policies or procedures.
The FTC says that financial institutions that are subject to both the Disposal Rule and the Gramm-Leach-Bliley (GLB) Safeguards Rule should incorporate practices dealing with the proper disposal of consumer information into the information security program that the Safeguards Rule requires (http://ftc.gov/privacy/privacyinitiatives/safeguards.html).
The Fair and Accurate Credit Transactions Act, which was enacted in 2003, directed the FTC, the Federal Reserve Board, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, the National Credit Union Administration, and the Securities and Exchange Commission to adopt comparable and consistent rules regarding the disposal of sensitive consumer report information. The FTC’s Disposal Rule became effective June 1, 2005. It was published in the Federal Register on November 24, 2004 [69 Fed. Reg. 68,690], and is available at http://www.ftc.gov/os/2004/11/041118disposalfrn.pdf.
In Your Office Data Destruction
We will come to your location with our portable equipment and destroy your hard drives and record your serial numbers. Documentation and certificates of destruction are included. We can also degauss your back up tapes onsite and pick up your computers for recycling while we are there.
Get A Quote
Our in House ShredderIn our Dallas facility we have enormous shredder capable of shredding approximately 2000 hard drives per hour; with the end result being many twisted and mangled bits of scrap metal that will be further recycled. Information destroyed in this way is absolutely unrecoverable. We offer this particular service for clientele in need of high volume destruction.
Get a Quote