Gaining a Better Understanding of FACTA

Posted May 06, 2011 by Lynn Brown

The Fair and Accurate Credit Transaction Act, 2003 (FACTA) was enacted in the United States in 2003, with specific rules pertaining to document destruction becoming enforceable in 2005. Even though the legislation has been in place for many years, how much do you really know about FACTA and what constitutes compliance? 
 
What is FACTA?

FACTA added new sections to the existing Fair Credit Reporting Act. FACTA is intended to protect consumers from the crime of identity theft by providing consumers, companies, consumer reporting agencies and regulators with new tools to expand consumer access to credit and enhance the accuracy of consumer financial information.
 
Who is impacted?

FACTA applies to any person or company that “maintains or otherwise possesses consumer information or any compilation of consumer information, derived from consumer reports for a business purpose.” Examples of such companies include:
 
  • Consumer reporting agencies
  • Resellers of consumer reports
  • Lenders
  • Insurers
  • Employers
  • Landlords
  • Government agencies
  • Mortgage brokers
  • Automobile dealers
  • Waste disposal companies
     
How does compliance affect document shredding?

With the intention of reducing the risk of identity theft, FACTA includes a specific rule regarding the paper disposal of consumer report information and records. Effective June 1, 2005, FACTA states:
“Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.”
The rule goes on to provide examples of how a consumer record, whether in paper, electronic or other form, can be disposed of in a compliant manner. One such example is regularly scheduled document shredding and/or a contract with a third party who can properly dispose of consumer records. 
 
What are the penalties associated with FACTA?

FACTA outlines the penalties for non-compliance in Section 616:
 
“616. Civil liability for willful noncompliance – (a) In general. Any person who willfully fails to comply with any requirement imposed under this subchapter with respect to any consumer is liable to that consumer in an amount equal to the sum of (1) (A) any actual damages sustained by the consumer as a result of the failure or damages of not less than $100 and not more than $1,000; or (B) in the case of liability of a natural person for obtaining a consumer report under false pretenses or knowingly without a permissible purpose, actual damages sustained by the consumer as a result of the failure or $1,000, whichever is greater; (2) such amount of punitive damages as the court may allow; and (3) in the case of any successful action to enforce any liability under this section, the costs of the action together with reasonable attorney’s fees as determined by the court.”
As you can see, the punishment for organizations that have intentionally violated the provisions of FACTA can be quite severe, and include reimbursement of the actual damages sustained to each individual as a result of the violation, plus additional court determined punitive damages and attorney fees.
 
Steps you can take as a business

One step you can take to improve FACTA compliance is to shred any documents containing consumer information. FACTA outlines that document destruction is considered an appropriate safeguard to protect confidential information from intentional or unintentional disclosure.
 
To ensure your information remains secure you should choose a document shredding provider that can help you assess your document handling procedures and implement secure destruction practices. 


 
 
 

We're Here to Help:

Shred-it has the expertise in information security and a wealth of free resources to help you protect your business and stay up to date with changing privacy laws.

Protect your reputation.

Fines, reputation damage and loss of sales could cost your business millions. Find out how

Review your document destruction process

40% of small business owners have no protocols in place for securing data - does your company? Learn more

Start a shred-all policy.

Training your employees can help them steer clear of security breaches. Get Started

Stay Informed with Shred-it

Keep up with Shred-it and receive regular communication on security and destruction related issues.

Call Now 888.750.6450

About Shred-it
Shred-it specializes in providing tailored document destruction services that allow businesses to comply with legislation and ensure that the client, employee and confidential business information is kept secure at all times. Through our strict chain-of-custody processes, reliable on-time service and a global network of local service centers, Shred-it provides the most secure and efficient confidential information destruction service in the industry.

Shred-it is a wholly-owned subsidiary of Stericycle, Inc.

100% NAID Certified

100% NAID Certified
North American Shred-it locations are NAID Certified for mobile document destruction, adhering to the stringent security practices and procedures established by the National Association for Information Destruction.