January 10, 2022
What to Know About FACTA Compliance for Your Business
Identity theft is a big problem in the United States. Around 1 in 20 Americans are affected by this crime every year, with an estimated $17 billion in losses. With fraud-related crimes on the rise, the government and other regulatory agencies have worked to put additional measures in place to ensure that businesses across the country remain vigilant when it comes to protecting their client’s private information.
One such regulation is the Fair and Accurate Credit Transactions Act (FACTA) which was a vital step in the fight against fraud and theft. So what does this mean for your company? Let’s take a look.
What is FACTA?
FACTA is an amendment to the Fair Credit Reporting Act (FCRA) that requires organizations to follow specific procedures to limit the risk of customers’ data falling into the wrong hands. This act was passed in 2003 and allows individuals to request a free copy of their credit report directly from credit reporting agencies once per year. Notably, it also enables you to place fraud alerts on accounts you did not open.
Though less visible to the average consumer, FACTA also included a number of new rules for businesses and financial institutions such as allowing law enforcement agencies to take action against any violations of the “Red Flag Rules.” Red Flag Rules require creditors and financial institutions to implement identity theft prevention and protection programs which involve collecting sensitive information to verify the identity of the consumer before any changes to their account are made. However, this means that organizations must keep vast amounts of private data on hand and once that information is no longer useful, it must be securely disposed of.
What is FACTA’s Disposal Rule?
When it comes time to get rid of all of that confidential information that has been collected from your clients, it is crucial that you follow the guidelines laid out by FACTA’s disposal rule. This is one of the most important parts of the act, requiring businesses of all types to destroy their consumer’s sensitive information as securely as possible to prevent data breaches and theft.
Specifically, the FACTA disposal rule requires companies to take “reasonable measures” to protect against unauthorized access or use of consumer information. Burning, pulverizing, and shredding are all considered reasonable measures under this rule. Overall, the guidelines are somewhat flexible, allowing each organization to choose which measures are “reasonable” including outsourcing the disposal to a mobile shredding company.
Who Needs to Comply with FACTA?
Whereas many other privacy laws are industry-specific, FACTA applies to nearly all businesses in the country. If your company uses consumer information for business purposes, you are subject to FACTA guidelines for document disposal. This information could come in the form of medical histories, insurance claims, credit reports or scores, background checks, or employment records among other things.
To ensure that these documents are disposed of properly, it is important to work with a team of experienced shredding professionals. A regularly scheduled shredding service can help you keep up with all of your required document disposal practices and remain compliant with all types of legislation including FACTA.
What Happens if I Don’t Comply with the Disposal Rule?
The consequences of neglecting to adhere to FACTA’s disposal rule can result in federal monetary penalties of up to $2,500 per violation. However, there is the potential for state penalties of $1,00 per affected individual as well as civil or class action lawsuits. Depending on the severity of the situation and the resulting ruling, the final cost may register in the millions once attorneys’ fees and damages are factored in on top of the state and federal fees.
How Can I Ensure FACTA Compliance?
FACTA compliance goes beyond just paper files. More and more company data is being stored digitally, meaning that there is a risk of a data breach once your computers have reached the end of their lifespan. To avoid this, it is best to hire a hard drive disposal service to shred and recycle all of your hard drives to completely protect every aspect of your data.
At the end of the day, the only way to fully guarantee that all of the confidential information in your care has been properly protected, regardless of format, is to invest in a mobile shredding company such as Proshred® Houston. The team at Proshred® has the equipment and the knowledge to ensure that all of your document disposal practices adhere to all rules and regulations, whether it’s FACTA, HIPAA, or local legislation.
With our ISO 9001 and NAID AAA certifications, you can rest easy knowing that you will never have to worry about compliance issues regarding your information disposal processes again. Contact Proshred® Houston today to get started!