The FACTA Disposal Rule: What Does It Mean for Your Business?

Businesses have a lot to consider when protecting their company and client data. No one wants to be subjected to identity theft due to lax data protection policies.

To better protect consumers, the Fair and Accurate Credit Transaction Act (FACTA) was established in 2003. This act provides specific rules on how personal and company data should be retained or destroyed.

The disposal rule of FACTA requires businesses to ensure that any private information related to consumers is carefully disposed of. The law applies to all businesses — no matter how small or large. As a company owner, it’s essential to ensure that you comply with FACTA to avoid fines, penalties, and very unhappy customers.

What Does the Disposal Rule Require?

Under the FACTA Disposal Rule, businesses must take measures that allow them to protect against unauthorized access to consumer data. According to the Disposal Rule, reasonable steps for disposal include burning, pulverizing, or shredding papers that contain consumer report information so that they cannot be read or reconstructed.

Any electronic files or media that contain similar information should be destroyed or erased.

Suppose your company routinely collects consumer data as part of its normal business operations. In that case, the FACTA Disposal Rule recommends exercising due diligence and hiring a document destruction contractor to destroy the information appropriately.

Deciding how best to destroy consumer information is left up to business owners, who can choose an appropriate method based on the advantages and disadvantages to their companies.

What Penalties Does FACTA Institute for Noncompliance?

Companies that don’t comply with FACTA may be subject to severe penalties, especially if their actions were egregious. Identity theft is serious, and consumers affected by a data breach resulting from negligent data destruction policies are right to be concerned when one occurs.

Identity theft victims must file a police report, contact credit bureaus, and take other actions to reclaim their identity. Sometimes, this may take months to rectify, leaving consumers in a severe bind.

In identity theft cases, consumers may file a lawsuit for actual damages and statutory damages. Identity theft can run into thousands of dollars, which can be expensive for smaller companies.

Companies subject to a class-action lawsuit may be on the receiving end of claims in the millions of dollars, depending on the extent of the data breach. In addition, they may be on the hook for punitive damages and attorneys’ fees.

The federal government may charge up to $2,500 for every violation, while certain states have penalties of up to $1,000 per infraction.

Do You Need Help Complying with FACTA?

As a business owner, it can be challenging to follow all laws that may impact your business operations. However, FACTA is one you can’t afford to avoid, especially if you regularly deal with consumer data.

Lending agencies, banks, medical offices, insurers, and car dealers are some of the companies most commonly affected by FACTA.

SEAM provides document and hard drive shredding services to ensure you comply with FACTA’s provisions. We serve the North Dakota and South Dakota regions. Contact us today to learn more about our data protection and shredding services and how they can help you stay FACTA-compliant.

SEAM provides IT recycling and data destruction services including onsite shredding and hard drive wiping to South Dakota, North Dakota, Minnesota, Iowa, and Nebraska.

Schedule a pickup or contact us for more information.