Is your Company FACTA Compliant?
The Fair and Accurate Credit Transactions Act (FACTA) requires that all businesses, regardless of size or industry, protect and dispose of sensitive and personal data they collect about their customers. This rule, which was enacted by the Federal Trade Commission (FTC), doesn't allow any wiggle room for any business. If you aren't compliant with FACTA, you're breaking the law. This simple quiz will help you determine if your business is FACTA compliant:
- Is your business able to prove that documents are shredded in a FACTA compliant manner? In order to be compliant, your company needs to have documentation of what was shredded and when it was shredded. You can easily achieve this by hiring a professional document shredding service that will provide you with a “Certificate of Destruction” each and every time they shred documents for your company. These certificates should be kept on record.
- Does your company have written policies and procedures in place that detail how documents are maintained and shredded? If not, you should highly consider developing these as soon as possible.
- Do you have regularly scheduled shredding occurring on a consistent basis? If not, you could be liable for storing excess personal records. Your company needs to have a consistent and regular schedule set up for shredding sensitive documents, and that schedule should be strongly adhered to.
- Is document storage and shredding covered in your company handbook? If not, it should be. All employees should be made aware of how critical proper disposal of sensitive documents is – and they should know the steps your company uses to get the job done.
- Does your business offer regular training in regards to storage and shredding of documents for all personnel? Everyone in your company should know what to shred and the procedures to make sure it happens within FACTAs guidelines.
- Does your company have a disposal plan in place for electronic media? FACTAs rules apply to magnetic media (floppy disks, CDs, DVDs, hard drives, etc), so all businesses need to include any of these that might contain sensitive and personal information in their record retention plan.
Following the above guidelines will help your business stay FACTA compliant, which is a legal necessity. Take the steps you need to take today to protect your business and your customers.