What FACTA Says

The Fair and Accurate Credit Transaction Act of 2003 is one of the biggest laws that require businesses to ensure the proper destruction of personal information. It covers all information that is used as part of a credit report.

Many people talk about the law but it seems as if very few people have actually read it. I wanted to use this post today to give you the exact law so you won’t be bamboozled with marketing materials that claim something is required that isn’t. So here is exactly what the law says:

§ 682.3 Proper disposal of consumer information.

(b) Examples. Reasonable measures to protect against unauthorized access to or use of
consumer information in connection with its disposal include the following examples.
These examples are illustrative only and are not exclusive or exhaustive methods for
complying with this rule.

(a) Standard. Any person who maintains or otherwise possesses consumer information
for a business purpose must properly dispose of such information by taking reasonable
measure to protect against unauthorized access to or use of the information on
connection with its disposal.

(1) Implementing and monitoring compliance with policies and procedures that
require the burning, pulverizing, or shredding of paper containing consumer information
so that the information cannot practicably be read or reconstructed.

(2) Implementing and monitoring compliance with policies and procedures that
require the destruction or erasure of electronic media containing consumer information
so that the information cannot practicably be read or reconstructed.

(3) After due diligence, entering into and monitoring compliance with a contract with
another party engaged in the business of record destruction to dispose of material,
specifically identified as consumer information, in a manner consistent with
this rule. In this context, due diligence could include reviewing an independent
audit of the disposal company’s operations and/or its compliance with this rule,
obtaining information about the disposal company from several references or
other reliable sources, requiring that the disposal company be certified by a recognized
trade association or similar third party, reviewing and evaluating the
disposal company’s information security policies or procedures, or taking other
appropriate measures to determine the competency and integrity of the potential
disposal company.

(4) For persons or entities who maintain or otherwise possess consumer information
through their provision of services directly to a person subject to this part, implementing
and monitoring compliance with policies and procedures that protect
against unauthorized or unintentional disposal of consumer information, and disposing
of such information in accordance with examples (1) and (2) above.

So there is a strong component of setting up the policies and procedures that deal with the destruction of materials. Make sure every employee is aware of how to handle, store, and shred confidential information. This should be done not just once but on a regular schedule.

Then there is the issue of the actual shredding. It can be done in house or by using a shredding contractor. The requirement when using a contractor is that they follow good security procedures. There are many ways to verify this but the most straight forward is to visit the company. If they are doing mobile shredding then someone can watch the process. If you are working with an off site service then visit the shredding plant. You can verify they have the security necessary for handling sensitive documents. Never hire anyone who won’t show you their plant.

Get Free, No-Hassle Quotes on Document Shredding & Paper Shredding Today!

Shred Nations specializes in helping you find the shredding provider that’s right for your businesses regardless of the size of the job.  To get started, fill out the form to the right, or give us a call at (800) 747-3365

Within minutes of receiving your request, you will receive quotes from local mobile shredding contractors so that you can select the company that fits your project or your office best.