An amendment to the Fair Credit Reporting Act of 1970, FACTA, was created to further the protection of consumers against identity theft. The amendment strengthened requirements around information privacy and created enhanced legal compliance requirements for FACTA.
The Fair and Accurate Credit Transactions Act strengthened requirements regarding information privacy. The act seeks to reduce the risk of identity theft by reducing the risk of compromised data. It does so by limiting how consumer information is shared, and controlling how it is disposed of.
What Is FACTA?
There are three overarching goals of FACTA:
- Consumer Protection
- Security and Privacy
- Credit Reporting
These three goals work together to improve overall consumer data security and reduce instances of identity theft. Financial institutions must take certain actions to pinpoint possible indicators of identity theft, take reasonable actions to protect consumer information, and allow greater monitoring from the consumer end so that individuals can keep an eye on their credit histories.
What Are FACTA Compliance Requirements?
FACTA strengthened consumer protection from identity theft through several techniques:
Red Flag Rules
A main piece of the FACTA legislation created the Red Flag Rules, which help enforcement agencies implement FACTA policies. The Red Flag Rules require financial institutions and creditors to create and implement a written Identity Theft Prevention Program to help detect and prevent identity theft. Identity theft programs should:
- Identify red flags (patterns/practices/activities that possibly indicate identity theft)
- Detect red flags as they occur
- Respond swiftly and appropriately to red-flag incidents
- Require regular updates as identity theft risks evolve
The financial institution or a standing committee must approve or oversee identity theft prevention. Additionally, they must provide training for staff members.
Free Credit Reports
FACTA also allows consumers to get one free credit report every twelve months from any of the three dedicated, nationwide consumer credit reporting companies. Allowing the consumer to check their credit history gives individuals more control over their information.
Alerts and Monitoring Tools
FACTA allows consumers to take more control over their information by creating systems so they can set up personal alerts on their credit histories. This allows individuals to monitor their information and helps them identify data risks early on. It also reduces the dependency on large companies to disclose breaches.
Proper Disposal of Sensitive Information
Lastly, FACTA requires creditors and financial institutions to take “reasonable measures to protect against unauthorized access to or use of consumer information” using proper disposal. To ensure private information is not compromised, it required that reasonable steps be taken to destroy private information before it leaves the hands of any financial institution.
What Are the Consequences of Failing to Stay in Compliance With FACTA?
If you fail to comply with FACTA regulations and become a victim of a data breach, you can expect to face class action lawsuits that will be financially crippling.
Individuals who experience identity theft because a financial institution failed to implement and abide by FACTA regulations can seek damages under the law. FACTA states that failure to comply can lead to fines of up to $1,000 per individual violation, even if the consumer did not suffer damages from identity theft. Not only will you have to pay steep fines and pay back customers who have been harmed, you will face a tarnished reputation, which can lead to lost business.
How to Stay in FACTA Compliance
One of the best ways to ensure the safety of private consumer information is to shred files once they’ve expired, and certificates of destruction validate the document shredding process.
The information contained on a company’s certificate can vary, but in general you can expect to see:
- The date of the destruction
- The weight of the materials
- Signatures of witnesses to the destruction
- A unique tracking number
Additional information may include the location of the destruction and the exact times of material pick up/drop off. Lastly, it provides proof of whether the process complied with HIPAA, FACTA, and local information security laws.
A certificate of destruction will help your company in the event of a lawsuit or audit. You can use it to provide proof of destruction for documents containing private consumer information. You can receive a certificate of destruction for all types of shredding services, including mobile shredding (on-site at your location) and off-site shredding services (off-site at a secure shredding facility).
Find a FACTA-Compliant Document Shredder Near You
Shredding expired documents is an excellent step towards protecting any sensitive data your company handles. No matter who the documents relate to, disposing of them properly prevents them from getting into the wrong hands.
Shred Nations partners with document shredders across the nation and will help you find a shredding service provider match. If you need to guarantee FACTA compliance for your shredding, we will help you find a solution. Give us a call at (800) 747-3365, fill out the form, or use our live chat to get free quotes from providers in your area.