An amendment to the Fair Credit Reporting Act of 1970, FACTA was created to further the protection of consumers against identity theft.
The Fair and Accurate Credit Transactions Act strengthened requirements regarding information privacy. By limiting how consumer information is shared and controlling how it is disposed of, the act seeks to reduce the risk of identity theft by reducing the risk of compromised data.
What Is FACTA?
There are three overarching goals of FACTA:
- Consumer Protection
- Security and Privacy
- Credit Reporting
These three goals works together to improve overall consumer data security and reduce instances of identity theft. Financial institutions must take certain actions to pinpoint possible indicators of identity theft, take reasonable actions to protect consumer information, and allow greater monitoring from the consumer end so that individuals can keep an eye on their own credit histories.
What Are FACTA Requirements?
FACTA strengthened consumer protection from identity theft through several techniques.
Red Flag Rules
A main piece of the FACTA legislation promulgated the Red Flag Rules which help enforcement agencies implement FACTA policies.
Under the red flag rules financial institutions and creditors are required to create and implement a written Identity Theft Prevention Program to help detect and prevent identity theft. Identity theft programs should:
- Identify red flags (patterns/practices/activities that possibly indicate identity theft)
- Detect red flags as they occur
- Respond swiftly and appropriately to red flag incidents
- Require regular updates as identity theft risks evolve
Identity Theft Prevention Programs must be approved and overseen by the financial institution or a standing committee, and must provide training for staff members.
Free Credit Reports
FACTA also allows consumers to get one free credit report every twelve months from any of the three dedicated, nationwide consumer credit reporting companies. Allowing consumer to check their credit history gives individuals more control over their own information.
Alerts and Monitoring Tools
FACTA allows consumers to take more control over their own information by creating systems so they can set up personal alerts on their credit histories. Allowing individuals to monitor their own information will help identify data risks early on, and reduces the dependency on large companies to disclose breaches.
Proper Disposal of Sensitive Information
Lastly, FACTA requires creditors and financial institutions to take “reasonable measures to protect against unauthorized access to or use of consumer information” by means of proper disposal.
To ensure private information is not compromised it required that reasonable steps be taken to destroy private information beyond a doubt before it leaves the hands of any financial institution.
What Are the Consequences of Failing to Comply with FACTA?
If you fail to comply with FACTA regulations and become a victim of a data breach leading to identity theft cases for your customers, you can expect to face class action lawsuits that will be financially crippling.
Individuals who experience identity theft because of the failure of a financial institution to implement and abide by FACTA regulations can seek damages under the law. FACTA states that failure to comply can lead to fines of up to $1,000 per individual violation, even if the consumer did not suffer damages from identity theft.
But not only will you have to pay steep fines and payback customers who have been harmed, you will face a tarnished reputation, which can lead to lost business.
Any institution that handles private customer information and fails to carefully manage it can expect to lose business from both previous and potential customers. As data breaches are making headlines every month, you’ll want to do everything in your power to avoid that type of negative press.
How Can a Certificate of Destruction Help?
One of the best ways to ensure the safety of private consumer information is to shred files once they’ve expired. Certificates of destruction validate the document shredding process. The information contained on a company’s certificate can vary, but in general you can expect to see:
- The date of the destruction
- The weight of the materials that were destroyed
- Signatures of witnesses to the destruction
- A unique tracking number
Additional information may include the location of the destruction, the exact times of material pick up/drop off, and whether the process complied with HIPAA, FACTA, and local information security laws.
A certificate of destruction will help your company in the event of a lawsuit or audit as you can use it to provide proof of destruction for documents containing private consumer information.
You can receive a certificate of destruction for all types of shredding services, including mobile shredding (which is performed onsite at your location) and offsite shredding services (which are completed at a secure offsite facility).
Find a FACTA Compliant Document Shredder Near You
Shredding expired documents is an excellent step towards protecting any sensitive data your company handles. Whether it is business related, customer related, or employee related, disposing of it properly prevents it from getting in the wrong hands.
Shred Nations partners with document shredders across the nation and will help you find a shredding service provider match. If you need to guarantee your shredding process is FACTA compliant, or if you require a certificate of destruction for your records, we will help you find a solution.
Call us at (800) 747-3365 or fill out the form on the right to be matched with a secure, professional shredder in your area.