The Fair and Accurate Credit Transaction Act (FACTA or FACT Act) is designed to reduce the risk of consumer fraud and identity theft created by the improper disposal of consumer information. The law’s provisions require businesses to adopt procedures for the secure destruction of consumer reports and the information derived from them. As any business that uses a consumer report must comply, professionals within every industry are affected, including:
- Lenders and Mortgage Brokers
- Attorneys and Private Investigators
- Debt Collectors
- Automobile Dealers
- Government Agencies
While the act specifically mentions many of the above individuals, FACTA also applies to every individual or business entity subject to the Federal Trade Commission’s (FTC) jurisdiction, which expands its inclusion to virtually every person and every business in the United States.
What you should know about the FACTA Disposal Rule
According to the FACTA Disposal Rule, consumer information that has outlived its lifecycle must be properly destroyed prior to disposal. The destruction measures must ensure that the files cannot be read or reconstructed and can include:
- Internal business processes to burn, pulverize or shred papers, and to destroy and erase all forms of digital media, including electronic data and microfilms.
- The hiring of a records destruction provider who can properly dispose of files and media, while providing comprehensive records that allow for internal due diligence.
What does this have to do with identity theft?
Everything. The improper disposal of consumer reports by individuals and businesses has been cited in numerous fraud incidents. Identity thieves will regularly “dumpster dive” to find the personally identifiable information (PII) and financial records of unsuspecting individuals in order to steal their identity and make fraudulent purchases.
In fact, according to a Bureau of Justice Statistics report, 17.6 million Americans were victims of identity theft in 2014 alone.
FACTA was created to mitigate the above risks by ensuring that businesses and individuals properly destroy all consumer records prior to disposing of them.
What violations can mean for your business
FACTA provides for substantial civil liability. In some cases, consumers may be entitled to recover the actual damages sustained as a result of the violation. In other cases, each consumer affected may be able to recover statutory damages of up to $1,000.
Where large numbers of consumers are affected, they may be able to bring class action lawsuits seeking potentially massive statutory damages. Courts are also authorized to award punitive damages in either an individual suit or a class action. Finally, a successful plaintiff, or class of plaintiffs, may recover reasonable attorneys’ fees.
In some violation cases, the federal government can bring an action in federal district court for up to $2,500 in penalties for each independent violation of the rule. The states are also authorized to bring actions on behalf of their residents and, in appropriate cases, may recover up to $1,000 for each willful or negligent violation of the rule.
Access Records Management Can Help
Organizations within every industry, and of every size, can benefit from Access’s secure records destruction solutions. In addition to maintaining NAID AAA certified and PCI DSS compliant shredding facilities, we:
- Have many locations that can accommodate both mobile and plant-based destructions.
- Can ensure compliance with FACTA, as well as all other relevant state and federal laws.
- Offer scalable and flexible solutions that work around your preferred schedules.
- Destroy computer equipment and many other digital media forms.
- Provide a Certificate of Destruction to ensure you meet your compliance requirements.
For additional information on how Access can help you maintain compliance with FACTA, contact us today.