Federal FACTA Disposal Rule

What is the FACTA Disposal Rule?

FACTA or the Fair and Accurate Credit Transaction Act is a newer law that has been implemented in order to protect consumers against fraud and identity theft. In order to protect consumers, the FACTA Disposal Rule requires the proper disposal of consumer information.

According to the FTC, the FACTA Disposal Rule applies to "any person who maintains or otherwise possesses consumer information for a business purpose". If your entity maintains or possesses consumer information, then you MUST properly destroy the consumer information when the time comes to discard it.

The FTC futher defines proper disposal as "taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal".

One of the reasonable measures of proper disposal, as defined by the FTC, is "entering into a contract with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with this rule".

In contrast, a reasonable measure does NOT include placing the information in a dumpster or trash receptical.

What are the penalties for non-compliance?

Both states and the federal government enforce the FACTA Disposal Rule and can bring separate sanctions upon those who are not compliant with FACTA. Class action law suit may also be brought upon the non-compliant party if a large enough number of consumers are affected.

The federal government can fine up to $2,500 per record compromised and the state can recover up to $1,000 for each instance of FACTA non-compliance. If multiple consumer records are involved in the data breach, the fines can add up very quickly! So how do you ensure that you will not incur these hefty fines? Read below...

Your partner in FACTA compliance

By partnering with Safeguard Records Management, you will be complying with the FACTA Disposal Rule by taking reasonable measures (i.e. using Safeguard to securely shred the consumer information held by your entity) to properly destroy consumer information.

For more information on the FACTA Disposal Rule, please visit: