The Fair and Accurate Credit Transaction Act, 2003 (FACTA) was enacted in the United States in 2003, with specific rules pertaining to document destruction becoming enforceable in 2005. Even though the legislation has been in place for many years, how much do you really know about FACTA and what constitutes compliance?
What is FACTA?
FACTA added new sections to the existing Fair Credit Reporting Act. FACTA is intended to protect consumers from the crime of identity theft by providing consumers, companies, consumer reporting agencies and regulators with new tools to expand consumer access to credit and enhance the accuracy of consumer financial information.
Who is impacted?
FACTA applies to any person or company that “maintains or otherwise possesses consumer information or any compilation of consumer information, derived from consumer reports for a business purpose.” Examples of such companies include:
- Consumer reporting agencies
- Resellers of consumer reports
- Government agencies
- Mortgage brokers
- Automobile dealers
- Waste disposal companies
How does compliance affect document shredding?
With the intention of reducing the risk of identity theft, FACTA includes a specific rule regarding the paper disposal of consumer report information and records. Effective June 1, 2005, FACTA states:
“Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.”
The rule goes on to provide examples of how a consumer record, whether in paper, electronic or other form, can be disposed of in a compliant manner. One such example is regularly scheduled document shredding and/or a contract with a third party who can properly dispose of consumer records.
What are the penalties associated with FACTA?
FACTA outlines the penalties for non-compliance in Section 616:
“616. Civil liability for willful noncompliance – (a) In general. Any person who willfully fails to comply with any requirement imposed under this subchapter with respect to any consumer is liable to that consumer in an amount equal to the sum of (1) (A) any actual damages sustained by the consumer as a result of the failure or damages of not less than $100 and not more than $1,000; or (B) in the case of liability of a natural person for obtaining a consumer report under false pretenses or knowingly without a permissible purpose, actual damages sustained by the consumer as a result of the failure or $1,000, whichever is greater; (2) such amount of punitive damages as the court may allow; and (3) in the case of any successful action to enforce any liability under this section, the costs of the action together with reasonable attorney’s fees as determined by the court.”
As you can see, the punishment for organizations that have intentionally violated the provisions of FACTA can be quite severe, and include reimbursement of the actual damages sustained to each individual as a result of the violation, plus additional court determined punitive damages and attorney fees.
Steps you can take as a business
One step you can take to improve FACTA compliance is to shred any documents containing consumer information. FACTA outlines that document destruction is considered an appropriate safeguard to protect confidential information from intentional or unintentional disclosure.
To ensure your information remains secure you should choose a document shredding provider that can help you assess your document handling procedures and implement secure destruction practices.