Why You Need a Paper Shredder – Rule Requires Businesses to Properly Dispose of Consumer Information
|With very little fanfare, a rule went into effect on June 1, 2005 that impacts employers and businesses, regardless of size. Enacted in an effort to combat the growing problem of identity theft, this new rule requires all businesses to appropriately destroy consumer information when no longer needed, making it impossible for scam artists to access. Known as the “disposal rule”, it is part of the federal Fair and Accurate Credit Transaction Act (FACTA) and is administered by the Federal Trade Commission.|
The disposal rule provides, “Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.”
Suppose an employer performs a credit check on a prospective nanny as part of the hiring process, or receives personal information from a “temp agency” that originated from a credit report. The employer must comply with the disposal rule when the information is no longer needed. Experts advise that every business, regardless of size, establish a shredding policy and every employee that uses sensitive consumer information have a paper shredder within arms reach.
The type of information that must be destroyed includes “any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report.”
The rule permits businesses to decide the method of destroying the information that best meets their needs. Acceptable disposal methods for paper include burning, pulverizing or shredding. It also requires companies to destroy or completely erase electronic media. This includes hard drives, CD-ROMs, floppy disks and information contained on PDAs.
Failure to comply with the new disposal rule could expose employers and business owners to the following liability:
- Civil fines - Fines up to $2,500 per violation can be assessed
from the federal government
- Civil liability - Employers are potentially liable up to
$1,000 per employee in statutory damages
- Actual damages - Employers are liable for actual damages
if employees’ identities are stolen as a result of the company’s
failure to protect the information
- Class action lawsuit - Employers could be subject to a
class action lawsuit if multiple employees are affected.
(FACTA is Public Law 108-159, which was signed on December
© Your Office Stop, 2006. This is original content that may not be reused
without our express written permission and credit given back to us.
Top Selling Paper Shredders & Shredding Supplies