Facts About FACTA
Posted by Nancy G. Berner
Federal legislation aimed at identity thieves has created new concerns for employers. All employers, from Wal-Mart to Mom & Pop, Inc. are subject to the Fair and Accurate Credit Transaction Act (or FACTA), imposing strict requirements on the disposal of employee records. The legislation seeks to cut down on the incidence of “dumpster diving” where enterprising thieves search for sensitive discarded information enabling theft of an employee’s identity. The results are not yet clear, but the potential impact on employers is being felt.
What is the Disposal Rule?
FACTA was developed by the Federal Trade Commission, in part to amend the Fair Credit Reporting Act. Parts of the law are quite familiar; this is the same law that allows consumers yearly free access to their credit reports. Other parts, however, are new and considerably more ominous to employers. On June 1, 2005, the “Disposal Rule” section of FACTA, became law. The Disposal Rule requires any person who maintains employee information for a business purpose to properly dispose of the information, or face civil liability, potential class action lawsuits, and state and federal enforcement actions as well as fines if sensitive information makes its way into the wrong hands.
Who Must Comply with the FACTA Disposal Rule?
If you employ someone, then the Disposal Rule applies to you. Every employer in the United States is required to properly and effectively destroy all documents and materials that contain sensitive employee information. Unlike earlier laws protecting security, such as HIPPA or Sarbanes-Oxley, the Disposal Rule applies to all industries, and even to households employing only a nanny, tutor or gardener.
What Does the Disposal Rule Require of Employers?
The Disposal Rule requires practices that are “reasonable and appropriate” to prevent theft of employees’ identities. The Federal Trade Commission considers burning, shredding or pulverizing paper, and destroying or erasing electronic files to be both “reasonable” and “appropriate.” It may be simpler and more cost effective to conduct due diligence on a disposal company, and hire a reputable document destruction contractor, a practice that is also acceptable to the FTC. It is likely that such contractors will proliferate to fill this need. Already personal shredders have become so ubiquitous that they are offered by such diverse retailers as Williams-Sonoma and Target.
Conclusion
Sensitive employee information, for any and all employees, must be made inaccessible outside of the organization, whether it exists on old fashioned paper, or the latest hard drive. Regardless of the identity of the employer, the identity of those employed is now protected under FACTA.
Federal legislation aimed at identity thieves has created new concerns for employers. All employers, from Wal-Mart to Mom & Pop, Inc. are subject to the Fair and Accurate Credit Transaction Act (or FACTA), imposing strict requirements on the disposal of employee records. The legislation seeks to cut down on the incidence of “dumpster diving” where enterprising thieves search for sensitive discarded information enabling theft of an employee’s identity. The results are not yet clear, but the potential impact on employers is being felt.
What is the Disposal Rule?
FACTA was developed by the Federal Trade Commission, in part to amend the Fair Credit Reporting Act. Parts of the law are quite familiar; this is the same law that allows consumers yearly free access to their credit reports. Other parts, however, are new and considerably more ominous to employers. On June 1, 2005, the “Disposal Rule” section of FACTA, became law. The Disposal Rule requires any person who maintains employee information for a business purpose to properly dispose of the information, or face civil liability, potential class action lawsuits, and state and federal enforcement actions as well as fines if sensitive information makes its way into the wrong hands.
Who Must Comply with the FACTA Disposal Rule?
If you employ someone, then the Disposal Rule applies to you. Every employer in the United States is required to properly and effectively destroy all documents and materials that contain sensitive employee information. Unlike earlier laws protecting security, such as HIPPA or Sarbanes-Oxley, the Disposal Rule applies to all industries, and even to households employing only a nanny, tutor or gardener.
What Does the Disposal Rule Require of Employers?
The Disposal Rule requires practices that are “reasonable and appropriate” to prevent theft of employees’ identities. The Federal Trade Commission considers burning, shredding or pulverizing paper, and destroying or erasing electronic files to be both “reasonable” and “appropriate.” It may be simpler and more cost effective to conduct due diligence on a disposal company, and hire a reputable document destruction contractor, a practice that is also acceptable to the FTC. It is likely that such contractors will proliferate to fill this need. Already personal shredders have become so ubiquitous that they are offered by such diverse retailers as Williams-Sonoma and Target.
Conclusion
Sensitive employee information, for any and all employees, must be made inaccessible outside of the organization, whether it exists on old fashioned paper, or the latest hard drive. Regardless of the identity of the employer, the identity of those employed is now protected under FACTA.
Post A Comment / Question
Send To A Friend
Use this form to send this entry to a friend via email.