Starting June 1, 2005, any business, large or small, that uses consumer reports must dispose of this sensitive information “properly.” The rule also applies to individuals who use consumer reports for a business purpose.
Starting June 1, 2005, any business, large or small, that uses consumer reports must dispose of this sensitive information “properly.” The rule also applies to individuals who use consumer reports for a business purpose. Proper disposal of consumer report information is required by recent amendments to the federal Fair Credit Reporting Act (FCRA), with details spelled out in regulations adopted by the Federal Trade Commission (FTC).
The goal of the Disposal Rule is to reduce identity theft and other fraud through greater protection of consumer information. The rule applies to consumer reporting agencies like credit bureaus, employment or tenant screening companies, as well as companies that compile information and sell reports on medical history, check writing history and insurance claims. Significantly, the Disposal Rule also applies to any business that uses such reports.
Discarding consumer reports in a trash can is no longer just an irresponsible business practice -- It’s now illegal. Although the Disposal Rule covers only a specific kind of sensitive data – information in or derived from consumer reports – the new rule could affect millions. For example, you may have to comply with the Disposal Rule if you are:
- A small business owner that routinely conducts a criminal background check on prospective employees.
- A parent who obtains a credit report on a prospective nanny.
- A landlord who obtains a tenant history report on a prospective tenant.
- An automobile dealer.
- A private investigator.
- A business that disposes of information for other businesses.
The Disposal Rule applies to information in paper, computer or any other format. The rule does not require specific measures for disposal. Rather, it requires “reasonable” disposal measures, so the end result is that personal information is unreadable or incapable of being reconstructed.
The federal banking agencies will also publish a version of the Disposal Rule (Office of Comptroller of the Currency, Federal Deposit Insurance Corporation, Office of Thrift Supervision, Federal Reserve Board), the National Credit Union Administration, and the Securities and Exchange Commission).
In addition, many companies covered by the Disposal Rule are “financial institutions” and required by the federal Gramm-Leach-Bliley Act (GLBA) and federal regulations to safeguard customer data, which includes proper disposal. Companies subject to the GLBA rules are also subject to the new Disposal Rules.
For more information on the Disposal Rule, see the FTC Business Alert, Disposing of Consumer Report Information? New Rule Tells How, www.ftc.gov/bcp/conline/pubs/alerts/disposalalrt.htm.