If your business does not properly dispose of personal information from customers or employees you could be fined, sued or involved in a costly class action lawsuit. Effective June 1, 2005, the new strict information Disposal Rule changed the way nearly every business in the United States must handle sensitive personal information.
Identity theft is the fastest growing crime in America. The Federal government has recognized that improper disposal of sensitive information is a key cause of identity theft and is firm in its commitment to prevent identity thieves from obtaining personal information.
The Fair and Accurate Credit Transactions Act is an amendment to the Fair Credit Reporting Act. The new Disposal Rule portion of the law requires companies to properly dispose of all paper or electronic personal data by reasonable measures such as shredding or burning for paper records. Third party companies that specialize in proper information disposal can be contracted to handle this responsibility.
If you do not comply with the new Disposal Rule, your company could be subject to civil liability for actual or statutory damages as a result of your inaction leading to the identity theft; class action lawsuits, if a large number of employees or customers are involved; and federal fines of up to $2,500 for each violation, and state fines of up to $1,000 for each violation.
When implementing information disposal practices, consider the following:
– Have a valid reason for requesting the information that you gather.
– Acquire data in a private manner that cannot be seen or overheard.
– Install effective security on systems that store personal data.
– Make sure that sensitive data is treated as highly classified and is access controlled.
– Make all paper and electronic documents unreadable before disposing of them.
– Train all personnel in proper procedures for identifying, handling and disposing of personal information.
– Consider conducting background checks on all employees with access to identifying information including mailroom staff, clean-up crews, customer service technicians and temporary workers.
– For your protection in case of a lawsuit, formalize your information disposal program including maintaining detailed documentation of each security measure you establish.