FACTA: Fair and Accurate Credit Transactions Act.     Business Compliance Issues - Special Report

Some businesses may decide to use an outside data destruction company to assure compliance to the FACTA policies. These companies will actually carry out the disposal and destruction of all relevant paper records and other data or information.

However, even if a business decides to outsource the disposal it is still held liable to insure the actual destruction of the data. It must assure that it has contracted with a company that appropriately complies with the regulations set forth in the FACTA rules.

The FACTA rules require the business to "take reasonable steps to select and retain a service provider that is capable of properly disposing of the consumer information at issue; notify the service provider such information is consumer information; and enter into a contract that requires the service provider to dispose of such information in accordance with the Rule."

This means that even if a business outsources the disposal of its records and data, it has to be sure that it obtains a written contract with the disposal company that acknowledges that all the documents or data that may contain consumer information are actually destroyed, and that the disposal company agrees to follow all of the FACTA rules.

Document and data disposal companies usually offer the following features for assuring compliance to the new FACTA rules:

1. Certification and Documentation. Businesses are supplied with documentation of what they shredded and when they shredded it. A certified data destruction service usually provides a "Certificate of Destruction" for all data it destroys.

Data destruction companies will often manage the disposal of all different types of media - not just paper. The FACTA Disposal Rule also covers consumer information that is stored on computers, hard-drives, CDs, and other media, so the destruction of this data should be documented as well.

2. A regular schedule for shredding or document disposal and data destruction. Companies can provide regularly scheduled paper shredding and document and data destruction to prevent the liability from storing excess records with personal information.

If a contracted third party document disposal or data destruction company follows these guidelines then your business should be in compliance with the FACTA rules.

Businesses need to document that they are faithfully adhering to these FACTA regulations.

If they have a good plan and the proper documentation, then they can demonstrate to the FTC that they are doing all they can to protect their customers and employees from identity theft.

That's what FACTA is all about.

FACTA Business Liability Issues