What Companies Need to Know About FACTA
What is it?
Fair and Accurate Credit Transactions Act (FACTA): Protects consumers from identity theft. Failing to properly maintain and secure the information can result in substantial fines. Companies can also be held financially responsible for the actual losses to individuals.
Guidelines for Companies to Become Compliant with FACTA
- Create Written Policies and Procedures for Data Destruction: Companies should have a written program outlining how to maintain and shred documents along with destroying other data. Having a written policy will substantially limit the liability of an organization according to FACTA in section 615 item (7) entitled Requirements on users of Consumer Reports it states “Compliance: A person shall not be liable for failure to perform the duties required by this section if, at the time of the failure, the person maintained reasonable policies and procedures to comply with this section.”
- Certification and Documentation of Destruction – Businesses will need to prove that they destroyed sensitive documents or information to be FACTA-compliant. Companies need documentation including what data was destroyed, and when it was destroyed. CyberCrunch® provides certificates of recycling, and videos of data destruction. Click here to learn more about how CyberCrunch® can help.
- Employee Training – This falls into “The Red Flags Rule” which is based on the Act and was created by the Federal Trade Commision (FTC). It requires employers to train employees. Businesses need to have regularly scheduled training sessions on storage procedures, data protection, what data needs to be shredded and what needs to be destroyed. Training should apply to all “relevant employees” which usually involves employees at every level in the organization.
FACTA in the News
This article points out how Spirit Airlines had to pay $7.5 million to settle a FACTA lawsuit. Learn More
Call us today at 866-925-2354.
We can help you follow FACTA requirements, and provide safe and secure recycling and data destruction to keep your customers’ sensitive information safe.