Are You Following the FTC’s Disposal Rule? A 2012 Refresher for Businesses, Financial Institutions and Medical Offices
How would you rate your organization in terms of complying with the FTC’s Disposal Rule and properly disposing of confidential paperwork and sensitive data? If you’re not 100% confident that you would receive an A+ (or that you’re even familiar with the intricacies of the Disposal Rule), then you’ll need this refresher. Here are the important highlights you’ll want to know:
- The Disposal Rule, enacted several years ago to protect the privacy of consumer information and reduce the risk of fraud and identify theft, requires businesses to take appropriate measures to dispose of sensitive information.
- The Disposal Rule requires the proper disposal of information and records to protect against “unauthorized access to or use of the information.”
- Although intended for organizations that use consumer reports, the FTC encourages those who dispose of any records containing a consumer’s personal or financial information to take similar protective measures.
- What constitutes a “consumer report”? Credit reports and credit scores are consumer reports, of course. So are reports businesses or individuals receive with information relating to employment background, check writing history, insurance claims, residential or tenant history, or medical history.
- Those who must comply with the Disposal Rule include: Consumer reporting companies, Lenders, Insurers, Employers, Landlords, Government agencies, Mortgage brokers, Automobile dealers, Attorneys or private investigators, Debt collectors, Individuals who obtain a credit report on prospective nannies, contractors, or tenants and Entities that maintain information in consumer reports as part of their role as service providers to other organizations covered by the Rule.
- Financial institutions are subject to not only the Disposal Rule, but also the Gramm-Leach-Bliley (GLB) Safeguards Rule.
Methods of complying with the Disposal Rule include:
- Burn, pulverize, or shred papers containing consumer report information so that the information cannot be read or reconstructed;
- Destroy or erase electronic files or media containing consumer report information so that the information cannot be read or reconstructed;
- Conduct due diligence and hire a document destruction contractor to dispose of material specifically identified as consumer report information consistent with the Rule. Due diligence in selecting a contractor include:
- reviewing an independent audit of a disposal company’s operations and/or its compliance with the Rule
- obtaining information about the disposal company from several references
- requiring that the disposal company be certified by a recognized trade association
- reviewing and evaluating the disposal company’s information security policies or procedures
This policy has been around since 2005, so ignorance is no longer an excuse. If you need assistance complying with the Disposal Rule, contact Eagle Secure Shredding today at 770-619-5300.