Compliance : Fair and Accurate Credit Transactions Act : Disposal Rule : Secure Shredding
Iron Mountain Shredding Program Aids in Preventing Identity Theft
New Service Enables Businesses to Comply with FACTA Law Governing the Destruction of Consumer Records
Under the Fair and Accurate Credit Transactions Act (FACTA), the Federal Trade Commission and other federal agencies have implemented new rules and fines governing the methods by which U.S. businesses that possess or maintain consumer information must dispose of such information. Specifically, the Act's Disposal Rule prescribes reasonable measures to protect against unauthorized access to, or use of, "consumer information" (as defined in the Act) during the disposal process, which include: shredding, burning or pulverizing physical records, and erasing or destroying electronic records. Businesses are also required to implement and monitor procedures designed to attain compliance with these requirements.
"Along with providing shredding services, the Iron Mountain program enables companies to establish a standardized and programmatic approach to FACTA Disposal Rule compliance, including program design, employee education, implementation tools and program audit to drive consistency and adoption throughout the organization," said Bob Brennan, president of Iron Mountain North America. "This level of demonstrative compliance cannot be achieved with a personal shredder under a desk, and no other shredding vendor is prepared to offer this level of consultative service."
With heightened sensitivity to protecting personal information, the Disposal Rule, 16 CFR Part 682, addresses the responsibility of businesses to police their own processes around the security of the destruction of consumer information. The Rule requires that all companies must take the necessary precautions to protect against unauthorized disclosure to help reduce the risk of consumer fraud. This broad-sweeping regulation impacts all businesses that maintain or possess consumer information, regardless of size or industry, including lenders, insurers, landlords, government agencies, auto dealers, retailers and more.
The Cost of Non-Compliance
Under FACTA, all companies that possess, sell or use consumer information must now implement programs to ensure the destruction of that information in a manner consistent with the rule.
Federal penalties can cost companies up to $2,500 per violation and states may recover up to $1,000 per willful or negligent violation. In addition, courts can award punitive damages for individual or class action lawsuits. Aside from high fines, these violations could irreparably damage a company's reputation.
FACTA-Ready Secure Shredding Program
Iron Mountain's FACTA-Ready Secure Shredding Program helps organizations proactively and cost-effectively comply with requirements for the destruction of consumer information. Through the assessment of a company's existing information management program, Iron Mountain will work with customers to develop and implement a program that addresses the operational workflows and complexities that are unique to every business.
The Iron Mountain program will help companies organize goals, establish development and implementation methodologies and deliverables, and organize key stakeholders to establish the foundation for a successful FACTA-Ready Secure Shredding Program. A low-risk, compliant program is policy-driven and manageable with appropriate reporting and audits. In addition, the program will provide tools to educate employees on these processes.
Each company affected by the Disposal Rule is required to undertake due diligence with respect to a third-party destruction provider, and to monitor that provider's compliance with the Disposal Rule. Iron Mountain's processes and procedures enable customers to undertake appropriate due diligence, and to monitor our performance of such obligations. Today, more than 20,000 customers throughout North America rely on Iron Mountain to shred their most confidential data.