In June 2005, a provision of the Federal Trade Commission FACTA (Fair and Accurate Credit Transactions Act of 2003) became effective requiring businesses to take appropriate measures when destroying or discarding sensitive information derived from “consumer reports,” which includes reports with information relating to employment background, check writing history, insurance claims, residential or tenant history, or medical history. The Act was created to prevent the unauthorized access to or use of such information (including Social Security numbers) obtained from a consumer report.
The standard for proper disposal is flexible and allows those covered by the rule to determine what measures are reasonable based on the sensitivity of the information, the costs and benefits of different disposal methods, and changes in technology. Although the disposal rule applies to consumer reports and information derived from such reports, the FTC encourages those who dispose of any records containing personal or financial information to take similar protective measures. Many experts suggest that the proper way of disposing of this data is by shredding paper documents and wiping or destroying computer data files. They also recommend that an organization’s record retention policy should be modified to address the issue of proper document disposal.
For a sample record retention policy, go to www.npccny.org/compliance_checklist.htm. To read more, go to www.ftc.gov/opa/2005/06/disposal.htm or to www.ftc.gov/bcp/conline/pubs/alerts/disposalalrt.htm.
This article originally appeared in the March 2006 issue of NPCC's monthly newsletter, New York Nonprofits. www.npccny.org