- About Us
- Our Services
- Service Areas
“Once your business is finished with sensitive information derived from consumer reports, what happens to it then? Under the Disposal Rule, your company must take steps to dispose of it securely.” – FTC.Gov
In today’s world, almost every business is aware that protecting the privacy of customers, patients, employees, etc. is a required by law and of the utmost importance. But just how familiar are you with current laws? Are you confident your business is following proper protocols and protecting personal information? With fraud and identity theft happening around us at increasing and alarming rates, it’s critical you follow procedure so you’re not exposed to costly liability. If it’s your job to protect valuable information in your business or workplace, you may want to take a moment to read the following information provided by The Federal Trade Commission on FTC.Gov:
“Any business or individual who uses a consumer report for a business purpose is subject to the requirements of the Disposal Rule. The Rule requires the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” The Federal Trade Commission, the nation’s consumer protection agency, enforces the Disposal Rule.
According to the FTC, the standard for the proper disposal of information derived from a consumer report is flexible, and allows the organizations and individuals covered by the Rule to determine what measures are reasonable based on the sensitivity of the information, the costs and benefits of different disposal methods, and changes in technology.
Although the Disposal Rule applies to consumer reports and the information derived from consumer reports, the FTC encourages those who dispose of any records containing a consumer’s personal or financial information to take similar protective measures.
Who must comply?
The Disposal Rule applies to people and both large and small organizations that use consumer reports. Among those who must comply with the Rule are:
- Consumer reporting companies
- Government agencies
- Mortgage brokers
- Automobile dealers
- Attorneys or private investigators
- Debt collectors
- Individuals who obtain a credit report on prospective nannies, contractors, or tenants
- Entities that maintain information in consumer reports as part of their role as service providers to other organizations covered by the Rule
What is “proper” disposal?
The Disposal Rule requires disposal practices that are reasonable and appropriate to prevent the unauthorized access to – or use of – information in a consumer report. For example, reasonable measures for disposing of consumer report information could include establishing and complying with policies to:
- burn, pulverize, or shred papers containing consumer report information so that the information cannot be read or reconstructed;
- destroy or erase electronic files or media containing consumer report information so that the information cannot be read or reconstructed;
- conduct due diligence and hire a document destruction contractor to dispose of material specifically identified as consumer report information consistent with the Rule. ”
Click to finish reading article: https://www.ftc.gov/tips-advice/business-center/guidance/disposing-consumer-report-information-rule-tells-how
Need an introduction to the issue of retention schedules? This tool will help you understand where you need to begin to focus your efforts, and get you on the road to creating the retention schedule your organization needs.Important: If you store your records with Iron Mountain Records Storage, we can save you 33% or more! Call us today for a quick no-obligation comparison.
These days, it is almost impossible to be in business and not collect or hold personally identifying information — names and addresses, Social Security numbers, credit card numbers, or other account numbers — about your customers, employees, business partners, students, or patients. If this information falls into the wrong hands, it could put these individuals at risk for identity theft.
Still, not all personal information compromises result in identity theft, and the type of personal information compromised can significantly affect the degree of potential damage. What steps should you take and whom should you contact if personal information is compromised? Although the answers vary from case to case, the following guidance from the Federal Trade Commission (FTC), the nation’s consumer protection agency, can help you make smart, sound decisions. Check federal and state laws or regulations for any specific requirements for your business.Important: If you store your records with Iron Mountain Records Storage, we can save you 33% or more! Call us today for a quick no-obligation comparison.
Businesses Must Provide Victims and Law Enforcement with Transaction Records Relating to Identity Theft
The Fair Credit Reporting Act (FCRA) spells out rights for victims of identity theft, as well as responsibilities for businesses. Identity theft victims are entitled to ask businesses for a copy of transaction records — such as applications for credit — relating to the theft of their identity.
Indeed, victims can authorize law enforcement officers to get the records or ask that the business send a copy of the records directly to a law enforcement officer. The businesses covered by the law must provide copies of these records, free of charge, within 30 days of receiving the request for them in writing. This means that the law enforcement officials who ask for these records in writing may get them from your business without a subpoena, as long as they have the victim’s authorization.
The Federal Trade Commission (FTC), the nation’s consumer protection agency, enforces the FCRA including this requirement, which is known as Section 609(e). Here is some additional information to help your business comply with this provision of the law…Important: If you store your records with Iron Mountain Records Storage, we can save you 33% or more! Call us today for a quick no-obligation comparison.
Protecting the privacy of consumer information held by “financial institutions” is at the heart of the financial privacy provisions of the Gramm-Leach-Bliley Financial Modernization Act of 1999. The GLB Act requires companies to give consumers privacy notices that explain the institutions’ information-sharing practices. In turn, consumers have the right to limit some – but not all – sharing of their information.
Here’s a brief look at the basic financial privacy requirements of the law.Important: If you store your records with Iron Mountain Records Storage, we can save you 33% or more! Call us today for a quick no-obligation comparison.
Does Your Financial Privacy Notice…
- use legal jargon?
- give new meaning to dense, indecipherable text?
- contain lengthy, unnecessarily complex sentences with convoluted clauses, multiple punctuation marks, and incomprehensible polysyllabic verbiage?
Was Your Notice…
- “borrowed” from another company without regard for your privacy practices or your customers’ concerns or needs?
- written by a committee of lawyers?
Since 2001, the Gramm-Leach-Bliley (GLB) Act has required financial institutions to provide notices that explain their privacy practices and their customers’ rights. To be sure, many notices satisfy the basic legal requirement to explain obligations and rights accurately. But many notices seem to fall far short when it comes to providing explanations that are meaningful to the reader.
To help businesses create more useful privacy notices for their customers, several federal agencies* brought together a panel of communications experts to talk about effective communications tools and techniques. The consensus among the experts was that meaningful communication can enhance customer confidence and trust – and that the GLB notice requirement can offer an opportunity to make that happen.Important: If you store your records with Iron Mountain Records Storage, we can save you 33% or more! Call us today for a quick no-obligation comparison.