FTC FACTA

Applies to virtually every person and business in the United States

What is FACTA?

FACTA is a federal law created to protect the privacy of consumer information and reduce the risk of identity theft created by improper disposal of a consumer report or any information derived from one. FACTA was enacted in 2003 with specific document destruction rules effective June 1, 2005.

FACTA's disposal rule states that "any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measure to protect against unauthorized access to - or use of - the information in connection with its disposal."

Penalties for non-compliance:

Civil Liability. Consumers may be entitled to recover their actual damages sustained as a result of a violation which, in the case of identity theft, could be very large. In other cases, consumers may be able to recover statutory damages of up to $1,000 for each consumer affected by a violation of the rule.

Class Action. Where large numbers of consumers are affected, they may be able to bring class actions seeking potentially massive statutory damages. For example, if 1,000 consumers were affected, a class action might seek up to $1,000,000 in statutory damages. Courts are also authorized to award punitive damages in either individual suit or a class action. Finally, they may also be able to recover reasonable attorney's fees.

Federal Enforcement. The government may bring an action in federal district court of up to $2,500 in penalties for each independent violation of the rule.

State Enforcement. The states may recover up to $1,000 for each willful or negligent violation. As with private lawsuits, the state may recover its reasonable attorney's fees.

How do I comply?

FACTA cites several examples of how to comply with the requirements including implementing and monitoring policies and procedures that require shredding or other forms of destruction, and after due diligence, contracting with a third party to properly dispose of consumer information. The FTC's recommendations for due diligence include:

  • Reviewing an independent audit of the disposal company's operations.
    Our NAID Certification annual audit, performed by an independent Certified Protection Professional (CPP), fulfills this recommendation. The results are available for client review.
  • Requiring that the disposal company be certified by a recognized trade association.
    OMS is certified by The National Association for Information Destruction.
  • Reviewing and evaluating the disposal company's information security policies and procedures.
    NAID Certification establishes security criteria for policies and procedures that clients can easily review on our website.

How can Ohio Mobile Shredding help?

  • As an authorized NAID Information Destruction Compliance Toolkit representative we can help you develop the information destruction policies and procedures required for compliance.
  • We provide you with a Confidential Destruction Agreement warranting your information is destroyed in accordance with NAID Certified® standards and practices and Reasonable Care requirements of federal legislation.
  • Because compliance with FACTA requires safe disposal of more than just documents, we provide certified destruction of your hard drives, microfilm, fiche and other types of data.
  • Our EasyShred service provides you with consistent, reliable, and cost-effective shredding and ensures sensitive information is safeguarded and destroyed in accordance with the FACTA Disposal Rule. Compliance is achieved in 5 easy steps:
    1. We help you write information destruction policies and procedures. (this step is optional)
    2. We provide your offices with free lockable document disposal containers that prevent unauthorized access to sensitive information
    3. On a schedule that suits your needs, our bonded and insured shredding specialist securely shreds your information
    4. With every service visit, we provide you with a numbered Accountability Receipt documenting a chain of custody and a chronological history of your shredding practices - a shredding "log" for your records
    5. We provide you with a Certificate of Destruction: a third-party verification that your information was completely and confidentially destroyed in accordance with NAID Certified® specifications and the FACTA Disposal Rule

With Ohio Mobile Shredding and EasyShred℠ compliance with FACTA could not be easier!