DISPOSING OF CONSUMER REPORT INFORMATION

In an effort to protect the privacy of consumer information and reduce the risk of fraud and identity theft, the federal government created the Disposal Rule. This legislation requires businesses to take appropriate actions to dispose of sensitive information derived from consumer reports to safeguard against identity theft crimes. According to the Federal Trade Commission (FTC), organizations and individuals covered by the Rule can determine what disposal measures are reasonable, based on the sensitivity of the information, the costs and benefits of different methods, and changes in technology.

Who Must Comply?

The Disposal Rule applies to individuals and organizations of various sizes that use consumer reports. The following professionals must comply with the rule:

• Consumer reporting companies
• Lenders
• Insurers
• Employers
• Landlords
• Government agencies
• Mortgage brokers
• Automobile dealers
• Attorneys and private investigators
• Debt collectors
• Those who obtain credit reports for prospective nannies, contractors or tenants
• Entities that maintain information within consumer reports as part of their role as a service provider to other organizations

What Information is Covered in the Disposal Rule?

The Disposal Rule applies to all information found within consumer reports. According to the Fair Credit Reporting Act, consumer reports include information obtained from a consumer reporting agency that is used—or expected to be used—in establishing a consumer’s eligibility for credit, employment or insurance. This may include credit scores, check writing history, insurance claims, tenant history and medical history.

Under this legislation, disposal of consumer report information must be done in a reasonable and appropriate manner to prevent unauthorized access to private data. This may include the following:

• Burning, pulverizing or shredding papers so that they cannot be read or reconstructed
• Destroying or erasing electronic files or media so that the information cannot be read or reconstructed
• Conducting due diligence and hiring a document destruction contractor to dispose of materials specifically identified as consumer report information consistent with the Rule, including the following:
• Reviewing an independent audit of a disposal company’s operation and/or its compliance with the Rule
• Obtaining information about the disposal company from several references
• Requiring that the disposal company be certified by a recognized trade organization
• Reviewing and evaluating the disposal company’s information security policies and procedures

To abide by this legislation, the FTC recommends including proper disposal practices in your security program. For more information on the Disposal Rule, visit www.ftc.gov. INSURICA has additional resources to help you remain compliant, give us a call today at 405-523-2100.