Identity Theft

The Fair and Accurate Credit Transaction Act of 2003 (FACT Act)


Added on 7/25/05

With identity theft on the rise, congress attempted to address the leading source of identity theft information, the trashcan.  According to an article by an FBI agent more than half of all identity theft occurred because someone disposed of personal information without properly destroying it. Less than 10% actually occurs in cyberspace.

 

How do you or your clients handle personal information?  According to the FACT Act the Federal Reserve Bank, NCUA, FTC and the Securities and Exchange Commission are required to establish regulations to address the issue of record disposal. In January of 2005 the agencies issued final rules, effective July 1, 2005, for Proper Disposal of Consumer Information. 

 

Section 216 of the FACT Act requires each of the Agencies to adopt a regulation with respect to the entities that is subject to its enforcement authority “requiring any person that maintains or otherwise possesses consumer information, derived from consumer reports for a business purpose to properly dispose of any such information.”  Now many shredder companies are using the phrase “any person” to scare every business into using their record disposal services.  For the record currently only businesses operating under the authority of the Federal Reserve, NCUA, FTC or Securities and Exchange must comply. 

 

Currently Senate Bill 768, introduced in April 2005 could expand the coverage to all commercial entities.  SB 768 would establish under the Federal Trade Commission an Office of Identity Theft. “ The Office of Identity Theft shall have civil jurisdiction of any covered person that collects, maintains, sells, or transfers sensitive personal information, or attempts to collect, maintain, sell, or transfer sensitive personal information.”

 

Do we need to have the government tell us how we should dispose of personal information? I think that wanting to maintain the highest standards for my business and my personal reputation (not to mention the threat of a law suit) should be incentive enough to properly dispose of any personal information.  Any personal information should be burned, crushed or shredded to prevent any reassembly.  You can hire a company to provide a lock box where sensitive information can be kept until it is shredded and recycled. You should at the very least consider having a shredder in your office and regularly shred personal information scheduled to be discarded.

 

In addition to safeguarding client information for destruction we need to give equal attention to the storage of current information.  Before you give away or sell that old computer make sure no one can recover any data from the hard drive.  Do you have an Internet connection? I will assume you have a firewall to stop intruders. Thinking of going wireless for your local area network?  Make sure you have encryption software and password protection in place before you connect.

 

Our obligation to protect our client’s, customer’s, tenet’s or employee’s information is just common sense and a desire to continue in business.