An addendum to the Federal Trade Commission’s Fair Credit Reporting Act (FCRA), the Fair and Accurate Credit Transactions Act of 2003 (FACTA) Disposal Rule went into effect in 2005 and requires businesses and individuals to appropriately dispose of sensitive consumer reports. Organizations and individuals who use consumer reports for any business purpose are subject to the requirements of the Disposal Rule, which calls for consumer reports disposal to protect against “unauthorized access to or use of the information.”

It is important to note that there is no standard for the proper disposal of information derived from a consumer report and that it is instead flexible, allowing organizations covered by the Rule to determine disposal methodology based on the sensitivity of the information and costs associated with the disposal of such information.

The Rule applies to individuals and organizations of all sizes that use consumer reports, including but not limited to consumer reporting companies; lenders; insurers; employers; landlords; government agencies; mortgage brokers, car dealers; attorneys; private investigators; debt collectors; individuals who pull consumer reports on prospective home employees, such as nannies or contractors; and entities that maintain information in consumer reports as part of their role as a service provider to other organizations covered by the Rule.

As there are no specific disposal requirements with FACTA, NIST 800-88 data disposal methodology should be followed. All of SEM’s high security paper shredders, disintegrators, IT shredders, IT crushers, and degaussers are appropriate for the disposal of consumer report information following NIST 800-88 protocols.