The Fair and Accurate Credit Transaction Act
The DISPOSAL RULE
Section 682.3: Proper Disposal of Consumer Information
(a) Standard. Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use the information in connection with its disposal.
(b) Examples. Reasonable measures to protect against unauthorized access to or use of consumer information in connection with its disposal include the following examples. These examples are illustrative only and are not exclusive or exhaustive methods for complying with the rule in this part.
(1) Implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed.
(2) Implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media containing consumer information so that the information cannot practicably be read or reconstructed.
(3) After due diligence, entering into and monitoring compliance with a contract with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with this rule. In this context, due diligence could include reviewing an independent audit of the disposal company's operations and/or its compliance with this rule, obtaining information about the disposal company from several references or other reliable sources, requiring that the disposal company be certified by a recognized trade association or similar third party, reviewing and evaluating the disposal company's information security policies or procedures, or taking other appropriate measures to determine the competency and integrity of the potential disposal company.
(4) For persons or entities who maintain or otherwise possess consumer information through their provision of services directly to a person subject to this part, implementing and monitoring compliance with policies and procedures that protect against unauthorized or unintentional disposal of consumer information, and disposing of such information in accordance with examples (b)(1) and (2) of this section.
(5) For persons subject to the Gramm-Leach-Bliley Act, 15 U.S.C. 6081 et seq. , and the Federal Trade Commission's Standards for Safeguarding Customer Information, 16 CFR part 314 (“Safeguards Rule”), incorporating the proper disposal of consumer information as required by this rule into the information security program required by the Safeguards Rule.
Identity Theft
#1 According to the FTC and the Better Business Bureau, approximately 9.3 million adults have been victimized by some form of identity theft annually.
#2 The Better Business Bureau reports that Identity Theft is more prevalent offline with paper than online.
#3 The Better Business Bureau estimates that over 80% of all identity theft comes from unsecured paper records. Less than 5% from online transactions.
#4 Along with federal and state fines, you can be sued by all parties injured as a result of identity theft. Each case typically results in a business paying out well over $150,000.