VP David Van Mullen Interviewed Regarding FTC Disposal Rule

December 02 , 2004 in SecurShred in the News

PLATTSBURGH — The Federal Trade Commission has issued a final rule regarding the proper disposal and destruction of consumer data.

“This applies to any entity that has consumer information,” said David Van Mullen, vice president of sales and marketing for SecurShred, a South Burlington-based on-site and mobile shredding company.

The rule, part of the Fair and Accurate Credit Transactions Act of 2003, is scheduled to take effect June 1, 2005. Signed into law Dec. 4, the act is itself one of several amendments to the Fair Credit Reporting Act enacted in 1970.

The final rule, published in the Federal Register Nov. 24, covers “any person that possesses or maintains consumer information other than an individual consumer who obtained his or her own consumer report or file disclosure.”

FACTA was designed to decrease identity theft and assist those victimized in resolving cases of identity theft. It also aims to increase the accuracy of consumer credit reports and protect the rights of consumers whose information is collected by consumer-reporting agencies.

Among the entities covered are consumer-reporting agencies, lenders, insurers, employers, landlords, government agencies, mortgage brokers, automobile dealers and other users of consumer (credit) reports.

Examples of proper disposal included in the final rule, not intended to be the only means of compliance, include establishing and complying with policies to ensure papers and electronic media are properly shredded, burned, pulverized or erased so information cannot be practicably read or reconstructed.

It can also be achieved by studying and contracting with a party engaged in record destruction for disposal of material specifically identified as consumer information. Due diligence could be performed by the client, by reviewing an independent audit of the company, or requiring the company be certified by a recognized trade association, or other measures to determine the party’s competence.

The final rule is another effort to reduce the growing identity-theft problem. The rule means businesses are responsible for consumer information they obtain until it is destroyed, and destruction must ensure the information is unreadable, Van Mullen said.

An Federal Trade Commission study released in September 2003 showed nearly 10 million Americans were victimized by identity theft in the previous year, costing businesses about $47 billion and consumers about $5 billion, according to the National Association for Information Destruction Web site, www.naidonline.org.

Penalties for violations, listed in Sections 616 and 617 of the Fair Credit Reporting Act, include actual damages, statutory damages up to $1,000 in punitive damages per violation (with no cap on class-action damages), attorneys’ fees, and civil penalties up to $2,500 for each independent violation of the rule.

In a press release, National Association for Information Destruction President Robert Johnson said, “This new rule is an important step forward in the fight against consumer fraud and identity theft. It’s important for the business community to understand that this new law applies to nearly every business and private employer in the U.S.”