Are the days of security breaches the magnitude of Equifax’s 146 million customers behind us? Not likely. On January 28th, Chief Judge of the U.S. District Court in Georgia, Thomas Thrash Jr. called the breach “unprecedented.” Although Equifax lawyers have argued there are no allegations pending that the financial institutions continue to be harmed by the 2017 data breach, Thrash noted that counsel for the banks contend “that Equifax’s cybersecurity systems remain inadequate, and another breach is imminent.”
FACTA, enacted in 2003, went into effect in 2005, broadly covering “any record about an individual, whether in paper, electronic, or other form that is a consumer report (also known as a credit report) or is derived from a consumer report.” It requires any person or company that possesses or maintains such information to take “reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.” Think this only affects the big guys? Think again…
All businesses, large and small, that issue electronically generated credit or debit card receipts to consumers at the point of transaction are subject to the “truncation” requirement of the Fair and Accurate Credit Transactions Act of 2003 (FACTA). This provision, which forbids credit and debit card receipts, whether for $1 or $100,000, from displaying more than the last five digits of the cardholder’s account number, unleashed a wave of class action litigation, no doubt due in large part to the Act’s establishment of statutory damages of up to $1,000 per violation regardless of the occurrence of actual injury.
That can add up as was the case for past violators ranging from small mom-and-pop stores to the likes of Federal Express, Southwest Airlines, Adidas, 1-800-Flowers.com and Avis Rent-A-Car.
What can you do to protect your customers and your business? Rely on a NAID-certified facility such as SecurShred to safely and securely store your documents for safekeeping. Learn more at https://securshred.com