The Industry's Leading Source For F&I, Sales And Technology

Compliance

5 Myths of FACTA Disposal Rule Compliance

July 2008, F&I and Showroom - Feature

by Editorial Staff

The coverage of identity theft in the media is at an all-time high and the public is concerned about what companies and government officials are doing to protect them. As a result of increased coverage and the inevitable scrutiny that goes with it, a lot of dealers are left to sift through the misinformation and myths about required document disposal laws and develop a system that protects their customers and complies with state and federal regulations (without breaking the bank). But complying with the Disposal Rule under the Fair and Accurate Credit Transactions Act of 2003 doesn't have to be an arduous task. Here, we’ll explore the five myths preventing dealers from implementing an easy and convenient document disposal process that complies with the law.

1. Identity-theft laws only protect the consumer.

While compliance to the various state laws and federal regulations is important from several perspectives, including the avoidance of financial penalties and civil litigation, sound business practices like a good document destruction program can protect a dealer’s good name.

Consider all the non-customer credit information that gets printed in your store and is not covered by laws and regulations: sales reports, e-mails, HR files, strategy planning, and marketing outlines. If it goes into a trash can, it ends up in the dumpster. This makes that information fair game for anyone to read. Dumpster diving does happen and not just by your competitors. News organizations and even attorney generals have been known to do so as well.

"In this ever-changing world we live in, where more and more information is transmitted over the Internet, a lot of people think that a lot of identity theft is really something that takes place over the Internet and on computers," says Texas Attorney General Greg Abbott. "That’s true. However, the reality is most identity theft still takes place the good old-fashioned way, which is based upon hard documents."

2. Regulations require me to make certain information unreadable, but they do not tell me how to do it.

Some state identity-theft prevention acts only require a lesser "unreadable" standard. According to the federal FACTA law, documents can be destroyed by:

"Implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed."

(They are kidding about the ‘burning’ suggestion, right?) You can be confident that compliance to the federal disposal rule will satisfy the disposal requirements imposed at the state level.

3. A written document disposal policy that is distributed to my staff keeps me in compliance.

The answer to that statement is "almost." A written policy is the first step toward compliance with the disposal rule. Next, you must train your associates on the policy. Here's what FACTA says about that: "…reasonable measures are very likely to require elements such as the establishment of policies and procedures governing disposal, as well as appropriate employee training." Finally, you must provide your staff with a means to comply with the policy. You do have options when it comes to this part of the rule, including in-house shredding, a unique new national destruction service, or the best known option described in the next myth.

Your Comment

Please note that comments may be moderated. 
Leave this field empty:
Your Name:  
Your Email: