Who Must Comply?
The Disposal Rule applies to individuals and organizations of various sizes that use consumer reports. The following professionals must comply with the rule:
- Consumer reporting companies
- Lenders
- Insurers
- Employers
- Landlords
- Government agencies
- Mortgage brokers
- Automobile dealers
- Attorneys and private investigators
- Debt collectors
- Those who obtain credit reports for prospective nannies, contractors, or tenants
- Entities that maintain information within consumer reports as part of their role as a service provider to other organizations
What Information is Covered in the Disposal Rule?
The Disposal Rule applies to all information found within consumer reports. According to the Fair Credit Reporting Act, consumer reports include information obtained from a consumer reporting agency that is used—or expected to be used—in establishing a consumer’s eligibility for credit, employment, or insurance. This may include credit scores, check-writing history, insurance claims, tenant history, and medical history.
Under this legislation, the disposal of consumer report information must be done in a reasonable and appropriate manner to prevent unauthorized access to private data. This may include the following:
- Burning, pulverizing, or shredding papers so that they cannot be read or reconstructed
- Destroying or erasing electronic files or media so that the information cannot be read or reconstructed
- Conducting due diligence and hiring a document destruction contractor to dispose of materials specifically identified as consumer report information consistent with the Rule, including the following:
- Reviewing an independent audit of a disposal company’s operation and/or its compliance with the Rule
- Obtaining information about the disposal company from several references
- Requiring that the disposal company be certified by a recognized trade organization
- Reviewing and evaluating the disposal company’s information security policies and procedures
Who Must Comply?
The Disposal Rule applies to individuals and organizations of various sizes that use consumer reports. The following professionals must comply with the rule:
- Consumer reporting companies
- Lenders
- Insurers
- Employers
- Landlords
- Government agencies
- Mortgage brokers
- Automobile dealers
- Attorneys and private investigators
- Debt collectors
- Those who obtain credit reports for prospective nannies, contractors, or tenants
- Entities that maintain information within consumer reports as part of their role as a service provider to other organizations
What Information is Covered in the Disposal Rule?
The Disposal Rule applies to all information found within consumer reports. According to the Fair Credit Reporting Act, consumer reports include information obtained from a consumer reporting agency that is used—or expected to be used—in establishing a consumer’s eligibility for credit, employment, or insurance. This may include credit scores, check-writing history, insurance claims, tenant history, and medical history.
Under this legislation, the disposal of consumer report information must be done in a reasonable and appropriate manner to prevent unauthorized access to private data. This may include the following:
- Burning, pulverizing, or shredding papers so that they cannot be read or reconstructed
- Destroying or erasing electronic files or media so that the information cannot be read or reconstructed
- Conducting due diligence and hiring a document destruction contractor to dispose of materials specifically identified as consumer report information consistent with the Rule, including the following:
- Reviewing an independent audit of a disposal company’s operation and/or its compliance with the Rule
- Obtaining information about the disposal company from several references
- Requiring that the disposal company be certified by a recognized trade organization
- Reviewing and evaluating the disposal company’s information security policies and procedures
The Last Word
To abide by this legislation, the FTC recommends including proper disposal practices in your security program. For more information on the Disposal Rule, visit ftc.gov. Contact an InsureGood Advisor today for additional resources to help you remain compliant.