Home » Risk Management » Disposing of Consumer Report Information

Disposing of Consumer Report Information
To protect the privacy of consumer information and reduce the risk of fraud and identity theft, the federal government created the Disposal Rule. This legislation requires businesses to take appropriate action to dispose of sensitive information from consumer reports to safeguard against ID crimes.

Home » Risk Management » Disposing of Consumer Report Information

Disposing of Consumer Report Information

To protect the privacy of consumer information and reduce the risk of fraud and identity theft, the federal government created the Disposal Rule. This legislation requires businesses to take appropriate action to dispose of sensitive information from consumer reports to safeguard against ID crimes.
To protect consumer information’s privacy and reduce the risk of fraud and identity theft, the federal government created the Disposal Rule. This legislation requires businesses to take appropriate actions to dispose of sensitive information derived from consumer reports to safeguard against identity theft crimes. According to the Federal Trade Commission (FTC), organizations and individuals covered by the Rule can determine what disposal measures are reasonable, based on the sensitivity of the information, the costs and benefits of different methods, and changes in technology.

 

Who Must Comply?

The Disposal Rule applies to individuals and organizations of various sizes that use consumer reports. The following professionals must comply with the rule:

  • Consumer reporting companies
  • Lenders
  • Insurers
  • Employers
  • Landlords
  • Government agencies
  • Mortgage brokers
  • Automobile dealers
  • Attorneys and private investigators
  • Debt collectors
  • Those who obtain credit reports for prospective nannies, contractors, or tenants
  • Entities that maintain information within consumer reports as part of their role as a service provider to other organizations

 

What Information is Covered in the Disposal Rule?

The Disposal Rule applies to all information found within consumer reports. According to the Fair Credit Reporting Act, consumer reports include information obtained from a consumer reporting agency that is used—or expected to be used—in establishing a consumer’s eligibility for credit, employment, or insurance. This may include credit scores, check-writing history, insurance claims, tenant history, and medical history.

Under this legislation, the disposal of consumer report information must be done in a reasonable and appropriate manner to prevent unauthorized access to private data. This may include the following:

  • Burning, pulverizing, or shredding papers so that they cannot be read or reconstructed
  • Destroying or erasing electronic files or media so that the information cannot be read or reconstructed
  • Conducting due diligence and hiring a document destruction contractor to dispose of materials specifically identified as consumer report information consistent with the Rule, including the following:
  • Reviewing an independent audit of a disposal company’s operation and/or its compliance with the Rule
  • Obtaining information about the disposal company from several references
  • Requiring that the disposal company be certified by a recognized trade organization
  • Reviewing and evaluating the disposal company’s information security policies and procedures
To protect consumer information’s privacy and reduce the risk of fraud and identity theft, the federal government created the Disposal Rule. This legislation requires businesses to take appropriate actions to dispose of sensitive information derived from consumer reports to safeguard against identity theft crimes. According to the Federal Trade Commission (FTC), organizations and individuals covered by the Rule can determine what disposal measures are reasonable, based on the sensitivity of the information, the costs and benefits of different methods, and changes in technology.

 

Who Must Comply?

The Disposal Rule applies to individuals and organizations of various sizes that use consumer reports. The following professionals must comply with the rule:

  • Consumer reporting companies
  • Lenders
  • Insurers
  • Employers
  • Landlords
  • Government agencies
  • Mortgage brokers
  • Automobile dealers
  • Attorneys and private investigators
  • Debt collectors
  • Those who obtain credit reports for prospective nannies, contractors, or tenants
  • Entities that maintain information within consumer reports as part of their role as a service provider to other organizations

 

What Information is Covered in the Disposal Rule?

The Disposal Rule applies to all information found within consumer reports. According to the Fair Credit Reporting Act, consumer reports include information obtained from a consumer reporting agency that is used—or expected to be used—in establishing a consumer’s eligibility for credit, employment, or insurance. This may include credit scores, check-writing history, insurance claims, tenant history, and medical history.

Under this legislation, the disposal of consumer report information must be done in a reasonable and appropriate manner to prevent unauthorized access to private data. This may include the following:

  • Burning, pulverizing, or shredding papers so that they cannot be read or reconstructed
  • Destroying or erasing electronic files or media so that the information cannot be read or reconstructed
  • Conducting due diligence and hiring a document destruction contractor to dispose of materials specifically identified as consumer report information consistent with the Rule, including the following:
  • Reviewing an independent audit of a disposal company’s operation and/or its compliance with the Rule
  • Obtaining information about the disposal company from several references
  • Requiring that the disposal company be certified by a recognized trade organization
  • Reviewing and evaluating the disposal company’s information security policies and procedures

The Last Word

To abide by this legislation, the FTC recommends including proper disposal practices in your security program. For more information on the Disposal Rule, visit ftc.gov. Contact an InsureGood Advisor today for additional resources to help you remain compliant.

Additional Resources

a whiteboard wireframe to be ada website compliant

What is ADA Website Compliance?

One of the key components in meeting ADA website compliance is ensuring your website has compatibility with assistive technologies. Read on for a further understanding of what's needed to be ADA website compliant.

Read More

a business woman holding files and adhering to her company's document retention policy

What is a Document Retention Policy?

Incorporating a document retention policy in your business can help lower risks, and costs, and improve efficiency. This article provides an overview of creating and maintaining an effective employer document retention policy.

Read More

numerous business people on there mobile devices

Mobile Device Security

Are you aware of the risks that company-issued smartphones and other mobile devices may bring to your business? What you need to know about mobile device security.

Read More

Loading...