Tax Article - Complying With the FTC's New Disposal Rule for Consumer Information


The Federal Trade Commission (FTC) estimates that nearly one in ten Americans have experienced identity theft. To help stem the tide of the growing identity theft crisis, the FTC has issued the “Disposal Rule.” Effective June 1, 2005, employees’ personal information and other consumer information must now be destroyed prior to disposal to prevent identity theft.

Practically every person or entity in possession of consumer information for a business purpose is covered by the Disposal Rule. This typically includes most employers, lenders, landlords, insurers, and retailers of big-ticket items typically purchased on credit (e.g., automobile dealerships).

The rule does not mandate that any particular steps be taken to properly destroy the information. Instead, it requires that “reasonable measures” be taken to ensure that documents covered by the Disposal Rule are disposed of in a way reasonably designed to protect against unauthorized access to, or use of, the consumer information contained in those records.

The FTC’s guidance includes examples of reasonable disposal measures. For example, paper records may be shredded, burned, or pulverized, as long as they are rendered unreadable and beyond reconstruction. Computer discs and hard drives containing consumer information may be destroyed or erased by (1) ”simply smashing the material with a hammer” and (2) overwriting or “wiping” data prior to disposal.

Failure to meet the disposal rule could result in significant liability exposure, both in terms of penalties for rules violations and damages owed to aggrieved consumers.

It is recommended any person or organization that possesses consumer information should—

  • document sound security policies and procedures governing the disposal of consumer information;
  • educate employees on proper disposal procedures and practices;
  • when using outside companies to dispose of consumer information, select the disposal company with care and document that a rigorous review of the company’s credentials was performed prior hiring them; and
  • closely monitor compliance (both internally and by third-party service providers) and make changes to established procedures when necessary.

Please contact us if you have questions about the Disposal Rule or for assistance in developing or refining policies and procedures on record retention and disposal.

If you have any questions, please contact Feeley & Driscoll's Boston CPA team, Email us or call 1 (888) 875-9770.


related links

Tax Services
Tax Tools & Calculators
Tax Rates
International Tax Services
Newsletters & Articles
Track Your Refund
Wealth Management
Resources

 

 

Contact Us

First Name:
Last Name:
Company:
Address:
City:
State: Zip:
Phone:
Email:
Your Question / Comments:

Call Us

Call Boston CPA Firm (888) 875-9770

RESOURCES

Tax News from F&D | Boston Accounting Firm SEMINARS

Tax News from F&D | Boston Accounting Firm PodcastsPODCASTS

F&D Tax News | Boston Accounting Firm Calculators CALCULATORS