FACTA requires consumers to be protected from identity theft. Most applicable to ITAD are the requirements outlined in the Red Flags Rule and Final Disposal Rule.
Businesses that are involved in credit reporting or otherwise checking employees' credit (for example before hire background screening) or customers' credit (regularly done at car dealerships for example) are responsible under FACTA regulations to protect personally identifiable information from unauthorized access.
Outlined in the Red Flags Rule, FACTA requires data controllers to identify vulnerable points for access to sensitive data, identify triggers that indicate potential fraud, and have response and actionable plans for when an incident or indication of potential identity theft is recognized.
The Disposal Rule requires organizations to protect unauthorized access to consumer reporting data by taking reasonable steps to destroy such data at time of disposal. The rule is flexible on methods and allows for the use of vendors to perform destruction. However, the rule requires due diligence in selecting vendors including but not limited to acquiring references, third party certifications, and reviewing and evaluating the vendor's security and information protection policies and procedures.
Can't find what you're looking for?Ask us here and we will be in touch within one business day.