Skip to content
DWT logo
People Expertise Insights
About Locations Careers
Search
People
Expertise
Insights
About
Locations
Careers
Search
Advisories
Communications

FTC Consumer Information Disposal Rule

06.13.05
Share
Print this page

On June 1, 2005, a Federal Trade Commission (“FTC”) Rule became effective requiring businesses and individuals to implement reasonable measures when disposing of consumer information obtained from consumer reports. The Rule, enacted under the Fair and Accurate Credit Transactions Act of 2003 (“FACT Act”), is designed to reduce the risk of consumer fraud due to the improper disposal of sensitive consumer information.

Under the Rule, “consumer reports” are defined to include information “provided by a consumer reporting agency bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living.” “Consumer information” is any record about an individual that is, or is derived from, a consumer report, including compilations of such records. Information obtained directly from an individual does not constitute “consumer information” under the Rule. When businesses use consumer information, for example, to determine employment eligibility or to establish a consumer’s eligibility for credit, they are subject to the Rule.

A business or individual that collects consumer information must utilize “reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.” The FTC did not mandate a timeframe for businesses to dispose of consumer information. The FTC also did not specifically state what disposal measures must be taken but instead imposed a flexible “reasonableness” standard to account for the “sensitivity of the consumer information, the nature and size of the entity’s operations, the costs and benefits of different disposal methods, and relevant technological changes.” While there are no specific disposal requirements, the Rule does provide several examples of ways to dispose of consumer information, including burning, pulverizing or shredding of papers containing consumer information, the destruction or erasure of electronic media so that the information cannot be read or reconstructed, and the hiring of a disposal contractor after conducting due diligence on the contractor’s operations. The FTC also noted that “reasonable measures” would likely include the establishment of policies and procedures for disposal and employee training.

Failure to comply with the Rule can result in significant liability. Fines can be assessed up to $2,500 per violation.

Please contact us if you would like further information regarding the FTC’s regulation, development of policies and procedures for disposal of documents containing consumer information, or other issues concerning compliance with this new requirement.

Related Articles

DWT logo
©1996-2022 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Prior results do not guarantee a similar outcome.
NAVIGATE
Home People Expertise Insights
About Locations Careers Events Blogs
STAY CONNECTED

Subscribe to stay informed.

Subscribe
Employees
DWT Collaborate
EEO
Affiliations
Legal notices
Privacy policy
©1996-2022 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Prior results do not guarantee a similar outcome.
Close
Close

CAUTION - Before you proceed, please note: By clicking “accept” you agree that our review of the information contained in your e-mail and any attachments will not create an attorney-client relationship, and will not prevent any lawyer in our firm from representing a party in any matter where that information is relevant, even if you submitted the information in good faith to retain us.