Skip to content
DWT logo
People Services Insights
About Offices Careers
Search
People
Services
Insights
About
Offices
Careers
Search
Advisories
Communications

FTC Consumer Information Disposal Rule

06.13.05
Share
Print this page

On June 1, 2005, a Federal Trade Commission (“FTC”) Rule became effective requiring businesses and individuals to implement reasonable measures when disposing of consumer information obtained from consumer reports. The Rule, enacted under the Fair and Accurate Credit Transactions Act of 2003 (“FACT Act”), is designed to reduce the risk of consumer fraud due to the improper disposal of sensitive consumer information.

Under the Rule, “consumer reports” are defined to include information “provided by a consumer reporting agency bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living.” “Consumer information” is any record about an individual that is, or is derived from, a consumer report, including compilations of such records. Information obtained directly from an individual does not constitute “consumer information” under the Rule. When businesses use consumer information, for example, to determine employment eligibility or to establish a consumer’s eligibility for credit, they are subject to the Rule.

A business or individual that collects consumer information must utilize “reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.” The FTC did not mandate a timeframe for businesses to dispose of consumer information. The FTC also did not specifically state what disposal measures must be taken but instead imposed a flexible “reasonableness” standard to account for the “sensitivity of the consumer information, the nature and size of the entity’s operations, the costs and benefits of different disposal methods, and relevant technological changes.” While there are no specific disposal requirements, the Rule does provide several examples of ways to dispose of consumer information, including burning, pulverizing or shredding of papers containing consumer information, the destruction or erasure of electronic media so that the information cannot be read or reconstructed, and the hiring of a disposal contractor after conducting due diligence on the contractor’s operations. The FTC also noted that “reasonable measures” would likely include the establishment of policies and procedures for disposal and employee training.

Failure to comply with the Rule can result in significant liability. Fines can be assessed up to $2,500 per violation.

Please contact us if you would like further information regarding the FTC’s regulation, development of policies and procedures for disposal of documents containing consumer information, or other issues concerning compliance with this new requirement.

Related Articles

01.08.25
Webinars
Communications
"Preparing for Agency Enforcement Under Trump 2: What You Need to Know," Davis Wright Tremaine Webinar Read More
09.11.24
Insights
Communications
Licensees and Telecom/Video Service Providers Must File and Pay FCC Regulatory Fees by Sept. 26, 2024 Read More
07.17.24
Insights
Communications
Will the Supreme Court's Loper Bright Decision Change How the 6th Circuit Reviews the FCC's Open Internet Order? Read More
DWT logo
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.
Media Kit Affiliations Legal notices
Privacy policy Employees DWT Collaborate EEO
SUBSCRIBE
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.