FACTA: No Joke.
Most people know about the FCRA, but do not know about FACTA, which recently took effect and applies to ALL businesses. The Federal FCRA (Fair Credit Reporting Act) has been revised with the addition of the Federal FACTA (Fair Accurate Credit Transaction Act).
A part of FACTA is designed to reduce risks of consumer fraud and identity theft that are created by improper storage and disposal of employee and consumer information. This includes any storage medium that contains personal information, whether its paper, CDs, discs, or hard drives. Consumer information can be any combination of names, dates of birth, addresses, driver licenses, credit reports, credit card numbers, bank accounts… Confidentiality is a key component of a law firm’s client dealings, yet a legal practice is especially vulnerable to FACTA infractions. The personal information that must be collected for cases to be accurately and thoroughly represented exposes the legal field to a heightened possibility of mismanagement of client data.
Listed below are changes in all businesses responsibilities that could impinge on a business’ bottom line.
1) Employers are responsible for safekeeping all employee personal information and for properly destroying the information when the information is no longer needed. Employer is defined to include anyone from a business owner to an individual hiring temporary help in his or her home.
2) Businesses are responsible for safekeeping any consumer information kept on file and properly destroying the information when the data is no longer needed. This includes marketing lists, credit card transactions, client / vendor lists, etc.
3) If employee personal information or consumer data is stolen or copied from you, and subsequently used in a crime such as identity theft, it opens the door to civil liabilities. These liabilities can come from employees, civil suits including class actions from consumers, and civil liabilities from other businesses such as creditors who lost money due to fraud. Additionally, there can be state and federal penalties.
Recently in the news, we have heard of giant companies such as Lexis Nexis, Choice Point, Time Warner, Bank of America, and Pay Pal that have had their employee and / or consumer information breached or stolen. These huge corporations have an effect on hundreds of thousands of people, so their corporate problems make big news.
The fact is countless small to medium size businesses lose employee information, consumer/client information, even their own personal information, on a regular basis. Even trusted employees can inadvertently give information to the wrong people regarding your business’ operating procedure that can lead to intentional or inadvertent access to confidential data.
All this suggests greater needs for employment backgrounds, management & employee education, appropriate written policies, and security measures.
Written personal information storage policies for employees and similar client notification waivers are the first step in secure data management. Should a personal information breach then occur, it will be recognized that considerable aforethought was given to data security.
BNI Investigators: Street smart: Net savvy. Proactive.
I look forward to any comments you may have or and questions I can answer for you.
Lina M. Maini
Editor, The Beacon Bulletin
CEO, Beacon Network Investigations, Inc.