Are You Mishandling Consumer Information?

Have you heard of the Disposal Rule? If you handle applicant data, especially consumer reports from background screens, you should know that how you dispose of such information matters…a lot. If you handle sensitive information, it’s your responsibility to protect the privacy of the applicant and reduce the risk of fraud and identity theft.

The Disposal Rule

Enforced by the Federal Trade Commission, the rule requires the proper disposal of information in consumer reports and data to protect against “unauthorized access to or use of the information.”

However, the Rule does not spell out how such information should be disposed of.  Rather, it allows people who handle the information to choose the best method based on cost, effectiveness, and the sensitivity of the information. Reasonable methods include:

  • burning, pulverizing, or shredding papers containing consumer report information so that the information cannot be read or reconstructed;
  • destroying or erasing electronic files or media containing consumer report information so that the information cannot be read or reconstructed;
  • hiring a document destruction contractor to dispose of material specifically identified as consumer report information consistent with the Rule.

If you hire a document company, your due diligence should include:

  • reviewing an independent audit of a disposal company’s operations and/or its compliance with the Rule;
  • obtaining information about the disposal company from several references;
  • requiring that the disposal company be certified by a recognized trade association;
  • reviewing and evaluating the disposal company’s information security policies or procedures.

The FTC’s Disposal Rule became effective June 1, 2005. It was published in the Federal Register on November 24, 2004 [69 Fed. Reg. 68,690], and is available at Read more about the Disposal Rule here.

Still confused about the Disposal Rule?

Wolfe Background Screening experts are happy to answer your questions about handling consumer information. Give them a call at 800.230.2991.

Courses you might be interested in: Working with the Data Protection Act or  HIPAA: Your Obligations Under the Privacy Rule