Proper Disposal of Consumer Information Protects All of Us

Julie L. Stackhouse

It's alarming to know that consumer-fraud and identify-theft complaints have soared for the third year in a row. More than 635,000 complaints were received by the Federal Trade Commission during 2004, up from 500,000 in 2003 and 400,000 in 2002. Recent losses totaled more than $547 million, and in almost a quarter of these instances the victim's consumer information was misused to perpetrate either loan or bank fraud.

So what is being done to solve this problem? Congress enacted the Fair and Accurate Credit Transactions Act (FACT Act) in December 2003 as a comprehensive statute aimed at combating identity theft. Effective this July 1, regulations implementing the FACT Act will officially start requiring "any person that maintains or otherwise possesses consumer information, or any compilation of consumer information, derived from consumer reports for business purposes to properly dispose of any such information or compilation."

What does this mean for bankers? First and foremost, the new rules apply to information placed and/or found in a consumer report—even if the consumer is not a customer of your organization. Also, regulatory guidelines now explicitly require a financial institution to have information-security programs that safeguard consumer information when it is disposed. This includes using a risk-assessment framework.

Fortunately, these new requirements should have minimal impact on financial institutions that have information-security programs meeting past regulatory guidelines. The change may be more significant, however, for many nonbank entities because the new rules cover "any person" having consumer information derived from a consumer report for a business purpose. This means that many new individuals and groups-e.g., landlords, utility companies, telecommunications companies and any business that obtains consumer reports for employment screening purposes-now will be required to abide by consumer-oriented, information-security practices and other requirements of the FACT Act.

A strong consumer information disposal program is important because it protects your customers and it protects you. And in this time of increased fear about fraud and identity theft, financial institutions that have a strong reputation for protecting customer and consumer information are recognized as organizations that are truly committed to customer and consumer satisfaction.

Subscribe

Keep up with what’s new and noteworthy at the St. Louis Fed. Sign up now to have this free monthly e-newsletter emailed to you.