Block on Trump's Asylum Ban Upheld by Supreme Court
One industry reporting record numbers for 2008? Data theft. A report released this week concluded that more than 285 million records were compromised in 2008, supposedly more than the previous four years combined. As one part of their defense against identity theft, businesses of all varieties should make sure to comply with federal Fair and Accurate Credit Transactions Act (FACTA) obligations to properly destroy certain types of consumer and employment information.
The Washington Post points out that credit card thieves have gathered so much personal data that they've driven down its price on the black market.
As Ars Technica quotes from the Verizon 2009 Data Breach Investigations Report, "[t]he best defense against data breaches is, in theory, quite simple--don't retain data. ... the next best thing is to retain only what is required for business or legal reasons, to know where it lives and flows, and to protect it diligently. The majority of breaches still occur because basic controls were not in place or because those that were present were not consistently implemented across the organization."
Part of the basic controls all businesses should have in place is FACTA compliance.
The Fair and Accurate Credit Transactions Act (FACTA) is part of our federal law regulating credit reporting. FACTA aims to protect consumers from identity theft. Beyond mandating that all merchants who accept credit cards print only the last five digits of card numbers on receipts, it obligates businesses to properly dispose of any "consumer report" used for business purposes.
Why does this affect all types of businesses? Because "consumer report" includes credit reports, background checks, insurance histories, medical histories and residential histories, amongst other types of data. Businesses routinely gather such information when deciding whether to extend credit to customers, or employment to job applicants.
What is proper disposal of these records? The FTC suggests that businesses might: