Truescreen is happy to share the expertise of our applicant screening professionals with you. Follow the link below to request your free 30-day subscription to all of our current white papers and presentations.
 Request access code

How Employers Can Comply With the New “Disposal Rule” for Consumer Report Information

A White Paper by Truescreen

On June 1, 2005, the Federal Trade Commission’s new regulations for the proper disposal of consumer report information took effect. Dubbed the “Disposal Rule,” these new regulations require businesses and individuals who use consumer reports for a business purpose, such as employment, to properly dispose of consumer report information to protect against fraud and identity theft.

How the Rule Applies to Employers and Background Check Reports
The Disposal Rule applies to both employers as well as consumer reporting agencies such as Truescreen. Its regulations cover both consumer reports, such as credit reports, motor vehicle checks, criminal history searches, employment history verifications, etc., as well as information derived from consumer reports, such as notes compiled by a hiring manager that relate to a report.

Standards for Consumer Information Disposal
Under the rule, disposal is defined as “the discarding or abandonment of consumer information” or “the sale, donation, or transfer of any medium, including computer equipment, upon which consumer information is stored.” Thus, affected organizations are required to implement appropriate disposal methods for consumer report information in both paper and electronic form.

The new rule does not require any specific method of disposal for consumer report information. Instead, it allows flexibility for organizations and individuals to determine reasonable measures for disposal that will prevent unauthorized use, based on such factors as sensitivity of the information, costs and benefits of various disposal methods, and changes in technology.

The rule provides examples of reasonable measures organizations can take to dispose of consumer report information. Such measures could include establishing and complying with policies to:

• Burn, pulverize, or shred documents containing consumer report information so that information cannot be read or reconstructed
• Destroy or erase electronic files or media containing consumer report information so that the information cannot be read or reconstructed
• Conduct due diligence and hire a document destruction contractor to dispose of consumer report material using a method consistent with the rule (due diligence could include reviewing an independent audit of a disposal company’s operations and/or its compliance with the Disposal Rule; obtaining information about the disposal company from several references; requiring that the disposal company be certified by a recognized trade association; or, reviewing and evaluating the disposal company’s information security policies or procedures)

At Truescreen, a comprehensive consumer report information management/disposal program is in place in accordance with the requirements and suggested disposal methods outlined in the rule.

The Disposal Rule does not create any requirements for document retention time periods. Other legislation that may offer guidance in this regard includes state anti-discrimination statutes, as well as other state-level laws that set statutes of limitation on the time period for retaining documents or electronic files relating to the hiring process. Employers may also want to consult with legal counsel on this aspect of consumer information management.

Penalties for Non-Compliance
The Disposal Rule is part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which falls under the jurisdiction of the Fair Credit Reporting Act (FCRA).

If employers do not comply with Disposal Rule regulations, and employees or job applicants are victimized by identity theft as a result, penalties established for violation of the FCRA could be enforced through a lawsuit.

For negligent violations, penalties could include actual damages and an award of attorney’s fees and costs. Willful non-compliance with the rule may result in the award of statutory damages of up to $1,000 per violation, or an award of actual damages, whichever is greater, to the affected party. Employers could also be required to pay the plaintiff’s attorney’s fees and costs.

This white paper is provided as a service to our customers. Its contents are designed solely for informational purposes, and should not be inferred or understood as legal advice or binding case law. Persons in need of legal assistance should seek the advice of competent legal counsel. Although care has been taken in this white paper’s preparation, we cannot guarantee the accuracy, currency, or completeness of the information contained within it. Anyone using this information does so at his or her own risk.

For more information, contact Truescreen, Inc., at 1105 Industrial Hwy., Southampton, PA, 18966, or (888) 276-8518 ext. 2003.