Employer ID Theft Prevention Tip
Effective earlier this month (6/1/05), any business or
employer that uses consumer information derived from a
credit report directly -or- indirectly must now meet
tougher standards for proper disposal.
Failure to dispose of discarded consumer information
in a way that will keep it out of the hands of
identity thieves, can result in substantial fines &
- Civil liability. An employee whose identity is
stolen as a result of an employer's failure to comply
with the new rule could be entitled to recover actual
damages sustained or the employer could be hit with
statutory damages of up to $1,000 per employee.
- Class action. If large numbers of employees are
affected, they could file a class action lawsuit under
the new rule, and could be awarded punitive damages
from their employer.
- Federal and state fines. An employer could be
fined up to $2,500 for each violation by the U.S.
government. In addition, states can fine up to $1,000
for each violation.
According to the Federal Trade Commission, the FACT
Act requires any business -or- employer (even if only
person is employed) must "take reasonable measures" to
protect against unauthorized access to or use of the
consumer information in connection with its disposal.
In case you're wondering what "reasonable measures"
might include, the Disposal Rule specifies three
possible ways to comply:
- Burning, pulverizing, or shredding of physical
- Erasure or destruction of all electronic media
- Entering into a contract with a third party
engaged in the business of information destruction
Many small business owners are referring to the new
rule as the "shredder law".
The key learning on the FACT Act is that it opens up a
much wider definition of who is now responsible to
safeguard consumers against identity theft.
For example, you can be sued for a $1,000 by an angry
nanny whose identity data was plucked from your trash
simply because you had not invested in a $50 shredder
to properly dispose of her personal credit
Or if you're that nanny (and any employee of a business), demand the right to have your personal credit information or derivatives shredded to protect you from identity theft.
It's now the law!