May 31, 2006
The vast majority of business executives say that a one-year old federal law requiring companies to destroy certain documents containing consumer credit information does not go far enough, a survey finds.

The survey marked the one-year anniversary of a provision in the federal Fair and Accurate Credit Transaction Act (FACTA). The so-called "Final Disposal Rule" requires most businesses to destroy documents containing consumer credit information before discarding them.

There is currently no national requirement to destroy discarded personal information that is not derived from a credit report.

According to the survey, commissioned by the National Association for Information Destruction (NAID), nearly 85% of business executives would support a similar destruction requirement that covered all personal information regarding a consumer.

"FACTA was a great first step in the fight against consumer fraud and identity theft, but we now see that businesses are eager to take the next step," said NAID executive director Robert Johnson. "Information from credit reports is only a very small piece of the personal information pie that businesses regularly discard and identity thieves crave."

As many as 10 million Americans have their identities stolen each year, according to the Federal Trade Commission. Additionally, the Privacy Rights Clearinghouse has shown that more than 80 million Americans have had their personal information compromised since February 2005.

According to the Better Business Bureau, most identity thieves obtain their victims' personal information from low-tech sources such as dumpster diving, not by hacking into databases and from stolen laptops and computer tapes.

Other key findings from the 2006 NAID Consumer Attitudes Survey include:

• 77% of business executives do not know what their companies do to ensure the destruction of information on obsolete computers.

• 11% of businesses indefinitely stored retired computers because they aren't aware of proper disposal methods permitted under the law.

• 63% of businesses that currently shred discarded information do it themselves with the remaining 37% relying on outside security shredding companies.

• More than 54% of the businesses that use an information destruction service only began using such outside service in the past 4 years or less.

In 2005, 37% of complaints received by the Federal Trade Commission were related to identity theft -- more than the next four types of complaints combined.

"Every business should take steps to ensure that all discarded personal information is properly destroyed," added Johnson. "Tossing a customer's personal information in a dumpster is an invitation to danger."

The 2006 NAID Consumer Attitudes Survey was conducted by the Phoenix-based research firm Partners In Brainstorms, Inc. An executive summary of the key findings is available at the NAID website at