What is FCRA Compliance? How to Legally Access, Store, and Destroy a Consumer Report
The COVID-19 pandemic has impacted almost every part of daily life. The government has modified several regulations to provide relief. This includes the Fair Credit Reporting Act (FCRA).
Is your company seeking a credential for full credit report access? Are you wondering, “What is FCRA regulatory criterion?” It’s vital to know the law to prevent lawsuits.
Keep reading to find out how to legally access, store, and destroy consumer reports.
What Is FCRA?
The FCRA establishes criteria for fair and equitable consumer credit reporting. It specifies how agencies can collect, access, share, and use consumer data. These standards also serve to protect personally identifiable information (PII).
FCRA Requirements for Collections Access
The FCRA restricts access to consumer information to those with a valid need. Examples include landlords, insurance companies, banks, employers, or other creditors.
Now that many employees work remotely, new rules apply. To access credit reports from any location, you must meet FCRA permissible purposes. The following describes purposes that adhere to the FCRA standard.
Credit
Consumers must consent before a business accesses their credit history. This applies to companies that extend or authorize credit transactions.
Employment
Employers must obtain consent from applicants for employment before pulling credit reports. All aspects of the equal opportunity laws also apply.
Underwriting
The FCRA allows insurance agents to access credit reports during the underwriting process. This may take place in a traditional or home office setting.
Other Permissible Purposes
These examples describe other processes considered as permissible purposes. Insurers and investors may access credit reports to conduct risk assessments. Governmental licensing agencies are allowed to check applicant’s credit.
FCRA Requirements Addressing Consumer Consent
All agencies must ensure that consumers understand the planned credit check process. This includes providing written disclosures. If you plan to share any data with another party, include this in the consent.
Entities must provide a copy and review all findings with the consumer. Always document and provide follow-up if unexpected results occur.
The FCRA sets strict guidelines to ensure accurate data for employers. This involves physical or virtual on-site inspection. This assessment considers if there's a permissible purpose to look at consumer data.
FCRA Data Furnisher Requirements Related to Storage
Consumer data storage is also addressed in the FCRA. Entities may only keep negative data on file for seven years and bankruptcy for ten years.
Criminal records currently have no end date. No medical information may appear in a consumer report.
Agencies must establish protocols to protect consumers (PII). All employees and third parties must adhere to PII procedures. If a breach occurs, immediately report it and take measures to mitigate the leak.
What Is the FTC Disposal Rule?
The eCFR §682.3, ”Proper disposal of consumer information” was released on August 23, 2021. Entities must initiate and track compliance of PII protection during data disposal. Examples of proper methods include:
- Burning
- Pulverizing
- Shredding to the extent that it’s beyond reconstruction or reading
- Electronic media destruction or erasure beyond reconstruction or reading
This represents some examples and isn’t meant to describe all disposal methods.
Are You FCRA Compliant?
The article gave an overview to help you understand, “What is FCRA compliance?” ComplyTraq conducts physical onsite and virtual inspections. We have over 16,000 inspectors nationwide to provide a quick turnaround.
We handle public and private consumer data auditing services and follow-up. Our goal is to help you meet state and federal compliance with consumer data standards. We don't charge a minimum monthly fee.
Contact us today to learn more about our products and services.