Random Listing

Law Articles

To search for a particular term please use the following search box.

Return to Law Dictionary Index

FTC Requires Companies To Destroy Consumer Records

by Richard A. Chapo

On June 1, 2005, the Federal Trade Commission issued new regulations requiring companies to destroy certain consumer records. The specific rule requires consumer information such as credit reports to be physically destroyed after it is used.


The rule covers practically any consumer records. Examples include credit reports, court records, employment histories and rental histories to mention only a few.

Identity Theft

Heading complaints from constituents, Congress has been trying to figure out how to deal with growing identity theft problems. In response, the FTC rule requires all personal information to be:

1. Burned(!),

2. Pulverized,

3. Shredded, or

4. Destroyed.

Whether you shred the records or stand in the parking lot with a flamethrower, the rule requires the documents to be destroyed to the extent they cannot be read. Importantly, the rule also applies to electronic files.

As an agency rule, the new regulation does not result in any criminal penalties. Instead, the FTC penalty provisions call for a fine of up to $2,500 per violation. Individuals that have information misused can also seek damages in civil lawsuits.


The FTC should be applauded for taking any step to help in the fight against identity theft. The flood of recent public disclosures by companies admitting to lost records is appalling. But does this new rule really help?


The new regulation provides no provisions on how long the records can be held before being destroyed. This effectively neuters the regulation. Any claim of violation is going to be refuted by the defense of, "We destroy records every certain number of months." Even if you disagree with this assessment, consider the destruction of electronic files.

Electronic files are automatically backed up on hard drives. Merely deleting a file does not erase it from a hard drive. To comply with the regulations, are companies supposed to wipe all their hard drives every day or is deleting the records enough? Wiping the drives is incredibly burdensome while deleting files is useless. As you might imagine, the FTC provides no guidance on the issue.

Cutting to the chase, the FTC has issued this rule for one reason to satisfy Congress. It has little practical impact in protecting your private information and leaves companies with another vague regulatory requirement.

About the Author

Richard A. Chapo is with SanDiegoBusinessLawFirm.com - This article is for information purposes only. Nothing in this article is intended to address the reader's specific situation nor does it create an attorney-client relationship.

Return to Commercial Law

Return to Law Dictionary Index