AGENCY:
Federal Trade Commission.
ACTION:
Request for public comment.
SUMMARY:
The Federal Trade Commission (“FTC” or “The Commission) requests public comment on its rule regarding Disposal of Consumer Report Information and Records (“Disposal Rule” or “Rule”). The Commission is soliciting comment as part of the FTC's systematic review of all current Commission regulations and guides.
DATES:
Comments must be received on or before November 21, 2016.
ADDRESSES:
Interested parties may file a comment online or on paper by following the Instructions for Submitting Comments part of the SUPPLEMENTARY INFORMATION section below. Write “Disposal Rule, 16 CFR part 682, Project No. 165410” on your comment and file your comment online at https://ftcpublic.commentworks.com/ftc/disposalrule by following the instructions on the web-based form. If you prefer to file your comment on paper, write “Disposal Rule, 16 CFR part 682, Project No. 165410” on your comment and on the envelope and mail your comment to the following address: Federal Trade Commission, Office of the Secretary, 600 Pennsylvania Avenue NW., Suite CC-5610 (Annex H), Washington, DC 20580, or deliver your comment to the following address: Federal Trade Commission, Office of the Secretary, Constitution Center, 400 7th Street SW., 5th Floor, Suite 5610 (Annex H), Washington, DC 20024.
FOR FURTHER INFORMATION CONTACT:
Tiffany George, Division of Privacy and Identity Protection, Bureau of Consumer Protection, Federal Trade Commission, 600 Pennsylvania Avenue NW., Washington, DC 20580, (202) 326-3040.
SUPPLEMENTARY INFORMATION:
I. Background
The Fair and Accurate Credit Transactions Act (“FACTA” or “Act”) was enacted in 2003. In part, the Act amends the Fair Credit Reporting Act (“FCRA”) by imposing a requirement that any person that maintains or otherwise possesses consumer information, or any compilation of consumer information, derived from consumer reports for a business purpose, properly dispose of any such information or compilation. The Act also required the Commission and other federal agencies to promulgate rules regarding this requirement. Further, the Act directed the Commission and other federal agencies to ensure that the rules were consistent with the requirements of the Gramm-Leach-Bliley Act (“GLBA”).
15 U.S.C. 1681w.
The other agencies are the Securities and Exchange Commission, the Commodity Futures Trading Commission, the Federal banking agencies, and the National Credit Union Administration. Id.
Id. The other agencies have incorporated the Disposal Rule requirements into their Safeguards rules and guidelines. See 12 CFR part 30, app. B (Office of the Comptroller of the Currency); 12 CFR part 208, app. D-2 and 12 CFR part 225, app. F (Board of Governors of the Federal Reserve System); 12 CFR part 364, app. B (Federal Deposit Insurance Corporation); 12 CFR part 748, app. A (National Credit Union Administration); 17 CFR 248.30 (Securities and Exchange Commission).
Pursuant to the Act's directive, the Commission promulgated the Disposal Rule in 2004. The Disposal Rule provides that, unless otherwise stated, terms used in the Rule have the same meaning as set forth in the FCRA. The Rule defines “consumer information” as any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report. Consumer information also means a compilation of such records. Consumer information does not include information that does not identify individuals, such as aggregate information or blind data. In addition, “dispose,” “disposing,” or “disposal” is defined as (1) The discarding or abandonment of consumer information, or (2) The sale, donation, or transfer of any medium, including computer equipment, upon which consumer information is stored.
16 CFR 682.1(b).
The Disposal Rule requires that persons over which the FTC has jurisdiction who maintain or otherwise possess consumer information for a business purpose properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. It also includes several examples of what the Commission believes constitute reasonable measures to protect consumer information in connection with its disposal. These examples are intended to provide covered entities with guidance on how to comply with the Rule but are not intended to be safe harbors or exclusive methods for compliance. The Rule uses a flexible “reasonable measures” standard. The FTC realizes that there are few foolproof methods of record destruction and that entities covered by the Rule must consider their own unique circumstances when determining how to comply with the Rule.
16 CFR 682.3(b).
Id.
The Disposal Rule became effective on June 1, 2005.
II. Regulatory Review of the Disposal Rule
The Commission periodically reviews all of its rules and guides. These reviews seek information about the costs and benefits of the agency's rules and guides, and their regulatory and economic impact. The information obtained assists the Commission in identifying those rules and guides that warrant modification or rescission. Therefore, the Commission solicits comments on, among other things, the economic impact and benefits of the Rule; possible conflict between the Rule and state, local, or other federal laws or regulations; and the effect on the Rule of any technological, economic, or other industry changes.
III. Issues for Comment
The Commission requests written comment on any or all of the following questions. These questions are designed to assist the public and should not be construed as a limitation on the issues about which public comments may be submitted. The Commission requests that responses to its questions be as specific as possible, including a reference to the question being answered, and refer to empirical data or other evidence upon which the comment is based whenever available and appropriate.
A. General Issues
1. Is there a continuing need for specific provisions of the Rule? Why or why not?
2. What benefits has the Rule provided to consumers? What evidence supports the asserted benefits?
3. What modifications, if any, should be made to the Rule to increase its benefits to consumers?
a. What evidence supports the proposed modifications?
b. How would these modifications affect the costs the Rule imposes on businesses, including small businesses?
4. What significant costs, if any, has the Rule imposed on consumers? What evidence supports the asserted costs?
5. What modifications, if any, should be made to the Rule to reduce any costs imposed on consumers?
a. What evidence supports the proposed modifications?
b. How would these modifications affect the benefits provided by the Rule?
6. What benefits, if any, has the Rule provided to businesses, including small businesses? What evidence supports the asserted benefits?
7. What modifications, if any, should be made to the Rule to increase its benefits to businesses, including small businesses?
a. What evidence supports the proposed modifications?
b. How would these modifications affect the costs the Rule imposes on businesses, including small businesses?
c. How would these modifications affect the benefits to consumers?
8. What significant costs, if any, including costs of compliance, has the Rule imposed on businesses, including small businesses? What evidence supports the asserted costs?
9. What modifications, if any, should be made to the Rule to reduce the costs imposed on businesses, including small businesses?
a. What evidence supports the proposed modifications?
b. How would these modifications affect the benefits provided by the Rule?
10. What evidence is available concerning the degree of industry compliance with the Rule?
11. What modifications, if any, should be made to the Rule to account for changes in relevant technology or economic conditions? What evidence supports the proposed modifications?
12. Does the Rule overlap or conflict with other federal, state, or local laws or regulations? If so, how?
a. What evidence supports the asserted conflicts?
b. With reference to the asserted conflicts, should the Rule be modified? If so, why, and how? If not, why not?
B. Specific Issues
1. Should the Rule be modified to include more specific and prescriptive requirements for disposing of consumer information? Why or why not? If so, what requirements should be included and what sources should they be drawn from?
a. What evidence supports such a modification?
b. How would this modification affect the costs the Rule imposes on businesses, including small businesses?
c. How would this modification affect the benefits to consumers?
2. Should the Rule be modified to delete any of the existing examples or include additional examples to illustrate proper methods for disposing of consumer information? Why or why not? If so, what examples should be included and what sources should they be drawn from?
a. What evidence supports such a modification?
b. How would this modification affect the costs the Rule imposes on businesses, including small businesses?
c. How would this modification affect the benefits to consumers?
3. Should the Rule be modified to reference or incorporate any other information destruction standards or frameworks? If so, which standards should be incorporated or referenced and how should they be referenced or incorporated by the Rule? Should such standards be considered safe harbors for compliance with the Rule?
a. What evidence supports such a modification?
b. How would this modification affect the costs the Rule imposes on businesses, including small businesses?
c. How would this modification affect the benefits to consumers?
4. Under the current Disposal Rule, “Consumer information does not include information that does not identify individuals, such as aggregate information or blind data.” Should the Rule be modified to change the definition of “consumer information”? Should the definition of “consumer information” include information that can be reasonably linked to an individual in light of changes in relevant technology or market practices? Should the Rule be modified to define “aggregate information” or “blind data”?
a. What evidence supports such a modification?
b. How would this modification affect the costs the Rule imposes on businesses, including small businesses?
c. How would this modification affect the benefits to consumers?
IV. Instructions for Submitting Comments
You can file a comment online or on paper. For the Commission to consider your comment, we must receive it on or before November 21, 2016. Write “Disposal Rule, 16 CFR part 682, Project No. 165410” on the comment. Your comment, including your name and your state, will be placed on the public record of this proceeding, including, to the extent practicable, on the public Commission Web site, at https://www.ftc.gov/policy/public-comments. As a matter of discretion, the Commission tries to remove individuals' home contact information from comments before placing them on the Commission Web site. Because your comment will be made public, you are solely responsible for making sure that your comment does not include any sensitive personal information, such as a Social Security number, date of birth, driver's license number or other state identification number or foreign country equivalent, passport number, financial account number, or payment card number. You are also solely responsible for making sure that your comment does not include any sensitive health information, such as medical records or other individually identifiable health information.
In addition, do not include any “[t]rade secret or any commercial or financial information which is . . . privileged or confidential,” as discussed in Section 6(f) of the FTC Act, 15 U.S.C. 46(f), and FTC Rule 4.10(a)(2), 16 CFR 4.10(a)(2). In particular, do not include competitively sensitive information such as costs, sales statistics, inventories, formulas, patterns, devices, manufacturing processes, or customer names.
If you want the Commission to give your comment confidential treatment, you must file it in paper form, with a request for confidential treatment, and you must follow the procedure explained in FTC Rule 4.9(c), 16 CFR 4.9(c). In particular, the written request for confidential treatment that accompanies the comment must include the factual and legal basis for the request, and must identify the specific portions of the comments to be withheld from the public record. Your comment will be kept confidential only if the FTC General Counsel grants your request in accordance with the law and the public interest.
Postal mail addressed to the Commission is subject to delay due to heightened security screening. As a result, we encourage you to submit your comment online. To make sure that the Commission considers your online comment, you must file it at https://ftcpublic.commentworks.com/ftc/disposalrule by following the instructions on the web-based form. If this document appears at http://wwww.regulations.gov,, you also may file a comment through that Web site.
If you file your comment on paper, write “Disposal Rule, 16 CFR part 682, Project No. 165410” on your comment and on the envelope, and mail your comment to the following address: Federal Trade Commission, Office of the Secretary, 600 Pennsylvania Avenue NW., Suite CC-5610 (Annex H), Washington, DC 20580, or deliver your comment to the following address: Federal Trade Commission, Office of the Secretary, Constitution Center, 400 7th Street SW., 5th Floor, Suite 5610 (Annex H), Washington, DC 20024.
Visit the Commission Web site at https://www.ftc.gov to read this document and the news release describing it. The FTC Act and other laws that the Commission administers permit the collection of public comments to consider and use in this proceeding as appropriate. The Commission will consider all timely and responsive public comments that it receives on or before November 21, 2016. For information on the Commission's privacy policy, including routine uses permitted by the Privacy Act, see https://www.ftc.gov/site-information/privacy-policy.
By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. 2016-22198 Filed 9-14-16; 8:45 am]
BILLING CODE 6750-01-P