FTC Alert

Client Alert | 1 min read | 06.06.05

On June 1, 2005, new FTC regulations became effective which outline the duties of persons and companies when disposing of consumer credit reports and information derived from consumer credit reports. Although the new regulations stem from the Fair and Accurate Credit Transactions Act (FACTA), the ramifications are broader because the regulations apply beyond credit reporting agencies and lenders traditionally covered by FACTA, and require that virtually any business that uses consumer credit information take more rigorous measures in handling that information.

The language of the regulations is surprisingly straightforward. The disposal regulations apply to “consumer information,” which is defined as “any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report.” This would include any company that uses credit reports for background checks in hiring decisions, credit checks on customers or vendors, or other business investigations which utilize consumer reports. Any person or entity that maintains this consumer information must properly dispose of it by taking “reasonable measures” to protect against unauthorized access or use of the information. Examples given are burning, pulverizing or shredding such information, and destroying or erasing electronic media containing such information. Given the prevalence of identity theft and the prominence of identity theft in the media, aggressive FTC enforcement is likely. In addition, and perhaps more importantly, private civil liability is a potential danger for violations. Although it is not clear whether a private consumer harmed by identity theft could sue directly for a violation of the new regulations, state laws, such as California's unfair business practices law, allow private consumers to “piggyback” on other laws, even laws that do not justify individual lawsuits. It is therefore in the best interest of any company that uses credit information to take a close look at the new regulations and develop a compliance program.

Contacts

Kris D. Meade
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2854
a21lYWRlQGNyb3dlbGwuY29t

Insights

Client Alert | 3 min read | 06.12.26

DOJ Guidance Backs Away From Disparate Impact Liability

On June 9, 2026, the U.S. Department of Justice (DOJ) issued a formal opinion concluding that the Equal Opportunity Employment Commission’s (EEOC) existing interpretations of Title VII of the Civil Rights Act of 1964 (Title VII) disparate-impact liability, including the Uniform Guidelines on Employee Selection Procedures (UGESP), are unconstitutional. According to the opinion, EEOC’s prior interpretations contemplate liability based on disproportionately adverse effects alone, without regard to an employer’s likely intent, rather than treating disparate impact as an evidentiary mechanism to “smoke out” intentional discrimination. DOJ found that this approach functions as a “qualified racial-proportionality mandate” that places “a racial thumb on the scales, often requiring employers to evaluate the racial outcomes of their policies, and to make decisions based on (because of) those racial outcomes.” The opinion fulfills one mandate of Executive Order 14281, which rejected disparate-impact liability insofar as it “creates a near insurmountable presumption that unlawful discrimination exists wherever there are any differences in outcomes among different [demographic groups].”...

Client Alert | 4 min read | 06.12.26
Auto Dealers: The FTC Is Back in the Driver’s Seat — Warning Letters Signal Renewed Federal Scrutiny
Client Alert | 13 min read | 06.12.26
EU Cyber Resilience Act Countdown: 11 September 2026 Incident/Vulnerability Reporting Deadline Less Than 100 Days Away
Client Alert | 4 min read | 06.12.26
National Security Memorandum Aims to Accelerate Deployment of AI and Streamline Procurement Aligned to Administration Policies

View All Insights