Fair and Accurate Credit Transactions Act of 2003

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 2 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
>> Hello, everyone. It's Chris again.
00:00
I'm Cybrary's instructor for
00:00
its US information privacy course.
00:00
Here in lesson 7.2, we're going to examine
00:00
the Fair and Accurate Credit Transaction Act of 2003,
00:00
which amends the FCRA of 1970.
00:00
We have several learning objectives.
00:00
We're going to talk about FACTA's goals.
00:00
We're going to talk about two rules
00:00
that are unique to FACTA,
00:00
the red flags rule and disposal rule.
00:00
We're going to talk about some of
00:00
the ways in which FACTA amended
00:00
the FCRA from an identity theft prevention
00:00
and credit history restoration,
00:00
improvements and use of and
00:00
consumer access to credit information,
00:00
enhancing the accuracy of consumer report information,
00:00
and limiting the use and sharing of
00:00
medical information within the financial system.
00:00
When Congress enacted FACTA in 2003,
00:00
it did so with the goal of
00:00
really shifting the focus from just reporting
00:00
credit information to ensure that
00:00
that information was accurate, reliable, and timely.
00:00
It also wanted to provide consumers with
00:00
greater protections under the law as it
00:00
applied to correcting these inaccuracies
00:00
in occurred reports,
00:00
definitions of procedures done
00:00
in determining how individuals are granting credit,
00:00
employment, insurance, and other benefits.
00:00
It was there to inform
00:00
the American public and consumers about their rights,
00:00
and then also the system in
00:00
making more informed decisions.
00:00
FACTA has two rules.
00:00
It has the red flags rule that says that if you are
00:00
a financial institution that has to comply with FACTA,
00:00
then you have to institute
00:00
and implement an identity of theft program.
00:00
Now FACTA doesn't give
00:00
the explicit guidance on how to do so,
00:00
it just tells you how to do so so that you can
00:00
identify instances of identity theft.
00:00
Now 2003, that applied to almost every type of
00:00
financial institution that had to comply
00:00
with FACTA to include doctors' offices,
00:00
attorneys' offices that receive
00:00
payment after providing services.
00:00
What Congress did was in 2010 with
00:00
the FACTA Red Flags Clarification Act,
00:00
it excluded those attorneys' offices, doctors' offices,
00:00
and other offices that engage
00:00
in those type of transactions for having
00:00
to establish and implement an identity theft program.
00:00
The disposal rule is straightforward,
00:00
that if you no longer have
00:00
a legal or lawful use for
00:00
credit reporting information or credit information,
00:00
you have to dispose of it accordingly.
00:00
If it's in paper,
00:00
you got to shred it, burn it, pulverize it.
00:00
If it's an electronic media,
00:00
you got to degauss it,
00:00
wipe it, sanitize it.
00:00
It also provided greater protection to consumers as it
00:00
applied to identity theft prevention,
00:00
credit history restoration.
00:00
Now as one of those added protections,
00:00
FACTA is the reason
00:00
why now these companies themselves have
00:00
to truncate your credit card numbers
00:00
and your debit card numbers.
00:00
It's there to really provide it the ability of
00:00
these consumers if they thought that
00:00
they were victims of identity theft,
00:00
to set up procedures like fraud alerts,
00:00
and if you were active-duty military,
00:00
active duty military alerts for a period of time.
00:00
At the request of the consumer,
00:00
they could request that
00:00
the company itself would
00:00
truncate their social security numbers
00:00
to the last five digits.
00:00
It stated that upon notification
00:00
by a consumer to a credit reporting agency,
00:00
that again, they had to receive notice of
00:00
their rights as identity theft victims.
00:00
It also allowed these individuals that might be
00:00
victims of identity theft to block information,
00:00
to freeze their credit,
00:00
and access any credit reporting information
00:00
for a set period of time.
00:00
When we talk about enhancing the accuracy of
00:00
consumer reporting information, at times,
00:00
individualist consumers may not qualify for
00:00
the best rates or
00:00
pricing for a benefit or a service and a product.
00:00
What the company may offer them
00:00
is substandard or risk-based pricing.
00:00
If you're going to offer
00:00
that customer risk-based pricing,
00:00
substandard pricing, then you have to give them notice
00:00
explaining how you arrived
00:00
at that decision, what their rights are.
00:00
It also says that it enhances
00:00
the ability of consumers themselves to
00:00
ensure that the furnishes of their information
00:00
are reporting accurate and reliable information to
00:00
the credit reporting agencies and
00:00
ensure that these entities
00:00
have the appropriate policies and
00:00
procedures in place that
00:00
outline how they're going to ensure that
00:00
their information is accurate and reliable and timely.
00:00
It requires the FTC and the consumer
00:00
>> reporting agencies,
00:00
>> especially the consumer reporting agencies,
00:00
to respond to consumer complaints about
00:00
inaccuracies in their court reporting information,
00:00
and to respond to doing so upon receiving
00:00
that complaint to take the appropriate action.
00:00
Then if they determine doing a reinvestigation,
00:00
that information is indeed inaccurate or outdated,
00:00
then again they have to give
00:00
prompt notice to that consumer
00:00
on the actions taken to rectify those inaccuracies.
00:00
When you talk about improvements in
00:00
the use of and consumer access to credit information,
00:00
it's here that now annually,
00:00
we as American consumers can
00:00
request from the big three, Experian,
00:00
Equifax, TransUnion,
00:00
a copy of our credit reports, free of charge.
00:00
Now, this does not extend to
00:00
those other credit reporting agencies
00:00
like Credit Karma and others.
00:00
This only applies to the big three.
00:00
It also says that, hey,
00:00
now you got to tell me what my credit scores are.
00:00
You also got to explain to me how
00:00
you calculate those scores using
00:00
FICO or some other type of credit calculation process.
00:00
Revisions or amendments to the FCRA allowed
00:00
companies to be able to do a preliminary look at
00:00
an individual's consumer information and
00:00
consumer reports and then
00:00
extended them these pre-screen offers,
00:00
you get them all the time.
00:00
You are qualified for this credit card or this
00:00
mortgage, some type of other offer.
00:00
Well, now under the FACTA, then again,
00:00
individuals have a right to opt out of receiving
00:00
those type of offers by having their names
00:00
removed from pre-screened list.
00:00
It also has requirements as an ISA consumer
00:00
now can say that if a company is
00:00
sharing my credit reporting information to
00:00
an affiliated company for purposes of marketing,
00:00
then I have a right to opt-out of those practices.
00:00
First, it needs to be clearly stated in the privacy
00:00
notice the companies engaging
00:00
in these types of disclosure practices,
00:00
and then provide the consumer with
00:00
a way of opting out of those practices.
00:00
When it comes to limiting the use and sharing of
00:00
medical information in their financial system, again,
00:00
what FACTA does is it gives greater protections on
00:00
how medical information can be shared for employment,
00:00
insurance, and other purposes.
00:00
Before you can do so,
00:00
you must have the explicit consent
00:00
of the individual before you do that.
00:00
You also have to restrict access to
00:00
the identity of the medical company
00:00
or entity that's involved
00:00
in providing this type of information.
00:00
That information has to be obscured
00:00
if we're talking about pricing
00:00
and billing copies of information,
00:00
or you have to protect the identity of the provider.
00:00
It also states you got to maintain confidentiality in
00:00
how that information is used for those purposes.
00:00
Question 1 states,
00:00
FACTA's goals are to?
00:00
The appropriate answers are A, B,
00:00
and C. Question 2 asks,
00:00
FACTA requires the three major credit reporting
00:00
agencies to provide consumers
00:00
>> with what annually upon request?
00:00
>> The appropriate answer is A.
00:00
Question 3 asks, FACTA
00:00
requires truncation of which types of
00:00
personal information upon request by a consumer?
00:00
The appropriate answers are A and B.
00:00
Question 4 asks,
00:00
FACTA's disposal requires individuals and
00:00
companies processing
00:00
credit reporting information to do what?
00:00
The appropriate answer is B.
00:00
Question 5 asks,
00:00
FACTA's Red Flags Rule
00:00
requires companies processing
00:00
credit reporting information to do what?
00:00
The appropriate answer is A.
00:00
In summary, it's FACTA in 2003 that
00:00
amends the FCRA in several ways.
00:00
It changes the focus from just simply reporting
00:00
credit reporting information to ensure that the
00:00
information is accurate, relevant, and timely.
00:00
It improves the ability of consumers to
00:00
access and amend their credit information.
00:00
It requires and put strict prohibitions on how
00:00
individuals themselves or companies can make
00:00
use of medical information within the financial system.
00:00
It also gives consumers themselves
00:00
greater protection from an
00:00
identity theft prevention perspective.
Up Next