We must work together to protect the privacy of consumers. The following measures are designed to reduce unauthorized access of consumer credit reports. In accessing ACUTRAQ services, you agree to follow these measures:

• You must protect your ACUTRAQ USER ID and password so that only key personnel employed by your company know this sensitive information. Unauthorized persons should never have knowledge of your password. Do not post this information in any manner within your facility. If a person who knows the password leaves your company or no longer needs to have it due to a change in duties, the password should be changed immediately.
• Do not share passwords with co-workers, friends, or family.
• Do not discuss your ACUTRAQ USER ID and password by telephone with any unknown caller, even if the caller claims to be an employee of ACUTRAQ.
• Restrict the ability to obtain reports to a few key personnel.
• After normal business hours, be sure to turn off and lock all devices or systems used to obtain report information.
• Secure hard copies and/or electronic files of consumer reports within your facility so that unauthorized persons cannot easily access them.
• Shred or destroy all hard copy consumer reports when no longer needed.
• Make all employees aware that your company can access credit, and other report information only for the permissible purposes listed in the Permissible Purpose Information section of your membership application.
• You or your employees may not access their own reports. Nor should you or your employees access the report of a family member or friend unless it is in connection with a credit transaction or for some other permissible purpose.
• Do not send sensitive data through email, such as consumer’s SSN, account numbers, actual credit reports, etc. unless data is encrypted.
• In the event of a compromised system, notify ACUTRAQ immediately and take necessary steps to ensure no other credit reports are accessed using comprised system.

Record Retention: The Federal Equal Opportunities Act states that a creditor/employer must preserve all written or recorded information connected with an application for five (5) years. In keeping with the ECOA, ACUTRAQ requires that you retain the credit/employment application and, if applicable, a lease/employment contract for a period of not less than 5 years. When conducting an investigation, particularly following a consumer complaint that your company impermissibly accessed their credit report, ACUTRAQ will contact you and will request a copy of the original application signed by the consumer or, if applicable, a copy of the lease/employment contract.

“Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2,500 per violation and/or 2 years in prison.”