Kansas Enforcement Action Surrounding Data Disposal Puts Businesses on Notice of State Law Violation
On November 1, 2021, Kansas attorney general ordered three national companies—The Corporation Company, Inc. & C T Corporation System, ST2 d/b/a SearchTec, Inc., and Farven, Inc. to pay fines of almost $500,000 for the alleged unlawful disposal of business records containing consumers’ personal information.[1] According to Attorney General Derek Schmidt, there are reports dating back to 2017 of these companies engaging in this improper business practice.
These practices form the basis of the alleged violations of the Kansas Consumer Protection Act and the Wayne Owen Act—a Kansas law governing identity theft and fraud—by repeatedly disposing of records in public—unsecured—trash receptacles without “rendering the personal information unreadable or undecipherable.”
The Consumer Judgements required the companies to pay the ordered fines, implement company measures and conduct employee training to facilitate the proper disposal of documents—especially those containing personal information—and evaluate their company information security programs and policies to ensure that consumer’s personal information receives proper protection.
These Judgements should caution all businesses—Kansas based or not—to review their state and local laws regarding business record disposal and the safeguarding of consumers’ personal information. For example, our Texas clients, should ensure compliance with the Texas Information Disposal Act.
If you have any questions about these consumer judgments or the impact that they could have on your business, please contact Kennedy Sutherland.
[1] K.S.A. 50-7a01(g) provides:
"Personal information" means a consumer's first name or first initial and last name linked to any one or more of the following data elements that relate to the consumer, when the data elements are neither encrypted nor redacted:
Social security number;
driver's license number or state identification card number; or
financial account number, or credit or debit card number, alone or in combination with any required security code, access code or password that would permit access to a consumer's financial account. The term "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state or local government records.