Businesses commonly use consumer reports when deciding whether to make a job offer or extend a line of credit. In the wrong hands, consumer reports may also be used to commit fraud and identity theft. This is why the Federal Trade Commission (FTC) enacted the Disposal Rule. As required by the Fair and Accurate Credit Transactions Act (FACTA), the FTC’s Disposal Rule requires the use of reasonable disposal measures to protect against unauthorized access to or use of consumer information. Individuals and businesses of any size that use consumer reports for business purposes must comply with this rule. The Disposal Rule, which simply requires reasonable disposal measures to prevent unauthorized access to or use of consumer information, is designed to be flexible. The rule allows organizations and individuals to determine what measures are reasonable by considering the sensitivity of the information, the costs and benefits of different disposal methods and changes in technology. The Disposal Rule is but one aspect of protecting against a data security breach. Organizational protective measures should cover everything from the wireless network to the copy machine, and should also include insurance. Various cyber liability products are available to protect against privacy injuries, such as identity theft, and to cover the cost of complying with various data breach notice laws. Given their complexity, an experienced insurance agent should be consulted to ensure that adequate coverage is obtained.