You have made such a profound statement, and I don't think that you realize it. You said in the end of your post that no one has used your information (that you know of). You are correct. You don't know. This is exactly the problem that your employers and and your employers clients should be dealing with. The real problem is that under FACTA we are as an industry (actually anyone that does business in the U.S.), now potentially liable for what we, and they, don't know; whether information has been compromised. Right now some individual or criminal organization may be robbing you or your clients blind and there is no mechanism (saving normal security processes)that is in place to inform you of the intrusion that would allow you to contain the damages. Unfortunately, normal security processes are being breached every day. (normal and what I thought to be super secure security processes..ie fingerprints and retina identification that are not totally secure) Facta liability should change the way we are looking at data security. It will cost far less to initiate proactive strategies that offer a security mechanism even "after" information is compromised, then to wait until it happens and absorb the damages. We did not have to think in this way two years ago, but today it would be foolish not to. There are a number of sites out there that address this issue. Go to Yahoo, MSN, Google, Exactseek or the like and type in Keywords: FACTA Liability. There are some solutions that are offered that are feesible; although they do require "thinking outside of the box".