Data privacy and data security are two very hot topics in the ARM industry today. The California Consumer Privacy Act (CCPA) is set to take effect in January 2020, with additional privacy bills now pending in at least 25 states. Meanwhile, cyber crimes involving consumers’ personal data are growing in number, size, and sophistication.
Data privacy: Understanding and Preparing for the CCPA
“Information like name, email address, collections history, purchase history, payment history, and determinations that you make off this (this person is likely to pay on time, they’re not likely to pay on time)—all of those things were not considered personal information in the traditional sense under U.S. law. That all has changed.” – Odia Kagan
- Your headquarters are in California;
- Your employees are in California;
- Your company is incorporated in California;
- Your company satisfies the definition of a California foreign entity; or
- You conduct out-of-state sales or transactions into California.
Minimum business thresholds are defined as:
- You conduct business activities in California and your annual revenues exceed $25 million;
- You’re involved with personal data of more than 50,000 consumers, households, or devices (this could even include unique blog visitors); or
- Sales of personal information—including value acquired from its use (via data analytics, for example)—accounts for at least 50% of your annual revenues.
- Map your data flows and processes
- Determine your role under the law (independent business, service provider, or vendor)
- Look carefully at legal purpose as well as GLBA and FCRA exemptions and whether they apply
- Determine how you’ll comply with consumer requests within the required 45-day window
- Reevaluate your internal processes
- Plan for CCPA disclosure
“So it’s basically looking at processes, looking at the information, seeing how [you] get to it, how [you] can produce it. Then the other question is, ‘Once I know how to collect all of this information, how do I provide the disclosure that CCPA requires me to provide along with all the information I am giving?’” – Odia Kagan
Data security: Reducing the Risk and Impact of Cyber Crime
Have a specific plan in place
“Some of you saw there was a high-profile breach in the collection space earlier this year. One of the things that came out . . . was that maybe they took a little bit longer to get a plan in place and respond. And so at times, that can make the cost even greater or the damage even greater.” – Ben Johnson
Monitor operations in real time
Change the way you store old data
“[Data] almost was seen as a . . . valuable asset—to have all this data, all of this knowledge, all of this experience. And secondly, data storage is relatively cheap. So another year goes by, another million records go on the server. [ . . . ] I think as an industry, collectively, we’ve really got to start sharing best practices, talking about what we’re doing to get old files offloaded.” – Ben Johnson
For More Answers and Advice, Catch the Complete Webinar
Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.
© 2019 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.
Of any year in recent memory, 2020 has been the most turbulent and unsettling. COVID-19, civil unrest, and natural disasters are taking a heavy toll emotionally and financially. For third-party collectors, showing empathy for consumers is a moral and...
Seamless Transition to SwervePay® Brings Agency 2x Faster Funding, Surging Productivity, and No More Underwriting
Since joining Accelerated Receivables Solutions (ARS) in 2004, CFO Alan DeHaven had worked with a variety of payment processing vendors. He was accustomed to multiday funding delays, cumbersome underwriting, and other burdens and complexities associated with...
As of July 27, 2020, the Consumer and Governmental Affairs Bureau (CGB) set into motion the established guidelines for operation of the FCC’s Reassigned Numbers Database. This is good news for the ARM industry, as we’re now one step closer to having a...
After nearly 30 years in business, Beacon Services, LLC had grown to serve a wide range of clients. But the agency’s inability to accept ACH and credit card payments made it increasingly difficult to collect. Consumers who wanted to make convenient electronic payments...
Consumer attorneys have found a new weakness in the debt collector’s compliance armor: consumer-facing websites. As debt collectors increase their use of and reliance on consumer-facing websites to support their collection efforts and facilitate payments,...
The 2008 financial crisis led to a wave of bankruptcies as businesses and consumers struggled to stay afloat in a worsening economy. At the tail end of the Great Recession in 2010, almost 1.6 million bankruptcy petitions were filed, of which 1.53 million...
When I was a law student, I would never have guessed the reason I needed to understand constitutional law was so I could someday explain it to nonlawyers who place collection calls. But today, in the wake of a major legal decision, I’m here to do just...