5 Ways to Safeguard your Customer’s Personal Information

Posted by Ryan Howard


The recent Equifax data breach of 143 million customers has left Americans concerned about hackers, identity theft, and data security. As a consumer reporting agency, BYL Collections understands the necessity of secure data transactions and information security. We also feel the importance of educating other companies on the sensitivity of customer information, ways to prevent data breaches, and why it's important to establish security procedures. As we've seen with organizations that have been hacked in recent years, losing your customers' trust is damaging to your business.



Consumer Data Protection

With data breaches from Equifax, Target, Home Depot, and other large enterprises, Congress may look to enforce minimal standards of security on any organization that has access to consumer data. Federal regulations do already exist to protect consumers' private information and allows them to report on fraudulent data. 

Fair Credit Reporting Act

The FCRA protects consumers from their personal information being accessed by any layperson. The Act dictates who has access, under what conditions they can use the information, how to obtain consent to get access, who can add to the consumer reports, and how individuals can dispute data that isn't accurate. 

Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act, or Financial Services Modernization Act of 1999, requires financial organizations, such as banks, mortgage lenders, and debt collection agencies, to clearly explain their use of customer data and to keep the data secure. The Act also asks these institutions to offer an "opt out" rule for customers who do not wish to share their information with third parties. Privacy notices must be sent initially and annually to explain what information is collected, how it is being used, and how it is stored. Organizations covered under the GLBA must also provide a written information security plan that describes how the company manages and protects its customers' private information.


Safeguarding Your Customer Data

If you are a financial institution such as a mortgage company, bank, real estate appraisal company, tax return preparers, financial or investment advisors, or insurance companies, you are already regulated under the GLBA to keep your customer's data safe. Otherwise, be aware that future regulations may limit your access to data and/or require more data security enforcement. Here are 5 ways to protect your customer's private information:

Be Aware of the Data Collected

First and foremost, your business must understand the responsibility of collecting customer data. Is the information relevant to conduct business with your customer? Are you aware of what data is being collected and how? Where is the data being stored - file cabinets or computers? Who has access to this data? Run audits to take inventory of all the customer data you have collected so you can be aware of the potential of a data breach.

Collect the Bare Minimum of Data

Often, unnecessary consumer data is collected for future use. Consumers who do not read a company's "terms of service", for instance, may be unaware that the data could be sold to third party companies for marketing. If your business doesn't need the data, don't collect it or you will be responsible for keeping it safe. If you do collect data, make sure that access to it is scaled down as well.

Securely Store Customer Data 

You don't have to be in the financial services business to properly and securely store your customer's personal information. If the data is written on paper, secure the paperwork under lock and key. Train employees to use caution when opening files on their desks or computers and to always put away the files after. Encrypt data or store it offsite so that it is accessible but safe. Work with your IT department to restrict access to networks, electronic file systems, apps, portals, and other ways to obtain the data.

Properly Dispose Data after Use

Proper disposal of customer information may be shredding, burning, or other services for discarding paperwork that may contain sensitive data. If the data is on computers that are no longer being used, the hard drives must be erased, wiped, or overwritten. If you have access to consumer reports, the FTC offers clear guidance on disposing of consumer information

Develop a Response Plan In Case of Data Breach

If your customers' information has been accessed, be prepared with a plan to address the security failure. Who needs to take charge of implementing the plan? Can you minimize the damage and/or the risk of further insecurity? Who needs to be notified of the data breach? Does your legal team need to be informed? The FTC has a step by step guide for businesses for responding to data breaches

With large enterprise organizations, such as Equifax, unable to stop data breaches, the Consumer Financial Protection Bureau is doing their best to keep consumer informed of their rights and offering options to determine if individuals have been a victim of identity theft. Financial institutions or consumer reporting agencies especially have a responsibility for keeping customer data safe due to the sheer number of transactions on a daily basis. Not only are your customers trusting you with their highly confidential information, they are also expecting you to keep the information safe. Are you? 

Have a Question?



Topics: Debt Collection, Customer service, FCRA, CFPB, Financial services