Collect and Protect: The Risks of Ignoring Data Security
by Erica Nelson on November 28, 2014
Unlike consumer debt collection, which is highly regulated by laws such as the Fair Debt Collections Practices Act and the Gramm-Leach-Bliley Act, business-to-business collections have less oversight from the federal government. That doesn’t mean companies engaging in B2B collections are free to do as they please; regulations do exist, especially at various state and industry levels. When it comes to safeguarding the information used in collecting a debt, even some of the national standards still apply.
Three Reasons to Safeguard Data
Taking time to safeguard sensitive data about clients and the entities from which money is collected is important. First, an assurance of confidentiality and security breeds confidence. As many businesses face the threats and vulnerabilities associated with data breaches, it is increasingly important to instill trust and peace of mind with your clients and partners by demonstrating that their data is secure and your business is compliant with all federal laws and industry standards
Second, some business collection accounts may involve data that includes personal identifying information for individuals, which is protected by federal law. Data breaches that expose personal information, including social security numbers, account credentials, addresses, phone numbers, or names, can cause expenses in the form of brand recovery, required communication, and even fines. The Ponemon Institute estimates the average cost of a breach for businesses to be around $194 for every customer record involved in the breach, and that number grows every year.
Finally, B2B collection activities often involve account and credit card numbers, which are protected by standards set up by the payment card industry. Failure to secure payment data in a compliant manner, including when that data belongs to another business, can result in fines ranging from $10,000 to $200,000, depending on the company’s merchant level and number of violations.
Tips for Securing Data
Companies engaging in B2B collections can reduce the risk of a breach by working with reputable vendors and service providers. Choose software companies, cloud providers, and outsourcing providers that demonstrate an understanding of all relevant laws and regulations as well as a commitment to protecting all data involved in the collections process.
In addition to carefully choosing business partners, companies should hire with care, train employees regarding the need for confidentiality and data security, and monitor employees who have access to sensitive information. According to a Ponemon study, 59 percent of employees who leave a job take confidential information with them. Human-related data exposure doesn’t have to be willful; many times, employees make a simple mistake that allows for a data breach.
Finally, develop strong data security protocols around all collection data and processes. Limit data to workers who require it to perform jobs, lock information down on encrypted networks with strong password and login policies, and conduct audits to ensure protocols are followed consistently. The Grahm-Leach-Bliley Act requires that entities dealing with consumer information place someone in charge of overseeing and documenting policies regarding data security; even though the Act doesn’t apply to commercial activity, the suggestion has merit for any company dealing with sensitive data.
At D&S, we protect the information of our clients and their debtors with diligence. Whether we are providing collection services or outsourced staffing options for a potential client, we take lawful practices seriously and go above and beyond to ensure the security of all of the data we manage.