ARE YOU TAKING UNNECESSARY RISKS WITH YOUR CUSTOMERS' PII?
As a lender, you are entrusted with large amounts of Personally Identifiable Information (PII) about your consumers and, according to several federal statutes protecting PII,** you are responsible for the security of that data. As the originating creditor, you likely have security and access protocols in place to protect this data while it remains inside your organization. But what happens when you sell or place your nonperforming accounts on the secondary market? Is your consumer’s PII still protected?
A few questions to take into consideration:
- Are you sharing unmasked PII with buyers for the purposes of scoring and bidding?
- Are your vendors, buyers, and agencies all taking the same care with your consumers’ PII?
- What processes and protocols do you need to implement to increase security and decrease risk with PII?
If you don’t know, you really need to: data breaches wreak havoc on a business’s reputation and finances, causing irreparable damage to both the company and the consumer.
What is Personally Identifiable Information (PII)?
PII is anything that could be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual. Examples include a consumer’s name, address, telephone number, social security number, geolocation, and government ID.
Why is it important to protect your consumers’ PII?
Keeping PII private is important to ensure the integrity of a person’s identity to prevent fraud and identity theft. With just a few pieces of personal information, fraudsters can create false accounts, start racking up debt, or even create falsified Government IDs. With advances in technology and the increasing connectedness of the internet, our personal data is being recorded, tracked, and utilized every single day. Biometrics, once a science-fiction notion, are now used daily to unlock our phones and provide access to secured areas. Because of the sensitive nature of the data, and the risk of it getting into the wrong hands, companies who handle consumer PII must be diligent in how they collect, access, store, share, and eventually destroy their customers’ PII.
What are Examples of PII?
There is a ton of data that can distinguish an individual from another. If a piece of information is unique to you, or can be traced back to you, it is private and needs to be protected. The following list touches on the main pieces of data that count as personally identifiable information, but keep in mind there are many others.
- Telephone number
- Date of birth
- Passport number
- Driver’s license number
- Credit/debit card number
- Social Security number
How Can PII Be Compromised?
Hackers can steal electronic PII using several increasingly sophisticated techniques that continue to evolve as technology does. Fraudsters can break into staff computers, take down company servers, infiltrate email boxes, and tap into your data via public Wi-Fi. Pro Tip: Always use your company’s VPN while accessing the internet from a public Wi-Fi network. Bad actors can also steal physical records such as receipts, bills, rental/lease information and so forth. These are typically only at risk if your location is broken into but can also be obtained via fringe tactics like going through trash bins.
How Can I Protect My Consumers’ Personal Information?
The best way to protect your consumers’ PII – whether electronic or physical - is to put as little of it as possible at risk. Businesses who have access to consumer PII should ensure that proper security protocols are in place to collect, access, store and routinely purge their databases to keep a minimal amount of information stored in a highly secure area. The best way to ensure your physical PII stays completely safe is to physically destroy all expired files and devices such as USB drives, old laptops, and phones.
Nobody Can Reduce Your Risk & PII Touchpoints like EverChain
When it comes to protecting consumer PII during recovery, no one does it better than EverChain. EverChain’s technology platform is integrated with all the major scoring companies enable lenders to share propensity to pay and value information securely and accurately - without unmasking PII. As the only SOC 2 Type 2 recovery management and debt sales platform in the industry, EverChain’s data security is unrivaled.
Learn how you can level up your compliance and reduce your risk with EverChain. Learn about compliant debt sales by visiting our website or emailing us at our customer service email address to schedule your consultation today!
**To protect American consumers, Congress has enacted several statutes related to data privacy, often in industry-specific contexts. Examples of federal statutes protecting PII include:
- Gramm-Leach-Bliley Act – for financial information;
- Fair Credit Reporting Act (FCRA) – regulating how consumer reporting agencies use credit information;
- Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) – for healthcare related information;
- The Family Educational Rights and Privacy Act (FERPA) – relating to PII protections for student educational records;
- The Children's Online Privacy Protection Act (COPPA) – relating to the privacy of children under 13;
- The Privacy Act of 1974 – requiring fair information practices regarding PII held by federal agencies.