PII Security Post Charge-Off – What Can Lenders Do?

As indicated in the article Most Companies Expect to be Hacked in the Next 12 Months, published by DarkReading (darkreading.com) in early 2015, instances of hacking appear to be increasing at an alarming rate. More than 70% of organizations have suffered cyberattacks and almost one quarter indicate they’ve suffered cyberattacks six or more times. In addition to commercial enterprises, recent hacking accusations around the 2016 presidential election have brought data security to the fore. While most companies and organizations are not hacked, those that house important information may be especially targeted by those who wish to steal sensitive information for their own benefit.

Not always on par with election hacking, sensitive information being stolen or simply not secured properly, makes each one of us potentially vulnerable. More specifically, personally identifiable information (PII) is often transferred multiple times between lending institutions and law firms that are charged with retrieving asset data after a charge-off. Because there are no consistent security methods employed to safeguard a person’s sensitive information when being transferred after a charge-off, that data can easily be compromised and further leveraged for ill-gotten gain.

While one law firm handling charge-off information might be well-versed in securing sensitive data, others may have no safeguards in place at all.

With so much uncertainty surrounding PII data security, lenders are often vulnerable to law suits and other negative byproducts of allowing data breaches. What’s needed are proven methods that ensure data security when PII is transferred and used between lenders and law firms after charge-off. The Federal Trade Commission offers a primer for keeping data secure when buying or selling debts. Seven steps are outlined for organizations that buy and sell data, including not disclosing data publicly, disposing of data securely and having a plan in place in case there is a security breach.

A presidential election may not rest on the results of PII data security, but an individual’s financial well-being – and the reputation of the lending organization that originally secured that data – very well might.