I have written about Cyber Security under other names several times in the past. See Data Security, Data Breach Notification, Again and Data Breach Notification. I write again about this subject as it continues to be on the top of the list of concerns of our state and federal regulators. The capabilities of fraudsters to access confidential information and to use it to fleece companies and customers continues to grow yearly. Regrettably, we expect the trend to continue in 2023.
The federal government has led the way in protecting confidential, nonpublic personal information through the Gramm, Leach, Bliley Financial Privacy Act (GLBA). I wrote about the GLBA in one of my first blogs in 2018. Back to Basics Continued—Privacy. The CFPB’s Regulation P, supplementing the GLBA, has very clear instructions to meet the required duties of the Act.
Almost every state has joined in the effort to preserve confidentiality by adopting data breach notification laws. These laws require consumer finance companies and others to implement and maintain reasonable security measures to protect against breaches of sensitive information and to adopt procedures to address security breaches.
Generally, when a breach occurs, the creditor must first assess the nature and scope of the breach; then identify any nonpublic personal information that may have been involved in the breach and the identity of any individuals to whom that information relates; and, then determine whether the nonpublic personal information has been acquired or is reasonably believed to have been acquired by an unauthorized person.
I laid out the specific action steps to be taken once a breach has been detected in the “Data Breach Notification, Again” blog referred to above.
This topic also reminds me to remind you that staying in communication with your regulator about matters such as data breach is of critical importance. By working with your regulator, you will have the benefit of an experienced hand in guiding you through what can be a pretty horrific experience for both the company and its customers.
Practice Pointer: Consumer finance companies should regularly review their cyber security protection programs to stay up-to-date.
Please Note: This is the two hundred-forty-seventh blog in a series of Back to Basics blogs, in which relevant and resourceful information can be easily accessed by clicking Dentons - Consumer Finance Report. To receive weekly insights to your email from the Consumer Finance Report blog, subscribe here.