News & Resources

Loan company sued for improper disposal of consumer credit data

Dec 03, 2012 Dave King

Loan company sued for improper disposal of consumer credit data
An Illinois-based short term loan company is in hot water and facing up to $101,500 in fines for improperly disposing of sensitive consumer information. The company allegedly disposed of documents containing social security numbers, employment data, personal addresses and bank accounts into unattended dumpsters near company offices. Creditors should ensure that best practices that ensure customer data security for both hard data and electronic files are followed.
 The Gramm-Leach-Bliley Act
The Federal Trade Commission holds that this a violation of the 1999 Gramm-Leach-Bliley Act, which guarantees the privacy of such consumer data. The act was a basis for subsequent laws regarding disposal of consumer information. This act sets forth stringent guidelines as to when firms can release private consumer information to non-public organizations. This may include debt collection data and a plethora of personal consumer information that may be held by short term lenders. Asset recovery agencies should ensure that all current disposal and release practices are compliant with this and other laws. FACTA disposal rule
The Fair and Accurate Credit Transactions Act of 2003 (FACTA) focuses on regulations regarding identity theft and credit recovery options for consumers. It offers specific definitions and rules for the disposal of consumer data. Standards of disposal methods are nuanced, but if consumer privacy is not compliant with the law, legal reprimand may occur. The means of data disposal become more complicated when considering the implications of data created and stored electronically both for firms and for the massive amount of so-called "big data."  Firms need to ensure protection of consumer information in order to remain within the realm of the law. Solutions
Lending firms should outline clear policies within employee handbooks and other official loan documents. Legal counsel may be advisable for larger firms as the laws may be open to legal interpretations. Hard data such as customer forms, canceled checks and copies of personal identification documents should be shredded and disposed of in a secure manner. Professional data shredding companies can provide assurance that all forms are properly disposed of. Electronic data should be secured at all times through infrastructure and software that protects against malware and other cyber attacks that may compromise data. There are other laws regarding email list scrubbing and do not contact clauses, so firms engaging in short term lending are well advised to act with compliance in electronic communications as well.