DATA SECURITY & COMPLIANCE | 10 MIN READ

How New Consumer Protection Laws Like CCPA Will Impact the Debt Collection Industry

Written by Michael Wise

The Recently Passed California Consumer Protection ACT (CCPA) Makes Legal Compliance Officers Top 3 Concerns List

During ACA International’s 2020 Virtual Expo, leading legal experts from the accounts receivable industry shared some of the major compliance issues and trends that “kept them up at night.” The California Consumer Protection Act (CCPA) made the panel’s Top 3 list.

The CCPA gives residents of California landmark new rights with respect to personal information (PI). Although the rights given through this act only apply to citizens of California, the CCPA move follows on the heels of over 140 pieces of privacy-related legislation introduced across 25 states in 2019.

State and Federal laws already protect consumer privacy. So, what’s different about this new legislation? 

The CCPA is clearly taking aim at companies that are collecting information about consumers and then treating it as their own intellectual property. These companies are sharing, selling, and even licensing consumer’s personal information to other businesses. Think Facebook or TikTok. This legislation gives consumers a series of clearly-defined rights that will help combat these nefarious practices.
  • The Right to Deletion (The right to request that a business delete any PI that it has collected from the consumer)

  • Right to Know (The right to request that a business provide certain details about its collection, use, sale or other disclosure of personal information about the consumer, as well as the right to receive a copy of the specific pieces of PI that it collected about the consumer)

  • Right to Opt Out (The right to opt out of the sale of PI)

  • Right to Non-Discrimination (The right to be free from unlawful discrimination for exercising these CCPA rights)

The CCPA also outlines specific damages for violations of consumer data

Under the law, a consumer may sue a business directly if the business’s failure to implement and maintain reasonable security procedures and practices results in a breach of the consumer’s non-encrypted or non-redacted PI, in which case the business may incur damages of $100 to $750 per consumer per violation or actual damages, whichever is greater.

How the CCPA might impact the debt collection industry

Perhaps the most worrisome part of the CCPA for debt collectors is the broadening definition for what may be considered “personal information.” A company may have a secure process for encrypting or redacting information like credit card data and social security numbers, but not other types of consumer data.

However, the biggest immediate impact is the rights consumers in California now have to request details about the data you collect. Where do you keep that information and how easily can it be provided when requested?

The compliance department of debt collection companies are no stranger to the complicated requirements of state and federal regulations as it relates to communication with consumers. But the CCPA, and similar legislation from other states likely to follow, will require greater organization and discipline across all departments.

Data mapping and having a system in place to respond to consumer requests will shore up a lot of bad practices and gaps in your system that you didn’t know were there before,” added compliance professional, W. Judd Peak.

Looking to solve yearly PCI compliance headaches with one call! We can help!

Resources

More Articles Related Consumer Payments

What is P2PE?

What is P2PE?

P2PE devices are PCI-validated technology that keeps cardholder data secure and can take your business network out of scope for a PCI audit and protect your customer’s credit card data.
PCI-validated P2PE solutions encrypt cardholder data and can take a merchant’s network out of PCI scope.

homepage_menu

Share This Article!