• Skip to main content
  • Skip to primary sidebar

Nexa Collections

  • Home
  • Serving
    • Medical
    • Dental
    • Small Business
    • Large Business
    • Commercial Collections
    • Government
    • Utilities
    • Fitness Clubs
    • Schools
    • Senior Care Facility
  • Contact Us
    • About us
    • Cost

Impact of the GLBA on Collection Agencies

As per FTC, starting June 9, 2023 all collection agencies will be treated as financial institutions. This means all collection agencies must secure consumer data nearly the same way as banks.

Failure to comply with GLBA can have severe consequences for the collection agency, especially the owners and the higher management. Each violation can result in fines up to $100,000 and may extend to criminal penalties, including jail time. We will try to cover only the important parts of GLBA per our understanding.

GLBA covers your employees and even your vendors that have access to your customer and debtor data. This includes your collection letter printing vendor, your software providers that access your data, and even your Sales Representatives.  Any data access outside your company network must be secured through the VPN and their laptops should be encrypted.

If your associates can access emails through their cell-phone, you must evaluate if their emails can potentially have sensitive data and take appropriate steps to secure their mailbox or completely disable mobile access to these emails.  The GLBA Privacy Rule only applies to nonpublic personal information (NPI), including (Debtor) Name, Address, Income, Social Security number. Transaction information such as account numbers, payment history, loan balances and information from court records or consumer reports.

After the recent changes done by CFPB and these upcoming GLBA laws will result in significant operational challenges and cost additions for all collection agencies in America.

When consumers turn to a financial institution for services, they want to know that their private information is being kept safe and sound. None of us want our information shared with companies we do not approve of. The Gramm-Leach-Bliley Act (GLBA) is a law that was enacted with this desire for security and privacy in mind. The act was passed in 1999 to protect consumers’ private information within financial institutions and give them the power to choose what happens with that personal information.

What Types of Businesses Are Impacted by the Gramm-Leach-Bliley Act?

The GLBA covers any institutions that provide financial services, including:

  • Handling loans
  • Handling savings
  • Exchanging or transferring funds
  • Providing financial advising
  • Investing for others
  • Career counseling (of those who are seeking employment with financial services)
  • Collecting debt
  • Banking
  • Insurance
  • Credit union

The law covers a wide variety of institutions that handle finances and can include institutions one may not expect, such as car dealerships that collect and distribute the personal information of their consumers or retailers that grant credit cards to their customers.

Protecting Your Customer’s Nonpublic Personal Information (NPI)

When a consumer decides to work with a specific financial institution, they must be able to trust that institution with their private information. Often, the information given to these institutions by their customers can be highly confidential and leave the customer vulnerable to a number of personal and legal issues should their information be shared or leaked to the wrong party.

Under the Gramm-Leach-Bliley Act, financial institutions are legally obligated to protect all of their private consumer’s nonpublic personal information (NPI). An NPI is defined as the individually identifiable financial information collected by a financial institution that cannot be found in the public domain. This can include information like:

  • Address
  • Income
  • Social security numbers
  • Payment history
  • Account information
  • Loan balances
  • Purchase history
  • Credit history
  • Consumer reports

Under the GLBA, a financial institution must uphold and ensure the safety, security, and confidentiality of any information their customers have trusted them with. A financial institution must always have security measures in place to prevent security breaches and data leaks. In order to ensure this, the Federal Trade Commission (FTC) has the power to audit any financial institution at any time. Should the financial institution have a need to share the customer’s information with an outside party, the customer must be made aware of the ways in which their information will be shared and given a choice in whether they would like to “opt-in” or “opt-out.”

The Gramm-Leach-Bliley Act and Privacy Notices

Whether you are opting in to sharing your customer’s NPI or not, the GLBA requires every financial institution to provide their customers with a privacy notice before a customer-business relationship has been established. Should this cause issues with the timeliness of completing the customer’s transactions with your business, there is an exception to this rule- as long as the client agrees, you may provide the notice within a reasonable time frame after the relationship has already been established.

Along with a privacy notice, customers must have an option to opt-out of sharing their NPI with outside parties. This opt-out notice must emphasize that the customer has a right to opt out, give a sensible method of opting out, and grant the customer a reasonable time frame to opt-out. The customer must also be given a copy of the privacy notice annually for the duration of the business-customer relationship.

The FTC’s Recent Amendments to the Gramm-Leach-Bliley Act

The FTC has recently made a few amendments to the GLBA. Due to this, multiple changes will become effective on June 9, 2023, including:

  • Risk assessments– financial institutions will now be required to maintain a formal risk management program that includes a written risk assessment
  • Designation of a single responsible and qualified individual– while it has already been required that the financial institution has designated employees overseeing the security program, financial institutions must now appoint a qualified individual to hold the ultimate responsibility of the program.
  • Employee training– this new requirement means financial institutions must ensure their staff have received proper security training from qualified personnel if they have access to private information like customer names, addresses, social security numbers, and date of birth. This training must be done regularly.
  • Monitor own providers to whom data is outsourced or serviced– financial institutions must monitor and complete risk assessments regarding the third-party service providers they are deciding to work and share information with. It is the financial institution’s responsibility to ensure the third-party vendors they share information with have the proper security measures to continue protecting their customer’s NPI.
  • Information Systems Monitoring & Penetration Testing– financial institutions must now regularly test and monitor their safeguards, systems, and procedures for any attempts at a security breach or weaknesses
  • Incident plan– a new requirement of the GLBA is that financial institutions will now be required to have a written incident response plan that addresses seven particular topics- the goal of the plan, internal processes for a response, external and internal communication, requirements for identified weaknesses, how the security event will be documented and reported, and the changes and evaluations needed to the incident plan after the occurrence of a security event
  • Specified security controls– There have now been security controls added as specific requirements to maintain GLBA compliance, including access controls, system inventory, encryption, secure software development, multi-factor authentication, data retention, change management, and system monitoring
  • Accountability of the responsible and qualified individual– the individual who has been designated the responsible party is now required to annually report their security program’s status to the executive leaders of the financial institution in order to maintain a sense of accountability and the motivation to uphold the highest security measures for customers.

In Conclusion

The GLBA has been put in place to protect consumers’ personal information from falling into the wrong hands. It is the responsibility of financial institutions to have security measures in place to protect their consumers and themselves. Staying up to date on the newest GLBA requirements can be crucial to ensuring your financial institution is doing everything you can to maintain compliance.

References:

https://www.fdic.gov/consumers/consumer/alerts/glba.html#:~:text=GLBA%20became%20law%20in%201999,insurance%20companies%20and%20securities%20firms.

https://www.ftc.gov/business-guidance/resources/how-comply-privacy-consumer-financial-information-rule-gramm-leach-bliley-act

https://globalcerts.com/wp-content/uploads/Whitepaper-2022-GLBA-Amendments.pdf

Filed Under: Debt Recovery

Primary Sidebar


accounts receivable

Need a Collection Agency?
Kindly fill this form.
We’ll get in touch with you

    Please prove you are human by selecting the flag.

    Recent Posts

    • Why Cybersecurity Matters for Collection Agencies
    • 11 Ways Dental Practices Can Recover Unpaid Bills (Without the Headache)
    • Credit Bureau Reporting Forbidden on Several Types of Debts
    • Effective Tactics for Regaining Company Assets from Departed Staff
    • Low-Cost, Patient-Friendly Billing for Small Dental Practices
    • Changing Medical Credit Reporting Laws: Urgently Hire a Collection Agency!
    • Disadvantages of Removing Medical Debts from Credit Reports
    • Collection Agency Closure Checklist: Legal, Financial, & Operational Steps

    Featured Posts

    • Making Medical Credit Reporting Harder is a Disaster in the Making
    • When Should you Not Hire a Collection Agency
    • Building a Strong Brand Image in Financial Services Industry
    Directory of collection agencies

    Note: Nexa is an information portal that helps businesses and medical practices to find a good collection agency at no cost to them. We are not a collection agency. We do not perform any collection activity, nor take payments, nor do any credit reporting. Leads shared with shortlisted agencies with Low Contingency Fee and High Recovery rates.

    Featured Agencies

    • Collection Agencies in Plantation, FL
    • Collection Agencies in Hudson, NC
    • Collection Agencies in Natchez, MS

    Copyright © 2025 NEXACOLLECT.COM | All information on this website is for general information only and is not an experts advice. We do not own any responsibility for correctness or authenticity of the information, or any loss or injury resulting from it. Nexa is not a collection agency. Relevant inquiries are contacted by our shortlisted collection agency partner(s)

    X
    Need a Collection Agency?
    Contact Us