DBA International, the voice of the debt buying industry, commends the Federal Trade Commission (FTC) on its leadership role in the recently announced security measures that provide guidance to ensure that adequate security protocols are followed which offer greater protection of consumer data during the review of portfolios in the buying and selling valuation process.
Posted on the FTC’s business center blog, the newly recommended security measures for debt buyers and sellers provide specific suggestions on ways to protect data at each step of the transaction, beginning with qualifying the potential buyer through the destroying of data at the end of the process.
“Several months ago, the FTC expressed concerns about consumer data protection in the buying and selling valuation process undertaken by debt buying companies,” said DBA International Executive Director Jan Stieger. “DBA worked with the FTC in the development of best practices, many taken from policy and procedure manuals of DBA’s members. The standards set by many DBA members exemplify the professional and ethical environment maintained by the vast majority of debt buyers.”
Out of the seven security measures included in the FTC’s business center blog, the FTC included some of the recommendations provided by DBA International:
- Non-Disclosure Agreement: The buyer and seller would execute a mutual Non-Disclosure Agreement that is valid for a minimum of two years.
- Due Diligence: Before sharing or transferring any data, the prospective buyer and seller must conduct a thorough due diligence process. This process ensures that the seller is the true owner of the debt and possesses the required data to validate the consumer and the debt. It also ensures that the buyer has sufficient data to value the portfolio for purposes of submitting a bid to purchase it.
- Non-Disclosure Agreement: Following this initial assessment, the buyer and seller would execute a mutual Non-Disclosure Agreement that is valid for a minimum of two years.
- Data Transfer: The seller then transfers data to the prospective buyer utilizing appropriate encryption technology. Any masked data containing Personally Identifiable Information (PII) must be hidden so that it prevents an unintended or unauthorized recipient from reconstructing the file with PII.
- Data Destruction: After the allotted time for the prospective buyer’s data review has expired, the seller should request and log the acknowledgement that the prospective buyer has destroyed and deleted any and all agreed upon files that contain PII. In the case where the buyer purchases the file, a Data Destruction Affidavit is not required.
In addition to the safeguards provided in these security measures, DBA International developed and manages a Debt Buyer Certification Program for its member companies. This certification program represents a comprehensive national standard of industry best practices. It stresses responsible consumer protection, increased transparency and improved educational and operational standards within the industry. This certification program operates in addition to extensive federal and state regulation.
“The FTC’s security measures contain many of the best practices that are key components of DBA International’s industry-leading Debt Buyer Certification Program,” added Stieger.
DBA International is the nonprofit trade association that represents public and private companies that purchase performing and nonperforming receivables on the secondary market. Founded in 1997 by a small group of companies to provide a forum to advance best practices within the industry, today DBA has grown to represent more than 550 companies. DBA provides its members with networking, educational, and legislative advocacy opportunities through an annual conference, an executive summit, regional seminars, state and regional committees, newsletters, webinars, teleconferences, and other media. DBA maintains a code of ethics and a national certification program that promote uniform industry standards of best practice which debt buying member companies must comply with in order to maintain membership. DBA is headquartered in Sacramento, California.