Data security and identity protection are hot topics these days. The laws are evolving rapidly, and the risk is high. Failure to implement appropriate safeguards to protect your customer data is considered an unfair or deceptive act or practice under Federal law.
If you provide financing to individuals (as a lender), help consumers get financing (as an auto dealer or other retail merchant), or you provide financial advisory services (as an investment advisor, tax preparer or CFP), the Federal Safeguards Rule and likely also the Red Flags Rule apply to you.
Part of the difficulty is knowing which safeguards and policies would be appropriate and expected of your business, and that's where LexAlign can help with our revolutionary online software tools (or "apps").
If you don't know what the regulators expect of you, and you fail to safeguard your customer data appropriately, you could be in a world of trouble. If your customer data falls in the wrong hands, you could face severe penalties, enforcement actions, civil liability, and heightened requirements.
Your senior leadership could be personally liable.
In addition, banks and insurers might refuse to do business with you. In other words, you could lose your business and your livelihood.
Fortunately, LexAlign makes compliance more attainable and affordable.
You're required to implement "administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue."
If you're a financial company—such as an auto dealer, retailer that offers help with financing, a lender, an investment advisor or any other consumer financial service provider—you're expected to to implement an Information Security Program and an an Identity Theft Prevention Program, including a Red Flags Policy.
Having a comprehensive, written Information Security Program ("ISP") is explicitly required under the Safeguards Rule and implicitly required under other laws. Your ISP must be appropriate for your particular organization: merely adopting a form document could be considered negligent or deceptive.
Your ISP must be based on a Risk Assessment of your business. Your Risk Assessment must identify and assess the risks to customer information in each relevant area of the company's operation, and evaluate the effectiveness of the current safeguards for controlling these risks.
LexAlign's Information Security app is designed to help you conduct a risk assessment in line with the regulators' expectations and create an appropriate ISP for your business.
Just like your Information Security Program, your Identity Theft Prevention Program must be appropriate for your company, its size and the potential risks of identity theft.
LexAlign can help you determine if you have "covered accounts" that trigger this Rule. Our Red Flags Rule app can also help you determine which requirements apply and how you're expected to prevent and mitigate identity theft, and help you generate a written program.
This summer we will be introducing and testing two revolutionary programs: our Information Security Assessment app, and our Red Flags app.
As its name suggests, the Information Security Assessment app is designed to help auto dealers and other retailers comply with the Safeguards Rule requirements. By using the Assessment, you'll create a "Data Inventory and Action Plan" that demonstrates that you did the risk assessment. You'll also create an Information Security Program tailored to your business operations. An app designed for investment advisors and other financial advisors will follow later in the fall.
The Red Flags app is designed to create a Red Flags program that is tailored to your business, as required by law.
With LexAlign, compliance with Federal data security and identity theft prevention rules is finally within reach.