3 strategies for lenders to mitigate internal threats to consumer data security | Auto Finance News 3 strategies for lenders to mitigate internal threats to consumer data security | Auto Finance News
Auto Finance News
Subscribe
  • Home
  • News
    • All News
    • Exec of the Year
    • Innovation & Technology
    • Management
    • Compliance & Regs
    • Risk Management
    • Capital & Funding
    • Powersports
  • Events
    • DEMOvation Challenge
    • Auto Finance Summit
    • Auto Finance Innovation Summit
  • EXCELLENCE
    • Best Practices
    • Topics
      • Compliance
      • Customer Experience
      • Technology
    • White Papers
    • Glossary
  • Magazine
    • Latest
    • Magazine Issues
  • Data
    • Lender Ranking
    • Fixed Rate Outstandings at Banks
    • Securitizations
    • Market Share Monitor
AFN PLUS
Saturday, January 23, 2021
Log In
No Result
View All Result
Auto Finance News
  • Home
  • News
    • All News
    • Exec of the Year
    • Innovation & Technology
    • Management
    • Compliance & Regs
    • Risk Management
    • Capital & Funding
    • Powersports
  • Events
    • DEMOvation Challenge
    • Auto Finance Summit
    • Auto Finance Innovation Summit
  • EXCELLENCE
    • Best Practices
    • Topics
      • Compliance
      • Customer Experience
      • Technology
    • White Papers
    • Glossary
  • Magazine
    • Latest
    • Magazine Issues
  • Data
    • Lender Ranking
    • Fixed Rate Outstandings at Banks
    • Securitizations
    • Market Share Monitor
AFN PLUS
Log In
No Result
View All Result
Auto Finance News
No Result
View All Result

3 strategies for lenders to mitigate internal threats to consumer data security

Susan Chylik by Susan Chylik
September 4, 2019
in Compliance
Reading Time: 4min read

With the enactment of the California Consumer Privacy Act of 2018 and the barrage of copycat legislation in other states, there has been significant focus on consumer data and privacy issues from the vantagepoint of the consumer: what information is collected and how consumers can direct companies what to do — or not do — with that information. While the discussion has largely centered on data security within the context of protections from external threats, auto lenders’ loss–mitigation efforts need to consider internal threats to consumer data, as well.  

Lenders big and small that amass consumer data are made up of employees — employees with access to data. So, how should a company protect itself against this internal threat to data security? This article outlines three steps lenders can implement to manage how employees access data and plan for corrective action. 

  1. Control Access. Evaluate the different types of data your business collects and who has access to that information. Not all employees should have access to all kinds of data. There should be controls around which levels of authority within the company should have access to data (depending on the type of data) and, then within each level, which individual employees. Each employee should have a level of access that corresponds to the role and responsibility of the position. Clear organization charts and detailed job descriptions will go a long way in helping lenders determine which levels of authority and which individual employees should have access to which types of data. Additionally, robust policies and procedures will support lenders’ efforts to document and implement data-management processes. 
  1. Check and Double-Check. Once data access controls are in place, auto lenders should conduct audits and ongoing monitoring to ensure that the right employees are accessing the correct data for the right purpose. This testing should be done according to a predetermined schedule but should also be conducted randomly. Testing should cover the types of data that are being accessed, the people that are accessing the data, and the use of the data after it is accessed. It should also identify access attempts by unauthorized employees and access by authorized employees whose use of the data is improper or beyond the scope of the employee’s authority. 
  1. Be Prepared to Take Action. If testing reveals unauthorized access to or improper use of consumer data, companiesneed to be prepared to take action. The action could be against the offender — including additional training and disciplinary action, even termination. The severity of the action will depend on the sensitivity of the data at issue and seriousness of the data usage. Or, the action could be taken at the company level. After discovering internal access breaches, lenders should strengthen access controls and improve company policies and procedures. Gaps revealed during an audit test of data access should be addressed to eliminate or minimize future access issues. 

Susan Chylik is a Member in McGlinchey Stafford’s consumer financial services compliance team and can be contacted at [email protected] or (216) 378-9913. McGlinchey Stafford is the Compliance Partner of Auto Finance Excellence (AutoFinanceExcellence.org), a sister service of Auto Finance News.  

Tags: Best Practicescalifornia consumer privacy actcompliancemcglincheyMcGlinchey Stafford
Previous Post

Volkswagen Bank taps OneSpan for encryption to fight hackers

Next Post

Fraudsters plead guilty in $1m auto loan scheme

Related Posts

2021 predictions compliance
Compliance

Auto finance compliance predictions for 2021

January 5, 2021
Post covid economic trends in auto finance
Compliance

Post-COVID economic trends in auto finance

December 14, 2020
Legislation in auto finance: What’s on the horizon?1
Compliance

Legislation in auto finance: What’s on the horizon?

December 8, 2020
Next Post
Fraudsters plead guilty in $1m auto loan scheme

Fraudsters plead guilty in $1m auto loan scheme

Leave a Reply Cancel reply

Your email address will not be published.

Latest Magazine Issue

INNOVATION & TECHNOLOGY

Upstart partners with Oriental Bank, enlarges lending footprint

Upstart partners with Oriental Bank, enlarges lending footprint

January 20, 2021
GM jumps as Microsoft joins $2B self-driving venture

GM jumps as Microsoft joins $2B self-driving venture

January 19, 2021

Sign Up Email List

CORONAVIRUS

Used-vehicle prices increase, inventory outpaces norm

Used-vehicle prices increase, inventory outpaces norm

January 22, 2021
Dueling dynamics will shape consumer credit in 2021

Dueling dynamics will shape consumer credit in 2021

January 20, 2021

SPONSORED

Collateral Protection Insurance (CPI): What is CPI and what does it do?

Collateral Protection Insurance (CPI): What is CPI and what does it do?

January 8, 2021
US auto sales poised for crash after slowest pace in a decade

Driving Customer Loyalty, Retention After Total Loss

December 9, 2020
When tough times hit, proactive strategies pay

When tough times hit, proactive strategies pay

November 2, 2020

About

ABOUT US

PRIVACY TERMS

ADA COMPLIANCE

CODE OF JOURNALISM ETHICS

Contact Us

ADVERTISE

HELP CENTER

EMAIL SIGN UP 

Follow Us

twitter twitter linkedin podcast

©2021 Royal Media & Auto Finance News

No Result
View All Result
  • Home
  • News
    • All News
    • Exec of the Year
    • Innovation & Technology
    • Management
    • Compliance & Regs
    • Risk Management
    • Capital & Funding
    • Powersports
  • Events
    • DEMOvation Challenge
    • Auto Finance Summit
    • Auto Finance Innovation Summit
  • Excellence
    • Best Practices
    • Topics
      • Compliance
      • Customer Experience
      • Technology
    • White Papers
    • Glossary
  • Magazine
    • Latest
    • Magazine Issues
  • Data
    • Lender Ranking
    • Fixed Rate Outstandings
    • Securitizations
    • Market Share Monitor
  • +PLUS
  • SUBSCRIBE
  • Log In / Account

© 2020 Royal Media

Go to mobile version