Debt Collection Law Ranks High in Safety and Security

Debt collection law gets a bad rep. Just Google “debt collection,” and you’ll stumble across a thousand stories about crooked collectors, deceptive ruses and stringent regulations to maintain the climate of lending, borrowing and repayment.

If you’ve been following our blog, you likely already know that debt collectors must follow specific federal guidelines to avoid violating consumer rights and maintain their own responsibilities. Well-known laws that we’ve discussed include the Fair Debt Collection Practices Act (FDCPA), the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLBA).


However, what you might not know is that in the entire field of law, the legal debt collection industry is in the top 10 percent for IT security, data security, physical security and third party vendor management.

Because of the nature of the practice, collections tops all other areas of law in disaster preparedness, disaster recovery plans and employee training and conduct.

The industry as a whole is more likely to have superior call recording capabilities that record 100 percent of incoming and outgoing calls, email encryption and email programs that recognize and restrict the sending of a 16-digit sequential number (ie—credit card numbers).

The licensed and recognized creditors bar is the least likely to be hacked among all law firms nationwide, and although there have been attempted website hacks, there are no known data breaches in the entire industry of legal collections.

While the stringent standards placed on collectors are to protect the consumers, they make the practice of debt collection very expensive. Collectors rank high in the areas of safety and security, and that is a positive thing, but they pay handsomely to do so.

The bottom line after paying out for security systems and other third party vendors depends entirely on a collectors’ ability to connect with debtors and work toward a payment plan that benefits both parties.

Despite the horror stories, these statistics shine a positive light on the field of legal debt collection. Collectors are doing their best to ensure a safe and secure relationship with debtors, protect important and private information and collect money in order to regain economic balance in the area of lending.

Best Business Practices, Part VIII

Information Security Policy

“Security is not a product, but a process.” –Bruce Schneier

Any business or company that deals in goods, services or information should have a thorough and well-documented information security policy. This policy should fundamentally explain and detail how data is obtained, stored and protected, limit or eliminate potential legal liability and preserve and protect confidential information.

Information security can encompass a variety of topics, including data restoration in the event of a disaster or emergency, computer data, telephone procedures (such as recording for quality assurance), data organization, third party risk management, confidentiality, visitor access, media, passwords, encryption, e-mail, Internet, software, audits, access and ethics.

As Bruce Schneier said, a good security policy is a process that will grow and change as your company grows and changes. With each new client, employee or update in software, you may have to make changes, additions and corrections to your security policy. In the area of debt collection, information security is essential, because collections deals in sensitive information such as addresses, phone numbers, social security numbers, income and banking information.

Like anything significant, developing an effective security policy takes time and tends to happen in stages. Development, enactment, enforcement, monitoring and maintenance are all crucial steps in making sure your information is guarded. Depending on the type of company, developing this procedure could be as simple as enforcing policy on cell phone and social media usage or as complex as obtaining offsite backups in the event of data loss or local disaster.


An information security policy is primarily to manage potential exposure to loss or harm. It is vital that you communicate your policy to clients and train your employees.

This concludes our series on Better Business Practices. Stop by next week for brand new content!