Technology Leaders Pen Open Letter to Collection Industry

The Board of Advisors of Collection Technology magazine released an open letter to the ARM industry yesterday imploring decision makers at collection agencies to take a more proactive approach to data security.  The Board includes executives of some major industry players.

The text of the letter follows:

We, the undersigned members of the Board of Advisors of Collection Technology magazine, believe that the collection industry can bolster its practice of information security and we urge, in this open letter to the industry, a commitment to more conscientious workflows and protocols.

Our greatest collective fear is that a significant security breach will result in onerous, knee-jerk legislation against our community. Such legislation will certainly do much more harm than good — which is why we believe a commitment to self-imposed security standards presents the best strategic approach.

As the industry becomes more global, security risks increase. Many collection companies and debt buyers now service domestic accounts overseas, where regulations can be less stringent and consistent. This scenario heightens the risk for problems and potentially impedes their resolution, dissuading clients from entering into relationships.

While we do not believe in mandatory enforcement, we strongly encourage adherence to the following guidelines to augment the industry’s security practices through self-adopted policies and standards.

Our guidelines:

1. Security should be given greater attention among industry participants. There has not been a major security breach that sparked sweeping legislation — yet. We should take it upon ourselves to act before a newsworthy breach forces us to.
2. Any personal information transmitted electronically should be secured with widely adopted standards of data protection, such as encryption or password protection. More thorough precautions for the security of data-in-transit should be considered.
3. We believe there is merit to the pursuit of security certification, such as ISO 17799 and SAS 70. Furthermore, we believe that collection companies should consider the requirements of standard, client-security audits when developing their security principles.
4. Care must be taken at all stages of the debt lifecycle. Primary holders and buyers of debt invariably are utilizing secure practices. However, security protocols are diminishing upon the reselling of debt. Even secondary purchasers should adhere to strong security protocols.

These guidelines are by no means definitive measures, but rather a starting point for a more secure industry. We hope they also spur dialogue for the collection industry, and perhaps represent a first step toward development of a set of industry security standards.

Sincerely yours,

JJ Hornblass
Executive Editor & Publisher
Collection Technology

Christopher Boisaubin
Chief Information Officer
Van Ru Credit Corp.

Steve Bressler
Chief Information Officer
Plaza Associates

Butch Brown
VP, Credit and Collections
Charter Communications

Dan Buell
Director, CIS Product Marketing, Collections
Experian

Jeff Dantzler
President
Comtronic Systems LLC

Richard G. Doane
President and CEO
Sunrise Credit Services

Stephen G. Florczak
EVP of Information Technology
Capital Management Services

Bruce A. Gay
President
Monticello Consulting Group

G. Christopher Imrey
President
Apollo Enterprise Solutions

Susan Little
Director of Marketing Communications
Columbia Ultimate

Jeff K. Mains
Presdient & CEO
Sentinel Development Solutions

John Mobley
VP & Chief Information Officer
Afni Inc.

John Simpson
Chief Technology Officer
Nationwide Credit Inc.

Edward Song
IT Director
Royal Media Group

Bill Thaxton
Senior VP
ACS

Scott S. Weltman
Partner
Weltman, Weinberg & Reis Co.

Michael Young
Executive Director
Law Offices of Mel S. Harris