|
|
|
|
The National List of Attorneys Raises the Bar!
|
We continue our series "Developing a Collection Practice" with the topic of Security and Compliance written by Dr. Eric Berman, Esq. This is a hot topic! We understand that many of our attorney members have invested thousands of dollars to comply with their clients security requirements. We are conducting a survey to get an idea as to how much our attorney members have invested in the past few years for both physical and data security measures. Please click here to participate in our strictly anonymous survey. We will post the results of our survey in our Members Only Newsletter next week.
Watch for your next MEMBERS ONLY PUBLICATION filled with relevant, in-depth articles focused to benefit you and your collection practice.
To view last weeks Members Only article, click here.
Do you have something to contribute to our Raising the Bar Campaign? We are always seeking quality content for our monthly eNewsletter. Having your article published in our newsletter is a great way to gain recognition as a prominent attorney in the industry. Please email your idea to results@nationallist.com.
|
Security and Compliance
By: Dr. Eric M. Berman, Esq.
Eric M. Berman PC, Attorneys at Law
Clients demand that their debt collection attorneys have the same level of electronic and physical security of their files as they themselves provide pursuant to federal regulation. Meeting that demand, however, particularly for smaller firms, can be extremely expensive, and because security requirements can vary dramatically from client to client, firms have no real choice other than to satisfy the most restrictive requirements even though some of their clients operate under less restrictive ones.
While it is difficult to address every vulnerability – either electronic or physical, following is a typical list of security requirements for debt collection attorneys. It is not all inclusive.
|
1) A formal disaster recovery plan
2) Written data and security policies signed by every employee
3) Electronic Data Security
A. Internet Security
i. Firewall
ii. Data Encryption
iii. Daily Backups with backup tapes or disks removed from the premises each evening
iv. Daily data uploads to off-site storage facility.
B. Internal Data Security
i. Several levels of passwords to obtain entry to data
ii. Change of passwords every thirty (30) days
iii. Password security.
a. Non-sharing policies
b. Replacement passwords cannot include parts of passwords used in the last 6 to
18 months.
iv. Authentication and encryption for sensitive/restricted files and directories.
4) Physical Security
A. Locked entry into the office from the waiting room
B. A log of all visitors including delivery and repair persons
C. All non-employees must be accompanied by an employee when allowed into the office
D. A locked room with internal glass walls or large windows for opening mail and processing
debtor payments with access limited to accounts receivable personnel only
E. Computer room/telephone locker must be locked at all times and limited access provided
only to management and IT staff.
F. Video Cameras
i. Cameras placed at all external entry points
ii. Cameras placed at all locations at which debtor mail and payments are processed
iii. Video tapes kept for minimum of three to six months
|
Compliance with the federal, state and local laws and regulations is required by every creditor client.
As with data and physical security, these requirements can vary greatly from client to client. The following represent some of the most common requirements.
|
1. Insurance
A. Professional liability insurance in the amount of $1,000,000 or more
B. Property casualty insurance
C. Workers compensation and disability insurance if mandated by your state
2. Licenses
A. If a law firm, a licensed attorney in each state that you hold yourself out as authorized to
litigate cases
B. Debt collector licenses in all states in which you collect and in which such licenses are
required
3. Collection Compliance
A. Written policies whether in the form of memorandum or complete personnel manuals in
regard to complying with the Fair Debt Collection Practices Act (FDCPA), Health Insurance
Portability and Accountability Act (HIPAA) for medical collections, and state and local laws
and regulations as well as the myriad of other debt collection laws.
B. Collector training and testing. The ACA International has good materials for this purpose
and NARCA publishes a video which explains the FDCPA.
C. Debtor demand letters and other correspondence that satisfy all federal, state and local laws
and rules and regulations, including requirements set forth in case law.
D. Telephone policies that satisfy all laws and regulations including requirements set forth in
case law.
4. Internal Policies that complement and augment client policies regarding number of telephone calls to be made in a given time, number of letters to be sent, etc.
|
As with all efforts to provide security for physical and electronic assets, common sense prevails. Risks must be evaluated by a competent data security professional. There is no substitute for quality.
Click here for a printable version of the Security and Compliance article.
Eric M. Berman, Esq., is President of Eric M. Berman, P.C., a multi-state collection law firm with offices in New Jersey, New York, North Carolina, Pennsylvania and South Carolina. Document and office security has become a major concern for creditors as identity theft continues to spread. The article contains an outline of security requirements placed on their collection attorneys by some of the major creditors. Dr. Berman is President of the Commercial Lawyers Conference of New York and a former Director of NARCA. He has spoken on collection-related issues at numerous conferences sponsored by the ACA International, Commercial Law League of America, DBA International, NARCA and Thompson Financial, among others. Mr. Berman can be reached at Eric M. Berman, P.C., 500 West Main St., Ste. 212 , Babylon, NY 11702-3035 , Phone: (631) 486-4900, Toll Free: (888) 294-4490,
Fax: (631) 486-4997 and via email: eberman@ericbermanpc.com.
|
