Data Security Rules

If you provide loans or help consumers get financing or provide any other financial service, you must by law comply with complex rules protecting consumer personal information. That includes doing a data security risk assessment and implementing an Information Security Program based on that assessment. LexAlign is designing audit apps to help you meet those requirements.

What to know: It's complicated and expanding

There are multiple Federal and State laws protecting consumer personal financial information and they are expanding. All companies are required by law to protect their customer information against theft or loss. In addition, companies that provide or help consumers obtain financial products or services are subject to more stringent requirements under the Federal Safeguards Rule and some State laws. Those companies include:

  • Retailers that help consumers get financing, like auto dealers
  • Financial advisors, like tax preparers, credit counselors, and financial planners
  • Lenders
  • Investment companies.

What the Safeguards Rule requires

Under the Federal Safeguards Rule, each of those companies is required to have an Information Security Program.

But it's not ok to buy a Program "off the shelf."

That's because each company must create a Program based on its own information security risk assessment. Your Program must be appropriate for your particular company: using a form document could be considered negligent or deceptive. In addition, companies are required to re-assess the adequacy of their Program regularly and make appropriate adjustments. LexAlign can help.

What does a Security Risk Assessment (SRA) entail?

Regulators expect that your SRA include three things:

  1. You must do an "inventory" of your data collection and handling practices
  2. You must assess the adequacy of the ways you currently safeguard sensitive data, and
  3. You must determine which additional steps are needed to bring your practices in line with regulator expectations and your bank's requirements.

How LexAlign can help

You could hire a company to do an SRA for you. But that assumes you have the money and time for that, and that you can find a company willing to visit you. It can be very expensive and tie up your resources for a long time. And on top of that, the expert may not do an adequate inventory under the law.

LexAlign is designing a new information security audit app to empowers companies to do an adequate SRA and obtain a customized Information Security Program without the need for high-cost expert help. Here is some of our beta customers said about the app:

LexAlign is perfect. With LexAlign's data security app I don't need to pay $800 (plus) per rooftop for a vendor audit. The Action Plan is so simple and straightforward, I know my team will understand it.

The questions are clear and I understand the rationale behind each one. Just answering the audit questions opened my eyes to the threats we face, and it is scary.

We will launch our app for auto dealers in Spring of 2018, followed by apps for other company types. If you're interested in participating in a free beta program, please contact us.