We’re approaching the end of the year and fall is in the air - along with consumer financial uncertainty. Economic stressors persist and are likely contributing to many consumers relying on credit to cover expenses, while the resumption of student loan payments adds another financial obligation to the mix. For consumers, the conundrum of balancing finances continues as the holiday spending season sneaks up. If you’re a creditor or collector working with financially distressed borrowers, considering consumer situations and preferences when collecting is critical to your success. Read on for our take on what’s impacting consumer finances and our industry, how consumers are reacting, and why employing digital strategies to boost engagement is more important than ever for debt collection in 2023 and beyond. What’s Impacting Consumers and the Industry? People are watching inflation and interest rates like hawks as effects from previous rate hikes slowly set in. The PCE price index excluding food and energy increased 0.1% in August, lower than the expected 0.2% gain. On a 12-month basis, the annual increase for core PCE was 3.9%, matching the forecast and coming in as the smallest monthly increase since November 2020. While recent indicators suggest that economic activity has been expanding and the U.S. banking system seems sound, inflation remains elevated. Tighter credit conditions will likely impact economic activity, hiring and inflation, but the extent of these effects is unpredictable. While the Fed’s latest move in September was to maintain the existing rate of 5.25-5.5%, the end goal is maximum employment and inflation at the rate of 2% and they are closely watching indicators to determine future rate changes. Since April 1, more than 7 million Americans have lost Medicaid coverage since the forced hiatus of cancellations during the pandemic ended. Many people lost their coverage because their income is now too high to qualify for Medicaid, but a larger share have been terminated for procedural reasons and states are now seeing increased appeals and complicated legal processes. After three years of relief from payments on $1.6 trillion in student debt under the CARES Act,  student loan payments resume this month. 40+ million borrowers who paid $200 to $299 on average each month in 2019 will soon face the resumption of a bill that is often one of the largest line items in their household budgets. For a deeper, data-driven analysis of how student loans impact consumers with debt in collections, read our report, “Consumer Finances, Student Loans and Debt Repayment in 2023”.  Meanwhile, the Consumer Financial Protection Bureau (CFPB) has been looking at lending practices, advanced technology considerations and credit reporting that impact consumers. Of note for lenders, it issued guidance about certain legal requirements for specific and accurate reasons when taking adverse actions against consumers that lenders must adhere to when using artificial intelligence and other complex models. Bottom line: “the algorithm said so” doesn’t qualify as a reason. The CFPB also started the process of issuing a rule barring reporting medical debt collections through the credit reporting system. The CFPB’s rulemaking would block credit reporting agencies from including medical debts on consumer reports that are used in making underwriting decisions. The proposal would not stop creditors from medical bill information for other purposes such as verifying the need for loan forbearance or evaluating loan applications for medical services. Key Indicators and Consumer Spending According to the New York Fed’s Quarterly Report on Household Debt and Credit, total household debt increased in the second quarter of 2023 by $16 billion (0.1%) to $17.06 trillion. Credit card balances increased by $45 billion from Q1 2023 to a series high of $1.03 trillion in Q2, a 4.6% quarterly increase. Other balances, including retail credit cards and other consumer loans, and auto loans also increased by $15 billion and $20 billion, respectively.  With increased balances, delinquency remains a concern as it simultaneously continues to rise regardless of product type. Experian’s Ascend Market Insights for August reports overall delinquency (30+ DPD) rose in August, with a 2.81% increase in delinquent units and an increase of 3.11% in delinquent balances month over month. Serious delinquency (90+ DPD), which has been rising for all products, now exceeds pre-pandemic levels for auto loans and unsecured personal loans and is approaching pre-pandemic rates for bankcards, retail cards and secured personal loans.  In August, the Fed reported that at the 100 largest banks, charge-off rates have been rising, most notably with credit cards. The charge-off rate for all consumer loans was 2% at the end of the second quarter, up from 1.1% a year ago. As for credit card debt, the charge-off rates stood at 3% in the second quarter, up from 2.75% in the first quarter, and up from 1.7% a year ago. Putting this in perspective, amid the Great Recession the overall charge-off rate hovered near 8% while the rate for credit cards hit 9%. While comparatively the situation may not seem as dire, the increasing trend on charge-offs is worth watching. After bottoming out in September 2021, analysts at Goldman Sachs report that since Q1 2022, credit card companies are seeing an increasing rate of losses at the fastest pace in almost 30 years, on par with the 2008 recession. Losses currently stand at 3.63%, up 1.5% from the bottom, and Goldman sees them rising up to 4.93%. Also in August, Americans' $2 trillion in pandemic savings was nearly exhausted, with the current remainder of $190 billion projected to be spent down by the end of the third quarter. This has started showing up as roughly 114,000 consumers had a bankruptcy notation added to their credit reports in Q2, slightly more than in the previous quarter. And approximately 4.6% of consumers had a 3rd party collection account on their credit report, with an average balance of $1,555, up from $1,316 in Q1. Elevated inflation continues to strain budgets - the level of inflation in July meant families spent $709 more per month than two years ago. Battling the current economic challenges, consumers still have to make essential purchases and pay bills. According to PYMNTS, 43% of Gen Z consumers have been using their credit cards more often, and 66% of this segment lives paycheck to paycheck, up from 57% last year. Upon the resumption of student loan repayments in October, this group could lose as much as 4.3% of discretionary spending power, leaving less money on hand to pay back debt.  Gen Z isn’t alone - Gen X borrowers with federal student loans on the books could see their discretionary income decrease by as much as 8.8%. With a similar proportion of this cohort living paycheck to paycheck, 71% of Gen Xers reported actively using credit, with 26% reportedly using credit more often than normal for everyday purchases. And according to a recent report from PYMNTS, this group has started embracing Buy Now, Pay Later (BNPL) as a strategic tool to manage spending and cashflow. 14% of Gen Xers said they had used BNPL - that’s more than the amount of Baby Boomers, less than millennials (20%), and roughly the same as Gen Z. Consumer Sentiment on Financial Outlook Deteriorates As more consumers are turned down for much-needed loans due to financial tightening and using more credit options for everyday expenses, the general sentiments around financial wellbeing aren’t very positive. According to Deloitte’s State of the Consumer Tracker, 38% of Americans feel their financial situation worsened over the last year and less than half feel they can afford spending on things that bring them joy. A similar 48% are concerned about their level of savings and only 44% feel they can afford a large, unexpected expense. The Federal Reserve Bank of New York concurs – in its August 2023 Survey of Consumer Expectations, income growth perceptions declined that month, and job loss expectations rose sharply to its highest level since April 2021. Sentiments are down across the board: Perceptions about current credit conditions and expectations about future conditions both deteriorated, and households’ perceptions about their current financial situations and expectations for the future both also deteriorated. The key takeaway: many consumers are feeling stressed about finances and are uncertain about their financial future, which will impact their payment decisions and willingness or ability to engage with debt collectors. Preparing for Debt Collection in Q4 and Beyond As we approach the end of the year and enter the holiday spending season, businesses should prepare for the possibility of increased delinquencies as consumers reach a tipping point in savings and expenses. Last year marked a particular surge in consumers putting seasonal spending on credit, with 41% of Americans putting more than 90% of their holiday expenses on their credit cards, and nearly 42% anticipated going into debt—understandable as the average US shopper took on more than $1,500 in holiday debt in 2022.  Compound the holiday expenses with resumed student loan payments, persistent inflation and high interest rates and the consumer financial outlook appears fragile. So what’s the best way forward in engaging customers in debt collection who are balancing a delicate financial situation? Any or all of these best practices can help: Go digital with communications. The numbers speak for themselves: 59.5% of consumers prefer email as their first choice for financial communication compared to only 14.2% who prefer to receive a phone call. Factor in working hour considerations and it becomes even more difficult to engage consumers via phone. Further, contacting first through a consumer’s preferred channel can lead to a more than 10% increase in payments. And digitize payments, too. Consumers have long been transacting online for purchases, and now three in five Americans expect all payments to be digital. The benefits of online payment options range from customer ease-of-use and adoption to operational cost reduction while offering increased payment volume to boot – 14% of bill-payers prioritize payments to billers that offer lower-friction payment experiences. Stay top of mind, respectfully. There’s a lot on consumers’ minds in today’s economy, and your bill may not be at the top of their priority list. When engaging delinquent customers, there are strategies to getting your message across that are better for maintaining customer relationships while effectively collecting debt. It’s important for both your customer relationships and compliance considerations to keep in mind the tone and content of your messages along with the cadence of your communications.

The goal of a recovery operation is to maximize profitability by efficiently recovering money lent to consumers—while maintaining consumer loyalty. This means that measuring the success of a recovery strategy goes beyond just dollars and cents and into consumer-centric metrics as well. But how do teams measure overall portfolio performance, and what are the most important portfolio-level key performance metrics (KPIs)? Let’s take a look at a few of the top KPIs and how they can be categorized. Key Collections Metrics Key performance indicators for debt collection and recovery efforts: Accounts per Employee (APE) or Accounts to Creditor Ratio (ACR): the number of delinquent accounts that can be serviced by an individual recovery agent Net Loss Rate or Net Charge Off Rate: measures the total percent of dollars loaned that ended up getting written off as a loss Delinquency Rate: total dollars that are in delinquency (starting as soon as a borrower misses a payment on a loan) as a percentage of total outstanding loans - often an early warning sign on the total volume of delinquent debt Promise to Pay Rate: the percentage of delinquent accounts that make a verbal or digital commitment to pay Promise to Pay Kept Rate: the percentage of delinquent accounts that maintain a stated commitment to pay Roll Rate: the percentage of delinquent dollars that “roll” from one delinquency bucket to the next over a given period of time - provides visibility into the velocity with which debts are heading into charge off Metrics like net loss rate are the north star of a recovery program, while metrics like delinquency rate and roll rate are leading indicators of future portfolio performance. But just as critical as these traditional KPIs, today’s collection operations need to focus on implementing and measuring digital engagement. Digital Engagement Metrics A range of KPIs that capture how effectively digital channels are reaching and engaging consumers: Coverage: the percentage of users for whom we have digital contact information Deliverability: the percentage of digital messages that are actually reaching consumers Digital Opt-In: the percentage of users who have consented to receive digital communications in a particular channel Open Rate, Clickthrough Rate: the percentage of users who are actually opening and clicking digital communications Following key collection and digital engagement metrics are all well and good, but how do recovery teams move the needle on those critical KPIs? Operational metrics are the KPIs that collectively drive overall portfolio-level performance. They represent the “levers” available to change the economics of a recovery model. Operational Metrics  Metrics that create simple framework to explain the profitability of a recovery operation:  Profitability of a Collections Operation Formula: R x ResF x E R [Reach]: percentage of consumers in delinquency can you actually reach ResF [Resolution Funnel]: how effectively you can convert initial contact with a consumer into a commitment to pay – and ultimately, a payment promise kept (see Promise to Pay Rate and Promise to Pay Kept Rate) E [Efficiency]: calculation of what the “unit economics” of your collection are and how much it costs, on average, for every account that you rehabilitate In the hyper-competitive financial services space, consumer experience is a source of competitive advantage. That’s why it stands to reason that alongside the “traditional” metrics of recovery economics, forward-looking businesses have pioneered a new set of KPIs that measure the value of consumer experience. Consumer-Centric Metrics  A new set of KPIs that measure the value of consumer experience: Net Promoter Score (NPS): how likely a consumer is to recommend a given brand after an experience with a brand’s collection organization Customer Retention Rate: how likely a consumer is to be reacquired by a given brand after his or her delinquent account is rehabilitated Keep a Close Watch on These KPIs for Collection As payment-driven organizations across verticals focus further into the world of recovery, it is safe to anticipate that digital engagement and consumer-centric KPIs like the ones we covered above will become even more deeply woven into the fabric of the organization. Ready to evaluate your debt recovery operations using more sophisticated KPIs? Schedule a consultation to get started today»»

If your business and collection partners aren't utilizing email in your debt recovery strategy, you’re leaving vital engagement opportunities (and potential collections) on the table. There are plenty of reasons why digital communications are the way to go, but reaching out through email is especially important in collections. Surveys show that 59.5% of consumers prefer email as their first choice for communication, and 14% of bill-payers prioritize payments that offer lower-friction payment experiences, which increases to 23% for millennials specifically. Considering this, it shouldn’t come as a surprise that courts have actually ruled that “an email is less intrusive than a phone call” for debt collection. But what makes a successful email program when it comes to connecting with delinquent accounts? Whether your business is handling collections in-house or are looking at working with a third party, your operations should be confident that you have these core components covered. Core Components for a Successful Email Program While adding email into the communication channel mix is critical, it is the set up, execution, and continued optimization of that email program that can actually make a difference when it comes to consumer engagement. There are many elements to a successful email strategy, but here are three of the core components that we’ll focus on: Infrastructure, Data, and Content All 3 are required for a successful email program—each one relies on the other two to create a high performing program. Let’s take a look at why each of these is important and the risks that can occur without each component in place. INFRASTRUCTURE The infrastructure an email program is built on has many components itself: Mail Servers, Mailbox Providers, Internet Service Providers (ISPs), Email service providers (ESPs), and more. How these components are set up and work together influences sender reputation, which in turn influences email delivery rates. You can learn more about these different pieces in our blog focusing on the The (Hidden) Anatomy of Email here»» While infrastructure can admittedly be complex, the risks your operation runs without a sound infrastructure are clear and quite consequential, including having your emails blocked, deferred or delayed delivery, or winding up lost in the recipient’s spam folder. DATA In today’s digital world, data is everywhere—but how you harness that data can make or break your email program (and even get you into hot water if you or your collections partner are not following all the necessary compliance regulations around data privacy and protection). Understanding data helps intelligently influence an email program, especially when focusing on email engagement metrics such as: Opens Clicks Unsubscribes Spam complaints Hard Bounces Spam traps But without quality data analyzed appropriately, your emails could result in consumer complaints, hard bounces, falling into spam traps, not to mention negatively impacting all the engagement metrics listed above. CONTENT Solid infrastructure and reliable data are essential in any email program, but when it comes to debt collection, content can be the tipping point between a consumer committing to repayment or ignoring the outreach altogether—or even reporting your communications as spam or harassment. From subject lines to your call-to-action (CTAs), sending the right message to your customers is crucial. Without compelling content you miss opportunities to capture consumers attention resulting in fewer opens, fewer clicks, or even pushing consumer perception in the wrong direction. If you lose your customers’ trust, you’re most likely going to lose the chance to recover their debt. Successful Email Engagement Can Boost Debt Recovery Studies have shown that engaging consumers through digital methods can increase resolution rates by as much as 25%. But if your digital efforts are missing any of the core components we just covered above, it doesn’t matter if your collection strategy includes email—your operations are going to be missing recovery opportunities. Ready to step up your engagement with better email strategies? Schedule a consultation to get started»»

When it comes to reaching consumers, it’s no secret that email has surpassed phone calls as the preferred method of communication. In fact, 59.5% of consumers prefer email as their first choice for communication. But just because your business sends emails to consumers doesn’t mean that your messages make it to their inbox. And if that email never reaches the intended recipient, it doesn’t matter what that customer’s preferred method of communication may be. There are more factors than you may realize that go into whether or not your email reaches the consumer’s inbox, so let’s look at the hidden anatomy of email and the factors that influence where your emails end up. What’s the Difference Between Mail Servers, Mailbox Providers, ISPs, and ESPs? Before we look at what happens when you hit “send” on that email, it’s important to identify some of the key components that operate behind the scenes to get your message from point A to point B. Mail Server: A mail server (also known as a mail transfer agent or MTA) is an application that receives incoming email from the sender and forwards outgoing messages for delivery to the recipient. Mailbox Provider: A mailbox provider provides email hosting and implements email servers to send, receive, accept, and store email for the recipient. ISPs: Internet Service Providers (ISPs) provide internet. Although ISPs can provide email services, separate ESPs are often used for business email operations—but ISPs play a major role in email delivery and landing in the recipient’s inbox. ESPs: Email service providers (ESPs) are a service that enables businesses to send emails and email campaigns to a list of subscribers. How Does Email Actually Work? When you hit the “send” button, your ESP sends the email to the recipient’s mail server through various protocols such as SMTP (Simple Mail Transfer Protocol). The delivery process involves establishing a connection with the recipient’s mail server, transferring the email content, and receiving a response indicating whether the email was accepted or rejected by the mailbox provider. Several key factors play into whether an email gets tagged in spam or junk or filtered into “social” or “promotion” categories. Mailbox providers and anti-spam filters make inbox placement decisions based on a 30-day rolling history of sender reputation metrics Inbox placement is based on the subscriber’s interaction, regardless of your business model All types of emails are subject to the same filtering, regardless of content At TrueAccord, every time we send an email our email providers notify us of events like delivered, open, click, hard bounce (such as an email being sent to an invalid or nonexistent email address), soft bounce (typically an indicator of a temporary technical issue on the recipients’ end), and spam complaints. In the case of bounces, TrueAccord stores that data and categorizes it as not delivered. Emails that result in a soft bounce are temporary bounces and could get delivered within 72 hours. For hard bounces, we will not send to those again—or it severely hurts our reputation among ESPs and ISPs. For Regulation F compliance when delivering disclosures electronically, debt collectors are required to monitor for deliverability. TrueAccord presumes that any hard bounce or undelivered soft-bounce (one that is not delivered after 72 hours of the first soft bounce) has not been delivered. Why are ISPs So Selective? the ISPs are selective on what emails get accepted and which actually reach the inbox. But there are three key initiatives ISPs consider: To protect email account owners from: Spam Scams Poor experience To protect and prioritize company resources: Limited email engines i.e. mail servers Limited bandwidth Limited personnel or internal expertise To continue driving revenue: Lower email interaction reduces ad impressions and revenue Too many emails can lead to account abandonment from subscribers Best Practices to Get Your Emails Delivered Understanding the different components of email, how it actually works, and the selective filters in place to protect consumers are all important to a successful email program. Now let’s look at several best practices to follow: Build and maintain a positive sender reputation with ISPs and ESPs Ensure good email list hygiene Send to actively engaged subscribers Maintain consistent volume and cadence (avoid spikes) Avoid spammy subject lines Develop valuable content that would engage subscribers While many of these best practices may seem like no-brainers, achieving them can take more skill and effort than most businesses expect. Each of these contribute to email delivery rates and more importantly, deliverability to recipients’ inboxes—key drivers towards consumer engagement and your bottom line. Ready to step up your engagement with better email strategies? Schedule a consultation to get started »»

With tumult in the banking industry in Q2 and inflation and economic stressors persisting, the financial outlook for American consumers remains uncertain. The ending of various pandemic-era benefits including the pause on student loan payments will impact consumers in the coming months. Student loan holders hoping for financial relief were disappointed in a Supreme Court decision that rejected President Biden’s plan to cancel more than $400 billion in student loan debt for millions of borrowers. Lawmakers are looking for other relief options, but in the meantime, many consumers will face higher monthly scheduled payments than they can cover, leading to delinquencies across credit types. If you’re a creditor or collector working with financially distressed borrowers, considering consumer situations and preferences when attempting to collect and employing digital strategies to boost engagement are more important than ever.  Read on for our take on what’s impacting consumer finances and our industry, how consumers are reacting, and what else you should be considering as it relates to debt collection in 2023. What’s Impacting Consumers and the Industry? High inflation and interest rates hung around in the second quarter of 2023. Inflation continued to ease month over month in May, landing at 4%, which is still double the Federal Reserve’s target of 2%. The CPI rose 0.2% in June on a seasonally adjusted basis, after increasing 0.1% in May, according to the U.S. Bureau of Labor Statistics. The index for shelter accounted for more than 70% of the increase, with the index for motor vehicle insurance also contributing.  In June, after 10 straight rate hikes, the Federal Reserve left the policy rate unchanged at the 5%-5.25% range, to allow time to see impacts from previous rate hikes. But "a strong majority" of Fed policymakers expect they will need to raise interest rates at least two more times by the end of 2023. Showing unexpected resilience despite higher interest rates, a late-June Commerce Department report showed the U.S. economy grew at a 2% annual pace from January through March as consumers spent at the fastest pace in nearly two years despite ever-rising borrowing costs. In Q2, the pandemic-era benefit around Medicaid came to an end and has impacted more than 1.5 million Americans who lost health insurance coverage in April, May and June. Because only 26 states and the District of Columbia had publicly reported this data as of June 27, the actual number of people who lost coverage through the government’s main health insurance program for low-income people and people with certain disabilities, is undoubtedly much higher. The federal government has projected that about 15 million people will lose coverage, including nearly seven million people who are expected to be dropped despite still being eligible. On the regulatory front, data protection is making headlines. Updates to the Gramm-Leach-Bliley Act (GLBA), the Safeguards Rule, provide financial institutions, including those in the accounts receivable management industry, with requirements on how to safeguard customer information, went into effect on June 9. The amendments lay out a more prescriptive recipe for the safeguards financial institutions must have in place around collecting, storing and transmitting consumer information. Several states have actively been considering and passing new legislation requiring additional policies, controls, and practices not only in the data security space but also for data privacy and data breaches. Meanwhile, the Consumer Financial Protection Bureau (CFPB) published a Small Entity Compliance Guide covering the amendments to the Equal Credit Opportunity Act and Regulation B, requiring that financial institutions compile and report certain data regarding certain business credit applications, including examples that explain how the requirements should be applied.  There were also a couple of notable court decisions impacting debt collectors last quarter. First, the 6th circuit court of appeals determined that one phone call under the Telephone Consumer Protection Act (TCPA) is enough to establish standing, meaning the suit is based on an actual or imminent alleged injury that is concrete and particularized and, for the plaintiff in Ward v. NPAS, Inc., to establish a concrete injury.  Second, and in a victory for TrueAccord, the Northern District of Illinois showcased the benefits of digital collection as the court found that receiving an email about a debt is less intrusive to consumers than receiving a phone call. In the Branham v. TrueAccord opinion, the court found that unlike telephone calls, two unwanted emails are insufficient to confer standing and wouldn’t be “highly offensive” to the reasonable person. Key Indicators and the Student Loan Predicament According to the New York Fed’s Quarterly Report on Household Debt and Credit, total household debt increased in the first quarter of 2023 by $148 billion (.9%) to $17.05 trillion. Debt increases showed up across almost all categories, with larger balances for mortgages, home equity lines of credit, auto loans, student loans, retail cards and other consumer loans. Looking like an outlier, credit card balances were flat at $986 billion during Q1, but reading between the lines, this is the first time in more than 20 years that there hasn’t been a seasonal outright decline in that category. And demand for more credit continues, which will drive household debt balances up farther. According to Experian’s June Ascend Market Insights report, new account originations were up 3.5% month over month with related balances up 7.7%. Breaking this down, auto loan account originations were up 0.7%, first mortgages were up 18.2%, while personal loans, HELOCs and second mortgages all grew significantly as well. Indicators show that delinquency is here to stay. Experian reports that overall 30+ days past due (DPD) accounts showed a 0.4% increase month over month in May. While unsecured personal loan delinquency, which grew quickly in 2021 and 2022, has fallen for the fourth month in a row, this may be due to accounts progressing through delinquency - collections and charge-off rates for unsecured personal loans have grown to nearly 8% of balances. Auto loans, and particularly those in the subprime category, are seeing delinquency rates surpassing levels last seen during the Great Recession, coming in at 1.69% for 60+ DPD in Q1 2023. Experian also reports that 1% of all consumer accounts rolled into higher stages of delinquency in April, which is in line with pre-pandemic norms and significantly higher than it was during the pandemic. Notably, 0.29% of accounts rolled into a lower delinquency status during May, a sign of collection effectiveness and of the relative financial health of delinquent consumers. This metric is still far below its historic norms and will be an important metric to watch as millions of consumers face higher monthly scheduled payments later this year tied to student loans. After three years of relief from payments on $1.6 trillion in student debt under the CARES Act,  student loan debt is scheduled to begin accruing interest in September 2023, with payments due starting in October. 40+ million borrowers who paid $200 to $299 on average each month in 2019 will soon face the resumption of a bill that is often one of the largest line items in their household budgets.  What’s more, research shows that student loan borrowers used extra space in their budgets during the pause to increase their leverage. Rather than paying down other debts, those eligible for the pause increased their leverage by 3% on average, or $1,200, compared with ineligible borrowers. According to the CFPB, as of September 2022, 46% of student loan borrowers had scheduled monthly payments for all credit products (excluding student loans and mortgages) that increased 10% or more relative to the start of the pandemic.  The CFPB also reports that approximately 2.5 million student loan borrowers already had a delinquency on a non-student loan as of March 2023. That’s an increase of around 200,000 borrowers since September 2022, and that’s still without a monthly student loan payment obligation. This signals that many borrowers aren’t or won’t be in a financial position to repay or will face delinquencies on other loans in order to do so. For a data-driven look into this topic, read our report, “Consumer Finances, Student Loans and Debt Repayment in 2023”.  Consumers Feel a Pinch but Remain Optimistic As daily life continues to be more expensive for everyone, PYMNTS’ research finds that 61% of consumers lived paycheck to paycheck in April 2023, similar to the year prior. And the data shows that consumers in urban centers are especially feeling the financial crunch, likely due to a connection to cost of living, with 7 in 10 living paycheck to paycheck. Wealthier consumers comprise a growing portion of the paycheck-to-paycheck cohort, with the share of consumers annually earning more than $100,000 who live paycheck to paycheck increasing 7% from April 2022. The US personal savings rate hovered at 4.6% in May, which is double last year’s record lows but still down significantly from pre-pandemic averages. Easing inflation seems to be improving consumers’ financial outlook, with fewer respondents citing concerns around savings levels, delaying large purchases, and worsening personal financial situations. However, the number of consumers feeling anxious about their job or employment situation steadily increased to 25% in May, up from 18% in February.  According to the Federal Reserve Bank of New York’s May 2023 Survey of Consumer Expectations, the average perceived probability of missing a minimum debt payment over the next three months increased by 0.7% to 11.3% in May. The increase was largest for respondents below the age of 40 with no more than a high school education, and those with a household income below $50k. Additionally, households' perceptions and expectations for credit conditions and their own financial situations all deteriorated slightly. For Debt Collection, Digital is Now a Must-Have While consumers balance budgets amid high costs of living, more and more are using streamlined, digital payment methods. New studies show consumers are embracing the convenience of digital payments via payment portals even for healthcare bills, noting how it can minimize pain points in the payments process. Today, 9 out of 10 customers want an omnichannel experience with seamless service between communication methods, and transacting where it’s convenient for them, on mobile devices, is even better. According to the Pew Research Center, reliance on smartphones for online access is especially common among younger adults, lower-income Americans and those with a high school education or less. In fact, 87% of TrueAccord consumers visit our web portal from their mobile devices and tablets, not their desktop computers. Choosing not to engage via digital methods can hurt vulnerable populations of consumers who primarily conduct most of their affairs digitally.  If your business has been relying on calling alone for customer communications, it’s time to shift gears to a more effective way of maximizing repayment and conversion rates in a challenging financial environment. For lenders or collectors engaging with distressed borrowers, here are ways digital can boost your efforts: 1. Cost-effective customer communications at scale. When almost all communications with consumers can happen electronically via email and SMS with no human interaction, the cost of agents, who now only manage inbound emails or calls from already engaged customers, is reduced. Lenders that have implemented digital-first solutions have seen their cost of collections fall by at least 15%. 2. Online payment portals. When consumers can make payments online when it’s convenient for them, they’re more likely to repay. Add options like payment plans and flexible payment days to appeal to distressed borrowers and see repayment and liquidation rates improve. 3. Code-based compliance. When compliance is coded into an algorithm that helps make decisions on customer engagement in debt collection, you can ensure that all digital communications fall within federal and state laws and regulations. Compliance built into the code can help prevent costly mistakes especially with the complex patchwork of regulations.

In today’s financial landscape, regulators at both the federal and state level are driving accountability for companies when it comes to data protection and security. We see that with the express requirement in the Gramm-Leach-Bliley Act, or GLBA, Safeguards Rule—which went into effect on June 9, 2023—that organizations have one qualified individual to oversee the information security program, and that the qualified individual provides regular reports to the highest governing body of an organization.This underscores the importance of protecting customer information in a digital age where information has its own intrinsic value. Let’s take a look at how the new updates to GLBA Safeguards Rule, how these security policies are important specifically for debt collection, and what best practices your business should follow to protect consumers’ data.  The GLBA Data Protection Law The Gramm-Leach-Bliley Act, or GLBA, is a federal regulation to control how financial institutions collect, store, and transmit consumer information. GLBA was enacted by the Federal Trade Commission (FTC) in 1999 and recently rolled out new amendments to the Standards for Safeguarding Customer Information, known as the “Safeguards Rule,” that went into effect on June 9, 2023, in effort to continue protecting consumer data in an ever-evolving digital environment.  A few of the updates to GLBA’s Safeguards Rule include: Provides covered financial institutions with more guidance on how to develop and implement specific aspects of an overall information security program Improves the accountability of these security programs, such as requiring financial institutions to designate a qualified individual responsible for overseeing, implementing and enforcing the program Data Protection is Critical in Debt Collection To attract clients today a debt collector must demonstrate the implementation of a full suite of information security practices covering physical, technical, and administrative safeguards, including a comprehensive employee information security training. Failure to implement these best practices can result in a security incident or worse, a data breach. Not only are data breaches costly because of the notification provisions, including providing credit bureau monitoring, it can be difficult for a company to survive after a breach. It is not unusual for a company to file bankruptcy after a data breach. Reputation and Customer Retention Although complying with federal and state regulations helps companies avoid costly—even criminal—penalties, consumer trust that their financial data is being protected is critical to maintaining a positive reputation and retaining customers (even if they fall into delinquency). Data protection policies can often be treated as a set-it-and-forget-it, or even treated as a luxury of lower priority due to limited resources, expertise, or familiarity. But for today’s consumers, data security is a top priority. A recent study by MAGNA Media Trials and Ketch, showed across every age group74% of people rank data privacy as one of their top values—consistently rank data privacy as their top concern. And on the flip-side, the study showed nearly 9 out of 10 consumers report strong data privacy practices positively impact their relationship with a company. Keeping Up With Compliance Along with federal regulations, individual states are also issuing new laws focused on consumer data protection. California, Utah, Colorado, Connecticut and Virginia all passed data privacy laws over the past several years that take effect in 2023. This past March, Iowa passed a Data Privacy Law that takes effect on January 1, 2025 that is very similar to both Virginia and Colorado’s laws affording consumers a right to know and right to request deletion. Pennsylvania amended its Breach of Personal Information Notification Act, by among other things, expanding the definition of “personal information” to include medical and health information, and a username or e-mail address in combination login credentials. Several more states have draft privacy and security laws in draft. Although GLBA and other data protection and privacy laws are the hot topic when it comes to compliance today, it isn’t the only federal privacy regulations lenders and debt collectors need to follow and monitor for changes—or face the consequences of non-compliance. Here are some recent laws and amendments impacting the industry: The Fair Credit Reporting Act: Credit reporting companies and users of credit reports have specific obligations to protect the public’s data privacy, with potential criminal liability for certain misconduct. The Dodd-Frank Wall Street Reform and Consumer Protection Act: Established a new Consumer Financial Protection Bureau with the authority to supervise and regulate entities that offer or provide consumer financial products or services. Health Insurance Portability and Accountability Act (HIPAA): Two part rule for privacy and security of personal health information that applies to covered entities (doctors, hospitals, pharmacies, insurers, and their vendors). PHI - is defined broadly to include any information provided to the covered entity by the patient. Consumer Data Protection is Not a Luxury Having good security practices in place is not only beneficial for both consumers and businesses, but also critical to stay compliant with all the new laws and amendments being introduced. Here are some of the best privacy and security practices to implement to protect customers, companies, and stay compliant: Practice data minimization. Know where personal information lives at all times by creating a data map of where the data goes and is stored throughout your systems, which includes knowing your vendor’s data security and privacy practices and controls. Know who has access to personal information and routinely examine if that access is necessary to complete that job function. Be intentional with how data is organized and stored so it can be easily segmented and treated differently if need be (think network segmentation). Have a public facing Privacy Notice–and make sure it accurately reflects your practices for use, collection, deletion and correction. Conduct an annual data security risk assessment to continually reassess areas for improvement and where you may need additional controls. Ensure contracts with parties whom you receive and/or give personal information to specifically address each parties’ obligations and restrictions for how personal information is used, shared, disclosed, stored, and sold (if permitted). The TrueAccord Approach At TrueAccord, empathy towards the consumer is a core part of our company mission: we enable businesses to collect more, faster, and from happier customers. Ready to collect more, faster from happier customers? Learn how TrueAccord weaves compliance and data security into debt recovery by scheduling a consultation today»»

Protecting personal and financial information is critical in today’s digital age. Where data has its own intrinsic value and where data breaches and cyberattacks are a risk for every business, the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA) provides financial institutions, including those in the accounts receivable management industry, with guidance on how to safeguard customer information. The existing Safeguards Rule provided financial institutions with much flexibility and discretion when determining what kinds of safeguards were best for their organizations and risks. With the amendments which go into effect on June 9, 2023 financial institutions now have a more prescriptive recipe for what those safeguards need to be. What is the Gramm-Leach-Bliley Act (GLBA)? The Gramm-Leach-Bliley Act, or GLBA, is a federal regulation to control how financial institutions collect, store, and transmit consumer information. Although GLBA was enacted by the Federal Trade Commission (FTC) in 1999, changes have been anticipated for the last few years. In October 2021, the FTC announced new amendments coming to the Standards for Safeguarding Customer Information, known as the “Safeguards Rule,” and an issuance of a final rule, referred to simply as the “Final Rule.” Originally set to go into effect in 2022, financial institutions—a designation that has also been updated—now need to prepare for the changes or risk non-compliance and its consequences before they go into effect on June 9, 2023. What is the Safeguards Rule? The Safeguards Rule took effect January 10, 2021, and its requirements were first set to go into effect beginning December 9, 2022, but the FTC announced it would extend the deadline for financial institutions to develop, implement, and maintain a comprehensive information security program by June 9, 2023. There are five overarching modifications to the existing Safeguards Rule: Provides covered financial institutions with more guidance on how to develop and implement specific aspects of an overall information security program Improves the accountability of these security programs, such as requiring financial institutions to designate a qualified individual responsible for overseeing, implementing and enforcing the program Exempts financial institutions that collect information on fewer than 5,000 consumers from the requirements of a written risk assessment, incident response plan, and annual reporting to the board of directors Expands the definition of “financial institution” within the scope of the Safeguards Rule - see the expanded definition in the next section below Includes several other definitions and related examples in the amended Safeguards Rule itself in an effort to make it more self-contained and to enable readers to understand its requirements without referencing the FTC’s Privacy of Consumer Financial Information Rule Along with these updates to the Safeguards Rule, let’s examine a few other specifications of the updates. What are other updates to the Safeguards Rule? The expanded scope of financial institutions that are subject to the Safeguards Rule is significant. Under the new Final Rule, “financial institutions” now include entities engaged in activities that the Federal Reserve Board determines to be incidental to financial activities, such as: It is important to note that the Final Rule does not apply to national banks, savings and loan institutions, and federal credit unions, as these institutions are not subject to the FTC’s jurisdiction. The Final Rule requires these covered financial institutions to comply with specific new requirements, such as: Encrypt all customer information held or transmitted in transit over external networks and at rest Multi-factor authentication for any individual accessing any information system, unless the use of reasonably equivalent or more secure access controls has been approved in writing by a qualified individual at the financial institution Conduct periodic written risk assessments, and the results of such risk assessments should drive the information security program Create procedures for evaluating, assessing or testing the security of externally developed applications used to transmit, access or store customer information Set procedures for secure disposal of customer information no later than two years after the last date the information is used Implement policies, procedures, and controls designed to monitor and log the activity of authorized users and detect unauthorized access or use of, or tampering with, customer information by such users Provide personnel with security awareness training, and provide information security personnel with training to address relevant security risks; and that key information security personnel take steps to maintain knowledge of changing information security threats and countermeasures Written incident response plan designed to promptly respond and recover from any security event affecting the confidentiality, integrity, or availability of customer information Qualified individual to regularly, and at least annually, report in writing to an organization’s governing body (e.g., board of directors) regarding the status and material matters of the information security program Regularly test or otherwise monitor the effectiveness of the safeguards’ key controls, and conduct required penetration testing annually and vulnerability assessments at least every six months and whenever there are material operational or business changes Given the expanded definition of “financial institutions,” some of these organizations may be unfamiliar with the extent of these requirements, and even those familiar with GLBA previously must be ready to comply or face the consequences. What are the penalties for non-compliance with GLBA? Whether it’s GLBA, Regulation F, or any of the numerous state laws, companies can face serious penalties for compliance failures—monetary, reputational, and even criminal. When it comes to GLBA, non-compliance penalties include: Section 5 of GLBA grants the FTC the authority to audit policies to ensure they are developed and applied fairly—all the more reason to follow the Safeguards Rule’s provisions of self-audits and testing.  Learn More About Compliance and Collections Now that you have the breakdown of the Gramm-Leach-Bliley Act updates to the Safeguards Rule, are you familiar with the other laws and regulations governing debt collection? Check out our Collections & Compliance resources to see what other regulatory guidelines may impact your business or schedule a consultation to get started»»

Outbound calling has been the main mode of collections for decades, but the cost of a call center or in-house full-time employees (FTEs) making calls is no longer justifiable when most consumers simply don’t answer the phone, on top of the mounting compliance restrictions limiting opportunities to call in the first place. But outbound dialing isn’t completely obsolete—digital-first omnichannel strategies can turn traditional call-and-collect operations around by integrating new digital channels into the communication mix. Let’s compare traditional outbound calling methods versus a digital-first approach in three key areas impacting your business’s ability to collect more, faster: COST COMPLIANCE CONSUMER PREFERENCES Get even more statistics and data in our latest eBook — Why Evolve from Outbound Calling to Omnichannel Engagement? Cost, Compliance, & Consumer Preferences — available for download now»» COST: Call-and-Collect The cost to collect has been on the rise for traditional methods for years, whether you outsource to a call center or have FTEs dialing the phones. One reason for this rise is based on the fact that many lenders still practice old strategies to prioritize contacting customers based on their risk profiles, balance, and average days delinquent—completely missing portions of their portfolios. Factoring in propensity to pay is important to successful engagement, but it means that agents’ time is focused on only a small portion of accounts, leaving potential repayments on the table. Add in the overhead costs, inflation, and hiring challenges of using agents as first attempts at engagement and watch the expenses continue to climb past what you’re able to collect through outbound calling. COST: Digital-First Omnichannel Right off the bat, digital-first shows the cost of collections can fall by at least 15%. Since digital is infinitely scalable, this communication tactic can touch every single account, regardless of scoring models—unlike human dialers who can only physically call a certain number of accounts on any given day. Going digital-first cuts down on the time billed for making repeated outbound calls that are never answered or returned, and it allows agents to interact with customers that want to speak directly to a person. Overall, digital-first has shown to boost customer engagement by 5x, the first step towards repayment. COMPLIANCE: Call-and-Collect It’s no secret that it’s increasingly complicated to reach customers with all the legal communication restrictions. While all debt collection communication is subject to compliance rules, outbound calling has specific laws and regulations that can carry costly penalties for non-compliance—and it’s only becoming more complex with new state-specific rules rolling out right and left. But no matter where your business is doing business, if you’re making collection calls you must follow these federal guidelines: Inconvenient Time Rule: prohibits calling before 8am or after 9pm Regulation F’s 7 and 7 Rule: Cannot call more than seven times within a seven-day period Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) tagging legitimate businesses as spam FCC Orders further restrict dialing to landlines and include opt-out requirements for prerecorded voice messages But there is a more streamlined way to ensure your collection communications are following all the rules: enter code-based compliance. COMPLIANCE: Digital-First Omnichannel Code-based compliance works by programing rules that ensure all communications fall within all federal and state laws and regulations, such as: Frequency and harassment restrictions Consent requirements* Disclosure requirements This digitally designed approach to compliance greatly reduces the opportunities for human error that are bound to occur in more manual processes. Additionally, the digital-first approach allows companies to continue to collect during times that calling would violate certain regulations, like the Inconvenient Time Rule. In fact, 25% of payments come in after 9pm or before 8am (the determined inconvenient times), since these hours can actually be more convenient for consumers to catch-up on digital communications they received throughout the workday. *Generally, there is no requirement in the federal law to send debt collection communications by email, though some states are more restrictive. This is not legal advice, please consult an attorney for guidance on your unique circumstance. CONSUMER PREFERENCE: Call-and-Collect 46% of consumers want to be reached through their preferred channels—so what are today’s consumers’ preferences? Here’s a hint: phone calls aren’t at the top of the list. And today’s Right Party Contact rates show it, ranging between just 0.5% - 4.0%. And out of those that do answer the phone, 49.5% of consumers take no action after a collection call. The old call-and-collect tactic may actually do more harm than good if compliance rules are ignored: out of the communication tactic complaints received by the CFPB in 2020, over half complained of frequent or repeated calls. CONSUMER PREFERENCE: Digital-First Omnichannel So if phone calls aren’t consumers’ preferred method of communication, then what is? For 59.5% of consumers, email is their first preference when it comes to debt collection communications. This is especially important considering that first contacting a customer through their preferred channel can lead to a more than 10% increase in payments. This digital preference isn’t surprising since nearly nine in ten Americans are now using some form of digital payments—why would they expect collections to be any different? 14% of bill-payers prioritize payments to billers that offer lower-friction payment experiences, and digital is often preferred because of it. Digital communications are easily controlled by consumers and are tightly managed by service providers with built in mechanisms to prevent harassment (like with code-based compliance), which we know has historically been a challenge for call-and-collect practitioners. Digital-First is the Future of Collections And it’s here today, working for TrueAccord clients and customers. At TrueAccord, we find that more than 96% of customers resolve debts without any human interaction when digital options are offered—reducing costs associated with outbound calling, lowering risks with code-based compliance built in, and delivering an experience that consumers prefer. Get even more statistics and data in our latest eBook — Why Evolve from Outbound Calling to Omnichannel Engagement? Cost, Compliance, & Consumer Preferences — available for download now»» Ready to go digital-first with your debt recovery operations? Schedule a consultation to get started today!

Over the past two years, revolving credit card balances have grown more than 25% and are now above $1.2 trillion. Additionally, personal savings rates are stubbornly holding near 65-year lows, and combined with higher interest rates driving higher minimum payments, consumers are obviously feeling the stress. At the same time, delinquency rates on these higher balances have increased over 45%, putting significant strain on bank credit losses. So what can lenders do? Let’s start by looking at what consumers want, and what outbound calling agents would like to see as well. What do Customers Want? And What do Agents Want? For businesses executing outbound call strategies and leveraging dialer technologies, the range of right party contact rates are anywhere from a struggling 0.5% to 4%. With these diminished returns of connection rates, calls become more expensive and less impactful. It’s no secret that consumer preferences are changing rapidly and younger generations especially do not want to answer phone calls—and it’s important to keep in mind these younger borrowers will be the customers businesses will be servicing for the next 30 to 40 years, especially in a delinquent environment. In general, consumers want to pay off their debts, but they want to be able to do so when it's most convenient for them, which is often outside the “presumptively convenient times” between 8am and 9pm. In fact, 25% of payments come in after 9pm or before 8am. At TrueAccord, results show that more than 96% of customers resolve debts without any human interaction when digital options are offered. But what does that mean for the humans dialing phones for traditional call-and-collect methods? When businesses deploy an outbound call strategy before digital, often agents are shooting in the dark despite good intentions and dedicated efforts—which can affect outbound agent morale, making it a difficult environment to hire and retain top talent. And given today’s economic landscape, it's challenging to call and collect from people who are behind on their bills or payments when so many other financial obligations are competing for dollars. The key: let agents do what agents are good at—the human touch—but leverage digital as the first touchpoint. Let digital get the customer to understand where they are in delinquency. If and when they want to talk to a human, agents are there to do what agents do best: empathize and resolve any issues that digital cannot. Agents are able to attend to higher-value inbound calls when digital, self-serve options are available for those who just want to make a payment—and it allows those customers to do so in a more convenient, preferred way. Digital-First, Save More Digital early stage solutions reduce collections costs for leading organizations across industries by making full-time employees (FTEs) more impactful (or even lowering FTE headcount) and reducing overall expenses while maximizing repayment rates.  Companies that do rely heavily on an outbound call strategy must realize how expensive each call becomes. The longer that an account is in delinquency, every call becomes more expensive because the likelihood or the propensity to pay diminishes as the debts get older in age. So being able to automate and find those right channels at the right time with a digital strategy will help those phone calls get better results. Plus, the digital first strategy is infinitely scalable—it doesn't matter how rapidly a business grows on the frontend for lending or on the backend with new accounts that fall into delinquency. This digital-first approach allows companies to mitigate against turnover or having to compete for talent in the market. And again, FTEs can now be more effective in the delinquency cycles where phone calls are preferable, especially as accounts get further into delinquency. Making outbound phone calls absolutely serves a vital part of a business’s omnichannel strategy, but deploying digital first will make those calls more cost-effective. It also delivers a stronger connection rate by identifying those preferences through feedback from leveraging a digital-first communication strategy. Think about how this data can help businesses not only from a performance and liquidation perspective, but by learning from which customers are opening communications versus which ones aren't. Those that don't respond to digital should go to the top of the call queue because the data points towards a probable preference for person-to-person calling. TrueAccord Difference Learning from these digital engagements is vital for optimization, but if an organization is new to digital communications or has only been sending mass-blast, one-size-fits-all emails, it can feel like an uphill trek to start getting insights to drive better results.  But by partnering with TrueAccord, who's been mining consumer engagement data for over 10 years, businesses get plugged in and start benefiting from our data from the get-go. Being able to automate with TrueAccord allows your company to focus on inbound human interactions while simultaneously, TrueAccord’s first-party, client-labeled platform sends effective digital communications to all of your past-due accounts.  The bottom line benefits of working with TrueAccord: Maximize the productivity of your business’s resources with a managed, digital-first approach that enhances the efforts of your FTEs and overall collections operations. Start with a consultation today!

Disclaimer: The information provided in this blog post does not, and is not intended to, constitute legal advice.  Protecting consumer privacy is not an unfamiliar concept in our industry and it’s something that should already be woven into our policies, procedures, and practices. With the rapid increase of state privacy laws across the United States, any company that collects, uses, transmits, or receives consumer data has to stay up-to-date on all related compliance issues. In a previous webinar, Coast to Coast—the State of Privacy and Compliance in 2023, TrueAccord’s legal experts discussed the newest federal privacy laws and all the related compliance issues. Watch the full webinar on-demand now! The passage of the FTC’s Safeguards Rule, amending the Gramm Leach Bliley Act (GLBA), has been a big topic in data security conversations across the financial services industry as businesses prepare to be in compliance on or before the extended effective date of June 9, 2023. Meanwhile, several states have actively been considering and passing new legislation requiring additional policies, controls, and practices not only in the data security space but also for data privacy and data breaches. It is important for Chief Information Security Officers, Privacy Officers, and Chief Compliance Officers to stay on top of this legislation, as well as Chief Executive Officers since we have seen many federal and state actions naming the CEO in their individual capacity for failing to properly secure and protect data or to properly delegate these responsibilities to the appropriate persons within their organizations.  **Please note this article is not legal advice. This is not an exhaustive list of all laws. You should consult a lawyer if you have questions about federal and state data security, privacy or breach laws. Data Breach Laws All 50 states have data breach notification laws on the books. In 2022, 19 states considered enhancing their data breach laws. Those states that passed revised data breach laws, tightened up notification timelines, added additional definitions of what constitutes personal information, and expanded the notification requirements to include additional state agencies. For example, Arizona’s law HB 2146, amending Arizona Revised Statutes section 18-552, not only requires that notification be made to consumers but also to the Director of Arizona’s Department of Homeland Security. If the breach impacts more than one thousand people, then the law requires the notification also be given to the three largest nationwide credit reporting agencies, the attorney general, and now the Director of Arizona’s Department of Homeland Security.  While most states are shortening the time frame in which a consumer must be notified of a data breach to 45 days or less, some of these laws include exceptions or a short list of situations in which a delay in notification is permissible. For example, Indiana’s revised law, H.B. 1351, amending Indiana Code 24-4.9-3-3, limits a permissible delay in notification three circumstances: (1) when the integrity of the computer system must be restored, (2) when the scope of the breach must be discovered, or (3) when the attorney general or a law enforcement agency asked to delay disclosure because disclosure will impede a criminal or civil investigation, or jeopardize national security. Both Maryland (H.B. 962, amending Maryland Personal Information Protection Act and section 14-3501 of the Annotated Code of Maryland)and Pennsylvania (S.B. 696, amending the Pennsylvania Breach of Personal Information Notification Act) expanded the definition of “personal information” to include medical and health information, including a definition of “genetic information” in Maryland’s law. Since the webinar, Utah Governor Spencer Cox signed into law Senate Bill 127 on March 23, 2023, which amends the state’s data breach notification statutes. The amendments go into effect May 2, 2023.* Along with updates to states’ laws, Federal regulators are also providing additional guidance too. For example, the Office of the Comptroller of the Currency (OCC) recently released more information regarding when banks need to know from their vendors about data breach including ransomware notifications. Data Privacy Laws In addition to creating and updating laws to help consumers in the event of a data breach, states have also been enacting laws dedicated to protecting consumer privacy. There are six states with comprehensive data privacy laws: California, Connecticut, Colorado, Iowa*, Virginia, and Utah. These laws give consumers various rights over their personal information, such as the right to know what information companies collect and use, a right to correct their information, a right to opt-out of the sale of such information, and a right to request deletion.  In 2022, Congress introduced a federal privacy law, HR 8152, the American Data Privacy and Protection Act; however, it did not make it to the finish line despite having bipartisan support. It contained some preemption of state privacy and data protection laws, which would have been a relief to many companies navigating the existing patchwork of state laws.  As of January 2023, many states have introduced privacy-related bills and this is likely to continue throughout the years to come.  California took the privacy law lead in passing the California’s Consumer Privacy Act of 2018 (CCPA) that went into effect in January of 2020 to protect the use and sharing of personal data. California recently expanded the CCPA with the California Privacy Rights Enforcement Act (CPRA) that took effect on January 1, 2023. The law created the new California Privacy Protection Agency and gave it the power, authority, and jurisdiction to implement and enforce CRPA. Additionally, businesses must regularly submit their risk assessment on the processing of personal information to this new agency.  The four other states that followed suit have substantially similar laws with broad definitions of personal information. These laws typically apply to persons that conduct business in the state and processing a set minimum of consumer data records (typically 25,000 or more) or businesses who earn at least 50% of their revenue from the sale of consumer data.  These laws give consumers various rights, such as the right to access their personal data, correct inaccurate personal data, delete personal data, in certain circumstances, obtain a copy of the personal data they previously provided to a controller, opt-out of the processing of their personal data if related to targeted advertising, sale of personal data or certain profiling activities, appeal a controller’s refusal to take action on a request, and submit a complaint to the attorney general if an appeal is denied. Interestingly, Colorado’s law makes clear that a consumer's consent is not valid if obtained through the use of a “dark pattern.”  These laws do not give consumers a private right of action but are enforced by the state’s attorney general with civil monetary fines calculated per violation. These laws also contain exemptions for data already protected by other laws, such as HIPAA, FCRA, and GLBA. Virginia’s law took effect January 1, 2023. Both the Connecticut and Colorado Data Privacy Acts will go into effect July 1, 2023. The Utah Consumer Privacy Act takes effect December 31, 2023. The Iowa privacy bill (SF 262) was signed into law by Gov. Kim Reynolds on Tuesday, March 28, 2023. The legislation is set to take effect Jan. 1, 2025.* Best Practices for the Future of Data Security & Privacy  Having good security practices in place is not only beneficial for both consumers and businesses, but is absolutely critical to stay compliant with all the new laws and amendments being introduced.  So what are some of the best privacy and security practices to implement to protect customers, companies, and stay compliant?  Practice data minimization. Know where personal information lives at all times by creating a data map of where the data goes and is stored throughout your systems, which includes knowing your vendor’s data security and privacy practices and controls.  Know who has access to personal information and routinely examine if that access is necessary to complete that job function. Be intentional with how data is organized and stored so it can be easily segmented and treated differently if need be (think network segmentation).  Have a public facing Privacy Notice–and make sure it accurately reflects your practices for use, collection, deletion and correction. Conduct an annual data security and privacy risk assessment to continually reassess areas for improvement and where you may need additional controls. Ensure contracts with parties whom you receive and/or give personal information to specifically address each parties’ obligations and restrictions for how personal information is used, shared, disclosed, stored, and sold (if permitted). Compliance with data privacy and data security requirements will continue to progress as new laws and regulations are passed. Best practices will continue to evolve as well, as we continue to learn more about the expectations from Federal and state legislators and regulators, and as companies navigate evolving threats and vulnerabilities. Watch the full Webinar: Coast to Coast— the State of Privacy and Compliance in 2023 here »» Learn more in our Compliance & Collections Resource Center or schedule a consultation today!  Footnotes:  *The Iowa privacy bill (SF 262) was signed into law by Gov. Kim Reynolds on March 28, 2023 after TrueAccord’s Coast to Coast webinar.  *The data breach law for Utah was passed on March 23, 2023 after TrueAccord’s Coast to Coast webinar