The American Recovery Association (ARA) recently released a policy statement associated with the revamped Safeguards Rule set to be implemented by the Federal Trade Commission in June.

In connection with the mandate, ARA specifically believes recovery professionals should engage in the following best practices:

● Immediately after recovery, cut new keys to the vehicle

● Once keys are cut, access the vehicle to retrieve, inventory, and securely store all personal effects

● Eliminate all consumer information from the vehicle’s computer or other electronic repository or database accessible through the vehicle

ARA then said that every subsequent custodian of the vehicle along the chain of custody should, as a matter of best practice, verify that all consumer information has been eliminated from the vehicle and take responsibility for removing any remaining consumer information before the vehicle moves to the next custodian.

The association recommended its members work together with their finance company and servicer clients to establish compliance protocols and ensure all custodians participate in consumer-protection processes.

“ARA expects that many lenders and servicers that issue recovery assignments share ARA’s concern about these important consumer-protection and regulatory issues, and will support the best-practices points above in working together with ARA members to implement them. That said, there may be lenders or servicers that do not share ARA’s position,” the association said in a news release.

ARA strongly urged members to consider the following issues when working with finance companies and servicer clients when it comes to the FTC Safeguards Rule, as well as any other statute, regulation, or law that governs the protection of consumer data and privacy:

● Do you understand the finance company’s or servicer’s internal processes for protecting consumer data and property during their respective stages of the repossession process, including, but not limited to, eliminating consumer data from vehicle computers and other electronic repositories and databases accessible through the vehicle?

● Have you obtained written assurance that the lender or servicer has such internal processes and that those processes will be applied to assignments you will be working? Does your service agreement delineate responsibility for protection of consumer data and privacy between the parties based on their custody of the vehicle?

● Does your service agreement contain any representations or warranties about the lender or servicer compliance protocols for protecting consumer privacy or consumer data while the vehicle is in their custody?

● Are there opt-out, waiver, indemnification, or hold harmless provisions in your service agreement? Do they speak to the issue of protecting consumer privacy and consumer data and whose responsibility that is at the various stages of the repossession process based on the chain of custody?

“The long-and-short is this: ARA members conduct themselves with consumer interests in mind,” the association said. “That includes these critical privacy and data protection issues, which are implicated by the FTC’s Safeguards Rule. To the extent the rule applies to recovery professionals, the industry must stay vigilant to ensure compliance.

“This policy statement is not legal advice, nor a substitute for legal advice. ARA cannot give you legal advice. You must work with your internal or outside counsel to determine the appropriate course of action with respect to the issues discussed in this policy statement,” the association went on to say.