Unique Logo
 

Protection of Privacy Policy

 

 

SCOPE

This policy defines the protection of privacy for all debtor and client information revealed to UMS for purposes of assisting UMS clients in asset recovery.

policy

 

·         It is UMS policy to take every measure possible using appropriate systems, equipment, and personnel to protect the privacy of all clients and their debtors. 

 

·         UMS employees must take every measure feasibly possible in order to protect the clients and their debtors. 

 

·         UMS complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.  The company has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view the company’s certification, please visit http://www.export.gov/safeharbor/

 

Responsibilities

HR Manager is responsible for assuring all employees have acknowledged the receipt of the Protection of Privacy Policy.

IT Manager is responsible for assuring all systems and equipment are adequately set up and utilized in a manner that actively protects all customer and debtor information.

Manager of Quality Assurance is responsible for monitoring areas of potential weakness in the systems and personnel and initiate appropriate corrective action is taken if a breach or error occurs.

 


Protection of Privacy Procedure

 

 

PURPOSE

The purpose of this procedure is assure measures are taken to protect the privacy of all UMS clients and debtors.

SCOPE

            This procedure covers all aspects of protecting the privacy of UMS clients and debtors.

RESPONSIBLE PARTIES

HR Manager is responsible for assuring all employees have acknowledged the receipt of the Protection of Privacy Policy.

IT Manager is responsible for assuring all systems and equipment are adequately set up and utilized in a manner that actively protects all customer and debtor information.

Manager of Quality Assurance is responsible for monitoring areas of potential weakness in the systems and personnel and initiate appropriate corrective action is taken if a breach or error occurs.

Each supervisor is responsible for assuring his/her employee(s) are following the Protection of Privacy Policy.

Each employee is responsible for assuring he/she is making every reasonable effort to protect the privacy of UMS clients and debtors.

PROCEDURE

Equipment and Systems Protection of Privacy

 

In order to abide by the client policy and local, state, and federal laws that protect customer confidentiality, UMS will only correspond directly with the customer identified by the client unless given expressed written permission by that customer to release information to a third party, including, but not limited to, spouse, guardian, and lending agency.

 

Additionally, UMS obtains limited customer information.  UMS does not receive any information concerning materials that are past due except the total balance owing in order to protect the customer’s confidentiality.

 

All work performed shall be conducted according to applicable provisions of the Federal Fair Debt Collection Practices Act and client and state confidentiality laws.  Detailed records and documentation shall be maintained and provided to the client.  We will ensure the confidentiality, security, and safety of all client files, documents, computer files, etc.  All information provided to UMS will be used solely for the purpose of collection of those accounts.

 

UMS maintains a continual connection to the Internet via T-1 connection.  This connection has a range of dedicated, static IP addresses.  Connections to UMS’ network are through proxy/firewall systems.  Each system contains software designed for intrusion detection and detailed logging of activity.  These systems specifically control access to our internal network and are monitored by systems personnel on a continual basis. Access logs to the internal network are analyzed in order to detect intrusions and security breaches.

 

Transmission of data between client and UMS is handled over a variety of channels.  UMS is equipped to handle encrypted email, SSL over HTTP (HTTPS), and secure FTP.  SSL options utilize 128-bit encryption from each node.  All encryption options would require the client node to be responsible for utilization of the necessary client side programs needed to use SSL encryption.  For example, to utilize HTTPS, the client node would need to be equipped with modern browser software (e.g. Internet Explorer 5.0 or later).  UMS will demonstrate these abilities upon request. 

 

UMS has the Bloodhound Collection Software System, which is a state of the art collection system.  The software was tailor designed to meet the specific needs of UMS clients.  The system allows for immediate update capabilities when any contact is made with overdue debtors. Detailed notes are kept in the system regarding every contact made to each debtor.

 

UMS utilizes the Ensercle ACD telecommunications system from Siemens Global Communications.  This system utilizes 3 dedicated PRI based telecommunication circuits for the purposes of placing calls to debtor accounts, and receiving incoming calls from debtor accounts.   These circuits provide 69 phone lines available for concurrent usage.

 

All server type systems are contained in a locked room within our building.  Access is provided only to appropriate personnel.  All systems are password protected, with security considerations placed on privileged accounts.  Backups of all collections related information is made on a daily basis, with a rotation of encrypted backup tapes offsite at all times.  The building contains fire detection systems.  In the event of catastrophe, duplicate backup systems are available for installation at an alternate location. 

 

            Personnel Level Protection of Privacy

 

The key to assuring UMS employees are adhering to these procedures are good notes on client and debtor files.  Notes will include all pieces of information obtained to verify identity of caller, all legal notices provided to the caller (Mini Miranda), and all information released to the caller.  A supervisor will periodically review debtor and client notes to assure compliance with this policy.

 

Deviation from these procedures without prior approval from a supervisor is absolutely unacceptable.  Failure to comply with this policy will result in disciplinary action up to and including immediate termination.

1.   When speaking with a debtor, verify as much information as possible before releasing information.  Make a note of which pieces of information were verified and exactly what information is released.

 

2.   When speaking with a client, verify the person is a contact in CARMA by first and last name and their phone number or email address.  If you cannot verify the contact from CARMA without a shadow of a doubt that you are speaking with an approved client contact, send call on to CS without disclosing any account information.  They will further investigate the caller’s identity according to their policies and resources before releasing information.

 

CS will further investigate the identity of the caller by again attempting to verify identity through CARMA.  If indeed not in CARMA, CS can utilize InfoLink contacts to confirm identity. 

If the individual is not listed as an approved contact in CARMA or InfoLink, the UMS employee must verify that the contact works with the client by contacting a listed/approved contact via the client’s main phone number.  Under no circumstances will a UMS employee divulge any information to an unlisted contact without first verifying that they are with the client. 

All information requested by the client must be faxed to a fax number listed in CARMA or a fax number verified by the main contact or Director.  Any email correspondence must be to an email listed in CARMA.

 

3.   If in the course of the conversation with the caller, you learn that the person has misrepresented himself to you, immediately stop releasing information and say, “I have just learned that you have misrepresented yourself to me and my company.  I am informing you now that you have broken federal law by falsely identifying yourself in order to obtain the private information of another individual.  I am now ending this call.”  Make complete notes in Bloodhound and CARMA as to how the person originally identified himself, what information was released, how the fraud was identified, and that the call was ended immediately upon knowledge of the fraud.

 

4.   When information is released to a verified client employee, all information released must be noted in Bloodhound and CARMA.  This note will also include all pieces of information obtained to verify the identity of the caller.

 

5.   All debtors, libraries, and third parties that have provided an approved signature of authorization for release of information requesting information to be faxed to them must first fax UMS a UMS approved Electronic Communication Request form that can be downloaded from our website (www.unique-mgmt.com).  If necessary, this form can be faxed to the interested party.  This form is located in I:\Production\Disputes\Disputes\Electronic Communication Request.doc.

 

6.   All faxes to debtors, third parties that have provided an approved signature of authorization for release of information, and libraries must contain the following disclaimer on the cover sheet:

 

THIS MESSAGE IS INTENDED FOR THE SOLE USE OF THE PERSON TO WHOM IT IS ADDRESSED AND CONTAINS INFORMATION, WHICH IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW.  IF THE READER OF THIS MESSAGE IS NOT THE INTENDED RECIPIENT OR THE EMPLOYEE OR AGENT RESPONSIBLE FOR DELIVERING THE MESSAGE TO THE INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY DISSEMINATION, DISTRIBUTION OR COPYING OF THIS COMMUNICATION IS STRICTLY PROHIBITED.  IF YOU HAVE RECEIVED THIS COMMUNICATION IN ERROR, PLEASE NOTIFY US IMMEDIATELY BY TELEPHONE AND RETURN THE ORIGINAL MESSAGE TO US AT THE ABOVE ADDRESS VIA THE UNITED STATES POSTAL SERVICE.

 

7.      Absolutely no communication should be sent to a debtor or a third party that has provided an approved signature of authorization for release of information via email.  There is never an exception to this rule.

 

8.      Before information is emailed to a client upon request, the email address must be verified in CARMA.  Notes will be made in CARMA and Bloodhound concerning the contact.  This note will include the email address information was sent to and the information released in the email.  The email should include the same disclaimer included on faxes in procedure #6.

 

All paper documents that contain any debtor information (name, account number, etc) should be appropriately disposed of in the shredding containers, not in trashcans.  Additionally, those papers containing any debtor information that are being kept should be stored in appropriate locations and out of plain sight in the office.
© 2017 Unique Management Services, Inc. - Privacy Policy