The massive security and data breach at Equifax has brought to light the requirement of making sure that your company adopts internal processes that prevents breaches and ensures that such breaches are timely discovered. This requires that you undergo regular Service Organization Control (SOC) audits or similar audits if you are hosting data on your servers. If you store your data on third–party data centers, you should require that they undergo regular SOC audits. You may also want to implement a robust reporting time frame for informing customers when such security or data breaches are discovered, amongst others.
We are keeping a close eye on this and on the development on the Consumer Financial Protection Bureau’s rule regarding mandatory arbitration clauses and class action waivers.