Last year, we were criticized by our regulator for not “safeguarding consumer data.” We revamped our policies and procedures for several weeks, hired an IT company, did penetration testing, and even hired a law firm to check our system. They brought in a firm such as yours to do an overview of our policies. So, we thought we covered all the bases.
We have just received a letter from the regulator. They are requesting an on-site visit soon. This was expected. But as we got ready for the examination, we learned that the CFPB is going after consumer protection violations, such as connecting to UDAAP violations.
Since we covered everything – or thought we did! – it would be great if you could fill in any possible blanks to prepare for the coming examination.
What important actions can we take to double-check our consumer data security?