By Fran Bishop, Government Relations Liaison
Or as I often say…damned if I do, and damned if I don’t!
We all know the requirements of pawnbrokers to collect and verify the identity of our pawn customers, thoroughly describe the item(s) being pawned or sold to us, accurately calculate the APR, disclose any other allowed charges, dot every I, and cross all t’s on our pawn tickets.
Another requirement is to make this treasure trove of information available to law enforcement. This ‘availability’ is accomplished by varying methods, primarily in electronic format via a third-party data aggregator chosen by law enforcement. Now we’re talking about data security and liability if there is a breach.
The CFPB recently published a circular stating that financial companies may violate federal consumer financial protection law when they fail to safeguard consumer data, and when you can be held liable for lax data security protocols.
For instance…identity theft. Your customers could become victims of identity theft as a result of data breaches, cyberattacks, ransomware attacks, and other exposure of their personal identification data.
I want to congratulate the California Pawn and Secondhand Dealers Association (CAPA) on a long, hard-fought battle to get ahead of a Catch-22 by passing Section 21628 of the Business and Professions Code a few years ago providing for pawn transaction information be uploaded to a uniform, statewide, state administered program. In other words, not to any third-party-for-profit data aggregating company.
On September 28, 2022, the California Governor signed SB 1317 amending the above mentioned Code to remove the requirement to include the pawn or sellers’ personally identifiable information from the reporting. Effective January 1, 2023, only property/item information is required to be uploaded.