The Nevada Legislature recently passed Senate Bill 276 (“SB 276”), which permits employees of Collection Agencies to work from remote locations and exempts certain entities from qualifying as a “Collection Agency.” The provisions of SB 276 relevant to Collection Agencies will become effective on October 1, 2023.
SB 276 amends Nev. Rev. Stat. § 649, which deals with Collection Agencies, to include a provision defining the term “remote location.” As defined in the amendment, any location, other than a Collection Agency’s principal place of business or branch office where an employee of a Collection Agency conducts business, may be considered a remote location.
Amended Nev. Rev. Stat. § 649 also includes specified standards for employees of licensees working from a remote location. Any licensee with remote employees must enter into a written agreement with such employees stating that they will conform to the specified standards, including:
- Maintaining the confidentiality of debtor data;
- Maintaining all data electronically and refraining from printing or otherwise storing physical records at a remote location;
- Reading and complying with the Collection Agency’s relevant security and equipment policies;
- Refraining from representing to a debtor that the agent is working from a remote location or that the agent is working at the Collection Agency’s place of business;
- Refraining from conducting any in person interactions with a debtor at a remote location;
- Refraining from working alongside another agent at the same remote location unless the agents both reside in the same residence;
- Authorizing the Collection Agency to monitor the agent while working from the remote location;
- Accessing the Collection Agency’s technological systems exclusively through the usage of unique credentials;
- Completing a training program on legal compliance and privacy prior to working remotely; and
- Working under direct oversight and mentorship form a supervisor for at least 7 days prior to working remotely.
Additionally, amended Nev. Rev. Stat. § 649 requires Collection Agencies to develop and implement a written security policy for employees who work from a remote location ensuring that:
- A remote employee can only access the licensee’s systems through a VPN on an agency-issued computer that is strictly used for agency-approved activities;
- Any updates or repairs necessary to keep data and equipment secure are installed or implemented immediately;
- Data that is accessible from a remote location is safe from unauthorized or accidental access and is protected by reasonable security measures, such as antivirus software, firewalls, and designated drives;
- Data is disposed of in a timely and secure manner as required by applicable law and contractual requirements;
- The Collection Agency has procedures in place in the event of a security breach or other emergency that has the potential to impact the storage of or access to the Collection Agency’s data;
- The Collection Agency is able to remotely disconnect any remote employee from accessing the Collection Agency’s systems and erase any data from an agency-issued device upon termination of the employee’s employment; and
- A risk assessment is performed annually and the security policy is updated to correct any deficiencies identified in the risk assessment.
Finally, SB 276 amends the definition of “Collection Agency” in Nev. Rev. Stat. § 649.020. Amended Nev. Rev. Stat. 649.020 exempts specific individuals and entities from qualifying as a “Collection Agency,” including:
- Savings banks;
- Credit unions;
- Thrift companies;
- Trust companies;
- Mortgage servicers except when attempting to collect a claim that was assigned when the relevant loan was in default;
- Any person collecting in their own name on a claim that they originated;
- Any person servicing a claim that they originated and sold; and
- Any person described in 15 USC § 1692(6)(A)-1692a(6)(F).
Importantly, we note that an entity engaged in any business activities covered by SB 276 should consult the full text of SB 276 to determine how such changes will affect its business operations.
[View source.]