Association of Progressive Rental Organizations
JOIN APRO
JOIN APRO

Regulatory Interest in Data Security on the Rise

By K. Dailey Wilson*

You have likely heard about the recent amendments to the federal Safeguards Rule. But you probably breathed a sigh of relief because, technically speaking, the Safeguards Rule does not apply to rent-to-own providers, as they are not “financial institutions” as defined by the Rule.

Unfortunately, however, this does not mean that the federal regulators are not interested in your data security practices. In fact, the Federal Trade Commission (FTC), the same agency that regulates the rent-to-own industry, took two unfairness actions in October against companies in the non-financial services industry for data security failures.

On October 24, the FTC took action against Drizly, LLC, a mobile alcohol delivery platform, for failing to use reasonable information security practices. Drizly allegedly used obsolete password encryption technology, failed to employ appropriate access controls, and failed to remediate risks to data identified following a previous security breach. On October 31, the FTC took action against Chegg, Inc., an education technology provider, for lax data security practices. Like Drizly, the FTC alleged that Chegg failed to address risks identified through a prior data security incident. Chegg also allegedly did not require employees to use multifactor authentication to access systems containing customer information, failed to encrypt customer information adequately, and failed to monitor its systems for security threats.

A review of the consent orders in these two actions indicates that the FTC expects non-financial institutions to take steps to adequately secure customer data, including the following:

  • Implementation of an Information Security Program. Companies should implement a comprehensive information security program designed to protect against security events.
  • Adoption of Multifactor Authentication. Any information system containing customer information should be accessible only through multifactor authentication, such as requiring users to provide both a password and a code generated from a token.
  • Encryption of Customer Information. Customer information should be encrypted not only in transit but also at rest using the most up-to-date encryption methods.
  • Implementation of Access Controls. Only those who need customer information should be permitted to access it. Permissions should be revoked when the need for the information no longer exists.
  • Adoption of a Change Management Program. Companies should implement policies and procedures to evaluate the company’s data security programs and processes following data security events, changes in software and hardware used by the company, and changes in information technology.
  • Timely Disposal of Customer Information. Customer information should be disposed of as soon as it is no longer necessary for business operations or for other legal or regulatory purposes.

Given the heightened regulatory interest in data security, RTO providers should review their existing data security practices to confirm that they address the requirements highlighted in the recent consent orders involving non-financial services providers. Your customer information is your most valuable asset – taking the necessary steps to protect that information is paramount.

25th anniversary logo for Hudson Cook LLP

* K. Dailey Wilson is a senior associate in the Tennessee office of Hudson Cook, LLP.  She can be reached at (423) 490-7567 or by email at dwilson@hudco.com.

This article is sponsored content and was written with the support of Hudson Cook, LLP. To have your company featured in an article, please email us at advertising@rtohq.org.

Upcoming Events

View Calendar



Popular Resources

Sign up for APRO Today

Copyright © · All Rights Reserved · APRO Privacy Policy · APRO Antitrust Policy

Facebook Linkedin Twitter Youtube
Copyright © · All Rights Reserved · APRO Privacy Policy
Facebook Twitter Youtube Flickr

Mike Lewis

Central Properties dba Premier Rental-Purchase

Mike Lewis is a Premier Rental Purchase franchisee with multiple stores and currently serves as Vice President of Operations. With 33 years of experience in the rent-to-own industry, he has spent the past 20 years working closely with franchisee owners and previously spent 12 years in Corporate RTO, gaining a strong foundation in the business.

For the past five years, Mike has been sharing his knowledge by teaching managers and franchisees at the company’s Training Center.

Outside of work, he enjoys time with his family, kids, and grandkids, and appreciates the simple things in life – especially riding his Harley Davidson with the sun on his face. If you know, you know!

Lauren Talicska

Arona Corporation dba Arona Home Essentials

Lauren Talicska is an experienced multi-channel marketing specialist and the Vice President of Marketing & Communications at Arona Home Essentials. She has found her home in the RTO community, supporting stores in branding, growth, and increasing traffic.

You may recognize Lauren as a former RTO vendor, including her time as a partner for Nationwide RentDirect, or her previous participation in the APRO Vendor Advisory Committee. Lauren calls Columbus, Ohio, home and spends her workday crafting and executing marketing promotions from inception to realization, all while supporting the branding and social media needs of all the Arona stores in 12 states (plus Puerto Rico!).

Charles Smitherman

APRO

Charles Smitherman, JD, PhD, CAE, became CEO of APRO in 2023, bringing years of legal and executive experience in the rent-to-own industry. 

Prior to joining the association, Charles served as COO, General Counsel, and Vice President of PTS Financial Services, where he played an active role in the rent-to-own industry by representing his company through PTS’s club program offering with APRO member dealers. Charles is an attorney with two decades of experience across a wide variety of areas, including RTO, consumer financial services, antitrust, corporate law, mergers and acquisitions, litigation, franchise law, and privacy law. Following law school at the University of Georgia, Charles earned a Master of Legal Studies and PhD in Law from the University of Oxford in England.

Charles is credentialed as a Certified Association Executive (CAE) with the American Society of Association Executives, a Certified Franchise Executive (CFE) with the International Franchise Association, and a Certified Information Privacy Professional (CIPP/US) and Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals. As APRO’s sixth CEO in its 45-year history, he brings a collaborative, member-focused approach to association leadership, emphasizing transparency, advocacy, and value creation. Outside of work, Charles is an active ultra runner and open water swimmer.

Mike Kays

Ashley Furniture Industries

As VP of Rental Sales for Ashley Furniture Industries, Mike thrives on building relationships with our RTO industry veterans, and helping businesses grow through new product, new marketing, and new supply chain options.

Mike works to leverage a wide breadth of relationships and influence, intimate knowledge of market trends, and unique knowledge of what RTO dealers need from a supplier to be successful.

The saying goes that a high tide raises all boats, and our goal is to leverage the world’s largest furniture manufacturer to drive the continued growth of the RTO industry and all the suppliers.

Mike Tissot

Countryside Rentals Inc., dba Rent-2-Own

Mike grew up in the rent-to-own industry under the guidance of his father, former APRO President and RTO legend Darrell Tissot. For nearly 25 years, Mike’s innovative leadership has helped expand the family business to more than 40 stores across Ohio and Kentucky while also shaping the industry as a whole.

He has served as President of the Ohio Rental Dealers Association, an APRO board member and Treasurer, and President and Treasurer of the TRIB Group. His contributions have earned him the APRO President’s Award of Excellence and the title of APRO Rental Dealer of the Year.

Outside of RTO, Mike enjoys time at the lake house or in Orange Beach, Alabama, with his girlfriend, Angela Strong McCool. A passionate Cincinnati Reds fan, he rarely misses a game, whether watching or listening alongside his parents. He also takes every opportunity to visit Arizona, where his daughter is currently attending Arizona State University.