How To Protect Client NPI in a Real Estate Transaction

The frequent, high-value transactions between multiple parties that occur in the real estate industry make it a prime target for hackers. Add to that the fact that many, if not most, real estate transactions take place digitally and the fact that most real estate companies store a wealth of financial and personal data and you have a perfect storm that is particularly attractive to bad actors interested in stealing your clients’ data

In order to protect your clients and your business, you must take additional steps to protect clients’ most sensitive data in a real estate transaction. But if you aren’t sure where to start, you aren’t alone. In fact, two in five real estate industry professionals believe that their industry is not prepared to deal with a breach. So, let’s start with the basics.

What’s at Risk: Client NPI

The Gramm-Leach-Bliley Act (GLBA) defines nonpublic personal information (NPI) as:

“Personally identifiable financial information – provided by a consumer to a financial institution, resulting from any transaction with the consumer or any service performed for the consumer; or otherwise obtained by the financial institution.”

NPI includes:

  • Basic information provided by a consumer on an application, such as name, address, social security number, or income.
  • Information from a transaction involving a financial product or service, such as account numbers, credit or debit card purchases, payment history, and loan balances.
  • Information that financial institutions obtain as part of providing a financial product or services, such as credit reports or court records.

The term does not include publicly available information lawfully made available by federal, state, and local governments. 

If this sensitive data ends up in the wrong hands, it can be used to scam your clients and harm their credit. Failing to protect client NPI can subject real estate agents to costly CFPB compliance penalties, but more importantly, it can damage your reputation and alienate your clients.

One of the largest safeguards protecting your clients’ data privacy is the Consumer Financial Protection Bureau (CFPB). Real estate industry professionals who handle real estate transactions must maintain CFPB compliance, or else they face steep financial penalties

How to Protect NPI in Real Estate Transactions

To help organizations in the real estate industry better equip themselves to protect sensitive client data, the American Land Title Association (ALTA) has issued a number of guidelines surrounding best practices for protecting NPI to meet CFPB compliance:

  • Restrict access to NPI only to those who need to access it, when they need to access it. Also ensure that all employees undergo background checks before being granted access. After an agency no longer has reason to access the data, it should be disposed of thoroughly.
  • The use of removable data devices, like thumb drives, should be either prohibited outright or strictly controlled via an organization-wide policy.
  • NPI should only be delivered via secure methods.
  • Create a disaster management plan in case things go wrong. This could be as straightforward as a security breach, or even just a server or network failure that impacts business continuity.
  • Establish and follow procedures to audit your organization for CFPB compliance, and review those procedures to ensure that the audits themselves don’t leak NPI.
  • Ensure that your agency is well-informed of your state’s security breach notification laws, and is prepared to follow them in case of a data leak.

Keep NPI Private Throughout Sharing Workflows

Not only does purchasing a home or commercial property come with fear because it is such a significant investment, but clients are expected to share their most sensitive financial information with strangers. Given how vulnerable a buyer is likely to feel in the process of a real estate transaction, securing their NPI and other sensitive data is a significant first step in putting your buyers at ease.

Traditionally, several parts of the real estate transaction happen in person, but the coronavirus pandemic has forced the industry to adapt to new digital workflows. Now, the challenge lies in how to share NPI easily with all authorized parties while maintaining the security and privacy of clients’ data. The answer? A user-friendly encryption solution that addresses CFPB and GLBA compliance concerns, while creating a seamless client experience that boosts engagement.

Unlock Seamless, Secure NPI Sharing with Virtru

Virtru provides mortgage lenders, title agencies, real estate lawyers, insurance companies, and other real estate industry professionals with data-centric protection to maintain the privacy NPI and other sensitive data, wherever it is shared. Using Virtru, you can:

  • Protect new digital workflows for gathering documents and communicating with clients and partners.
  • Improve customer engagement and trust by enabling sharing and collaboration workflows that maintain the privacy of sensitive data.
  • Leverage easy-to-use encryption and flexible access controls to maintain compliance with GLBA, CFPB, GDPR, CCPA, and more.

Subscribe to Our Newsletter

Connect With Us


Dive Deeper