Throughout the mortgage supply chain, nonpublic personal information (NPI) is frequently shared, making the mortgage industry a vulnerable target for data breaches. As such, several compliance programs are in place to help protect nonpublic personal information (NPI) and maintain the privacy of consumers’ sensitive data.
What is Nonpublic Personal Information?
In 1999, Congress enacted the Gramm-Leach-Bliley Act (GLBA), which contains rules regarding the privacy of NPI collected by financial institutions. The GLBA defines NPI as:
“Personally identifiable financial information – provided by a consumer to a financial institution, resulting from any transaction with the consumer or any service performed for the consumer; or otherwise obtained by the financial institution.”
The term does not include publicly available information lawfully made available by federal, state, and local governments.
What Are Nonpublic Personal Information Examples?
- Basic information provided by a consumer on an application, such as name, address, social security number, or income.
- Information from a transaction involving a financial product or service such as, account numbers, credit or debit card purchases, payment history, and loan balances.
- Information that financial institutions obtain as part of providing a financial product or services, such as credit reports or court records.
How to Protect NPI to Meet Compliance Requirements
With so much sensitive data shared throughout mortgage processing workflows, it’s no surprise that regulations exist to protect NPI and that compliance with data privacy regulations is a top concern for lending institutions.
Two rules within the GLBA deal with the safeguarding and privacy of NPI.
- The Safeguards Rule requires financial institutions to store sensitive customer information securely and ensure its secure transmission, as well as maintain programs and implement audit procedures that prevent unauthorized access and improper disclosure.
- Additionally, Regulation P protects the privacy of consumer NPI—similar to GDPR and CCPA—by giving consumers the ability to prevent disclosure of their personal data to third parties via the “opt-out” right.
Beyond the GLBA, mortgage companies and other financial institutions must also comply with regulations from the Consumer Financial Protection Bureau (CFPB) and state privacy laws such as those in California, Vermont, New York, and Arizona.
Learn how organizations throughout the mortgage supply chain should incorporate data protection capabilities into their security strategy to ensure compliance with GLBA, CFPB, CCPA, and other data privacy regulations.Download Now
Maintain the Privacy of NPI To Enhance Client Engagement
While compliance is a top concern for mortgage companies and financial institutions, consumers have data privacy concerns of their own as it relates to obtaining a mortgage: ease of use. Traditional solutions (such as secure portals) frustrate end users with separate, redundant applications and workflows, new accounts, and passwords to manage.
A more modern approach to collecting and sharing documents containing NPI could be as straightforward as a simple email exchange of attachments with additional layers of security for advanced privacy protection. With this approach, you can protect NPI everywhere it’s shared throughout the mortgage transaction process to meet the GLBA’s Safeguards Rule requirements for secure storage and transmission of sensitive customer data. Plus, you can enable more efficient client communications with streamlined service models that help differentiate your business from competitors, build client trust, and ultimately drive business growth.
Protect NPI with Virtru
Virtru unlocks seamless, secure NPI sharing workflows throughout the mortgage process to ensure client privacy and compliance with GLBA, CFPB, CCPA, and more. Ease of use helps streamline NPI sharing workflows for seamless customer experiences that enhance engagement.
End-to-End Email and File Encryption and Persistent Controls
Protect email and files in Gmail, Google Drive, and Outlook with end-to-end encryption that prevents unauthorized third-party access to NPI shared throughout the mortgage loan process. Disable forwarding, set expiration, and revoke messages. Watermark files to deter leaks, and maintain persistent control wherever files are shared.
Granular Audit Trails
View when and where email messages and files containing NPI have been accessed throughout the mortgage lifecycle, and adapt controls as mortgage processing workflows evolve.
To learn more about how Virtru can help secure NPI to maintain privacy and compliance, get in touch with us today.