Throughout the mortgage supply chain, nonpublic personal information (NPI) is frequently shared, making the mortgage industry a vulnerable target for data breaches. As such, several compliance programs are in place to help protect nonpublic personal information (NPI) and maintain the privacy of consumers’ sensitive data.
What is Nonpublic Personal Information?
In 1999, Congress enacted the Gramm-Leach-Bliley Act (GLBA), which contains rules regarding the privacy of NPI collected by financial institutions. The GLBA defines NPI as:
“Personally identifiable financial information – provided by a consumer to a financial institution, resulting from any transaction with the consumer or any service performed for the consumer; or otherwise obtained by the financial institution.”
The term does not include publicly available information lawfully made available by federal, state, and local governments.
What Are Nonpublic Personal Information Examples?
- Basic information provided by a consumer on an application, such as name, address, social security number, or income.
- Information from a transaction involving a financial product or service such as, account numbers, credit or debit card purchases, payment history, and loan balances.
- Information that financial institutions obtain as part of providing a financial product or services, such as credit reports or court records.
How to Protect NPI to Meet Compliance Requirements
With so much sensitive data shared throughout mortgage processing workflows, it’s no surprise that regulations exist to protect NPI and that compliance with data privacy regulations is a top concern for lending institutions.
Two rules within the GLBA deal with the safeguarding and privacy of NPI.
- The Safeguards Rule requires financial institutions to store sensitive customer information securely and ensure its secure transmission, as well as maintain programs and implement audit procedures that prevent unauthorized access and improper disclosure.
- Additionally, Regulation P protects the privacy of consumer NPI—similar to GDPR and CCPA—by giving consumers the ability to prevent disclosure of their personal data to third parties via the “opt-out” right.
Beyond the GLBA, mortgage companies and other financial institutions must also comply with regulations from the Consumer Financial Protection Bureau (CFPB) and state privacy laws such as those in California, Vermont, New York, and Arizona.
Maintain the Privacy of NPI To Enhance Client Engagement
While compliance is a top concern for mortgage companies and financial institutions, consumers have data privacy concerns of their own as it relates to obtaining a mortgage: ease of use. Traditional solutions (such as secure portals) frustrate end users with separate, redundant applications and workflows, new accounts, and passwords to manage.
A more modern approach to collecting and sharing documents containing NPI could be as straightforward as a simple email exchange of attachments with additional layers of security for advanced privacy protection. With this approach, you can protect NPI everywhere it’s shared throughout the mortgage transaction process to meet the GLBA’s Safeguards Rule requirements for secure storage and transmission of sensitive customer data. Plus, you can enable more efficient client communications with streamlined service models that help differentiate your business from competitors, build client trust, and ultimately drive business growth.
Protect NPI with Virtru
As mortgage workflows increasingly go digital, institutions need sophisticated yet user-friendly tools to protect NPI throughout the loan lifecycle. Virtru provides a comprehensive security suite that ensures NPI protection from initial application through closing, while keeping processes smooth for both staff and clients.
Secure Email and File Protection
Protect sensitive NPI in Gmail, Google Drive, Outlook, and file sharing workflows with end-to-end encryption. Set expiration dates, revoke access, and prevent forwarding of mortgage documents. Watermark sensitive files and maintain control throughout the entire loan process.
Automated NPI Protection with Gateway
Deploy rules-based encryption that automatically detects and protects NPI across your mortgage workflows. Configure custom policies to secure sensitive data like social security numbers, bank statements, and tax documents - ensuring GLBA compliance without slowing down loan processing.
Complete Visibility for Compliance
Monitor who accesses protected NPI throughout the mortgage lifecycle with detailed audit logs. Track when borrower information is accessed and by whom, simplifying both GLBA compliance and loan audits.
Enhanced Data Sovereignty
Take full control of your encryption with Virtru Private Keystore, preventing unauthorized access to NPI even from cloud providers.
To learn more about how Virtru can help secure NPI while maintaining compliance and streamlining mortgage workflows, reach out to our team today.
