Gramm- Leach- Bailey Act
Effective security management requires your company to
1. Deter 2. Detect 3Defend against security breaches.
What NPI is on a 1003 loan application?
1. Identification data: Name/birth date/ SSN 2. Contact Information: Address/Phone/Fax/C-phone /Email 3.Bank and credit card account numbers, balances, and payment history 4. Income, asset/liability and credit histories 5. Information obtained through there sources including consumer or credit reports or court records.
Non- Public Information NPI
1. Identification data: name/birth date/social security number 2.Contact information: address/phone, fax, and cell phone numbers/email address 3. Bank and credit card account numbers, balance, and payment history 4. Income, asset/liability and credit histories 5. Information obtained through other sources including consumer or credit reports or court records.
Example of reasonable ways to opt out of having their NPI shared with third parties?
1. Providing a toll- free number 2. An area on your website 3. Detachable form with pre- printed return address for those wishing to opt out
what are the three principle parts to the privacy requirements?
1. The Financial Privacy Rule 2. The Pretexting Rule 3. The Safeguard Rule FPS
Never keep a copy of?
1003 Loan Application
How many times a year is data security assessments conducted?
2x annually
What is an example of documents that are not considered NPI?
Deed Security Instrument Recorded in the public records
Securing information- three main areas that are particularly important to include
Employee Management and training Information System Detecting and Managing System Failure EID
Florida Information Protection Act of 2014
Establishing strong notification requirements for business and government entities.
Annual Report for breaches
February 1 of each year, the department shall submit a report to the President of the Senate and the speaker of the house of Representatives describing the nature of any reported breaches
UDAAP can cause
Financial Injury to consumers Erode consumer confidence Undermine the financial marketplace.
What is the Gramm-Leach-Bliley Act?
Financial Service Modernization Act Enacted 1999
What is not a reasonable way to opt out of having their NPI shared with third parties?
Forcing someone to write a letter
What is the time frame to give the written notice that describes privacy policies and practices?
Given at the time the customer relationship is established, prior to releasing any NPI to a non-affiliated third party.
GLBA
Gramm-Leach-Bliley Act 1999
Criminal penalties
Imprisonment for 5 years a fine or both
What is an example of NPI?
Information on 1003 loan application
Liberal end of time of delivery of privacy notice?
Only a person who rises to the level of customer is the buyer/borrower and then only if such person obtains an owner's title policy.
The notice may be provided within a reasonable time after the customer relationship is established but
Only is the customer agrees
What does NPI not include?
Public or official records
GLBA requires what?
Requires financial institutions to provide Privacy Notice to customers disclosing the measures they have in place to safeguard and protect customers' non-public personal information (NPI)
what does the FTC- Federal Trade Commission do?
Responsible for establishing and enforcing the Privacy Rule.
SSL
Secure Socket Layer - Credit Card -protects transit
Unique risk for title agency
Title agency bears responsibility for subsequent hand-off. Meaning- TA is responsible for the safely transmitting the loan package received from the lender to the independent notary back to the title agency and finally back tot he lender.
Who does the privacy rule apply to?
To Businesses that are significantly engaged in financial activities.
UDAAP
Unfair, Deceptive, or Abusive Acts or Practices
Conservative end of time for delivery of privacy notice?
When your office first receives notice of the transaction or order - receipt of the real estate contract or lender notice on a refinance transaction or placement of an order for a property profile.
Notices must be provided in?
Writing or if the consumer agrees may be delivered electronically
If data is breached the Florida Information Act requires business and governmental entities to provide
consumer notice no later 30 days after the determination of a breach or reason to believe that a breach occurred. Documentation must be kept for 5 yrs Cvili Penalty of UP TO $500,000. based on the number of days the party is in violation of the act
Privacy notices must explain
how and provide a reasonable way for consumers or customers to opt out of having their NPI shared with third parties.
What is the fine if GLBA is violated in conjunction with the violation of another federal law, or violated as a pattern of illegal activity involving more than $100,000 within 12- month period
the fine can double with imprisonment extended for up to 10 years.
Knowingly violating a consumer financial protection law can garner
up to $1 million per day in fines for each day the violation continues.
GLBA fines for individually exposed
up to $10,000
GLBA Fines for officers or directors?
$100,000 per violation
Notice to Department of Security breach
Affecting 500 or more individual in this state No later than 30 days after the determination of the breach or reason to believe a breach occurred Cover entity may receive 15 additional days Id food cause for delay is provided in writing to the department within 30 days after determination of the breach or reason to believe a breach occurred
When using qualified third party what must title agent/agency obtain?
Annual Data Security audit
Gramm-Leach-Bliley Act require that companies develop a written information plan describing the procedures used to protect NPI- the plan must be
Appropriate to the company's size and complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles.
Examples of exception 14- GLBA
As applied to mortgage lenders and title (settlement) agents, where lenders disclose NPI to title( Settlement) agents 1003 loan application( for borrower signature at closing) as well as NPI contained in the Consumer ( Borrower) Closing Dsclosure
If closing instructions require painting a copy of the application then
Consider having borrowers sign an affidavit pg-169
Unique risk for lender
Lender is liable for safely transmitting the loan package to the title agency
What is exception 14? GLBA
Most often applies to transactions involving mortgage lenders and title (settlement) agents- where information- sharing is necessary for processing or administering a financial transaction that has been requested or authorized by a consumer.
According to the Gramm-Leach Bliley Act what must financial institutions do?
Must give customers CLEAR and Conspicuous written notice describing privacy policies and practices. All customers must receive this
Duties of third party agents- Notice of breach
No later than 10 days following the determination of the breach of security or reason to believe the breach occurred.