Skip to main content

How Will You Protect Borrower Data in 2016?

Andrew Liput Esq.
Mar 22, 2016
“Data privacy” and “data security” are terms most lenders are hearing over and over again these days

“Data privacy” and “data security” are terms most lenders are hearing over and over again these days. The reasons for this are numerous, but include the Consumer Financial Protection Bureau’s (CFPB’s) focus on the issue, increased publicity over data breaches in business and industry, and heightened concern by consumers about how their sensitive non-public information is being managed by banks.

Although data privacy and data security are terms that are commonly used interchangeably, they in fact mean different things. A data security policy is required to ensure that data privacy is protected. When a lender is entrusted with a borrower’s highly private information, the business must develop, implement and manage a security policy to protect this data. So data privacy identifies that personal and private information which must be protected and how it may be used in a business in an appropriate manner, while data security includes the means and methods used to ensure the security of the data both internally (from employee breaches) and externally (from third party breaches).

Data privacy rules mean that lenders must define and police the appropriate use of borrower data within their walls. This includes what data is gathered (relevance to services), who has access (need to know), and where data is stored (how long and how safe). Both the CFPB and the Federal Trade Commission (FTC) have jurisdiction over the mishandling and misuse of consumer data, and each may enforce penalties against lenders that have failed to ensure the privacy of a borrower's data. At a minimum, lenders must screen employees with access to private data regularly, have an appropriate policy in place regarding handling of data, and test these policies on an ongoing basis.

Data security encompasses your company’s practices and processes that are in in place to ensure data is not being used or accessed by unauthorized individuals or parties. It ensures that sensitive data is accurate and reliable and is available when those with authorized access need it. A data security plan includes facets, such as collecting only the required information, keeping it safe, and destroying any information that is no longer needed. These steps will help any business meet the legal obligations of possessing sensitive data. A data security policy is simply the means to the desired end, which is data privacy. However, no data security policy can completely overcome the efforts of third parties bent on hacking into databases and seeking access to consumer data to monetize for improper and illegal purposes. At a minimum, lenders must develop written data security policies that include safe storage of data and penetration testing of their backup systems (local and/or cloud) to search for gaps and leakage.

Knowing that there is no such thing as a foolproof data security system and that all systems are ultimately vulnerable to breach by determined criminals, lenders must demonstrate a commitment to adopting the most stringent policies relevant to the size and scope of their business, while also considering purchasing crimes and cyber liability insurance to off-load risk in the event of unexpected and unintended breaches.

Making sure all borrower data is private and being used properly can be a near-impossible task that involves multiple layers of security. Fortunately, with the right people, process and technology, lenders may support their data security policies through continual monitoring and visibility into every access point and with insurance back-up.



Andrew Liput is CEO of Secure Insight, a risk analytics firm offering vendor management services addressing settlement agent risk. He can be reached by e-mail at ALiput@SecureSettlements.com.



This article originally appeared in the December 2015 print edition of National Mortgage Professional Magazine. 

Published
Mar 22, 2016
CFPB Reports Trends In Financial Assistance

The latest developments from this study reveal that most consumers have exited the payment assistance they received at the start of the pandemic.

Analysis and Data
Jul 14, 2021
CFPB Orders GreenSky To Refund $9M In Unauthorized Loans

The consent order requires GreenSky to refund or cancel up to $9 million in loans for the customers harmed by this illegal conduct.

Regulation and Compliance
Jul 13, 2021
CFPB Warns Landlords And Consumer Reporting Agencies To Report Accurate Rental Information

Inaccurate rental or eviction information can unfairly block families and individuals from safe, affordable housing.

Regulation and Compliance
Jul 01, 2021
FHFA Mandates Quarterly Fair Lending Reports

FHFA issued orders for all enterprises to submit quarterly Fair Lending Reports with data and information to improve the FHFA’s capabilities. 

Regulation and Compliance
Jul 01, 2021
FHFA Follows CFPB To Protect Borrowers Once COVID-19 Foreclosure And Eviction Moratoriums End

The Federal Housing Finance Agency made it clear that Fannie Mae and Freddie Mac servicers are not permitted to make first notice or filing for foreclosure that would be prohibited by the CFPB protections for borrowers affected by COVID-19.

Regulation and Compliance
Jun 30, 2021
CFPB Finds Evidence Of Redlining And Deceptive Acts In 2020

Enforcement actions resulted in more than $124 million in consumer remediation and civil money penalties in 2020

Regulation and Compliance
Jun 29, 2021