How Will You Protect Borrower Data in 2016? – NMP Skip to main content

How Will You Protect Borrower Data in 2016?

Mar 22, 2016
“Data privacy” and “data security” are terms most lenders are hearing over and over again these days

“Data privacy” and “data security” are terms most lenders are hearing over and over again these days. The reasons for this are numerous, but include the Consumer Financial Protection Bureau’s (CFPB’s) focus on the issue, increased publicity over data breaches in business and industry, and heightened concern by consumers about how their sensitive non-public information is being managed by banks.

Although data privacy and data security are terms that are commonly used interchangeably, they in fact mean different things. A data security policy is required to ensure that data privacy is protected. When a lender is entrusted with a borrower’s highly private information, the business must develop, implement and manage a security policy to protect this data. So data privacy identifies that personal and private information which must be protected and how it may be used in a business in an appropriate manner, while data security includes the means and methods used to ensure the security of the data both internally (from employee breaches) and externally (from third party breaches).

Data privacy rules mean that lenders must define and police the appropriate use of borrower data within their walls. This includes what data is gathered (relevance to services), who has access (need to know), and where data is stored (how long and how safe). Both the CFPB and the Federal Trade Commission (FTC) have jurisdiction over the mishandling and misuse of consumer data, and each may enforce penalties against lenders that have failed to ensure the privacy of a borrower's data. At a minimum, lenders must screen employees with access to private data regularly, have an appropriate policy in place regarding handling of data, and test these policies on an ongoing basis.

Data security encompasses your company’s practices and processes that are in in place to ensure data is not being used or accessed by unauthorized individuals or parties. It ensures that sensitive data is accurate and reliable and is available when those with authorized access need it. A data security plan includes facets, such as collecting only the required information, keeping it safe, and destroying any information that is no longer needed. These steps will help any business meet the legal obligations of possessing sensitive data. A data security policy is simply the means to the desired end, which is data privacy. However, no data security policy can completely overcome the efforts of third parties bent on hacking into databases and seeking access to consumer data to monetize for improper and illegal purposes. At a minimum, lenders must develop written data security policies that include safe storage of data and penetration testing of their backup systems (local and/or cloud) to search for gaps and leakage.

Knowing that there is no such thing as a foolproof data security system and that all systems are ultimately vulnerable to breach by determined criminals, lenders must demonstrate a commitment to adopting the most stringent policies relevant to the size and scope of their business, while also considering purchasing crimes and cyber liability insurance to off-load risk in the event of unexpected and unintended breaches.

Making sure all borrower data is private and being used properly can be a near-impossible task that involves multiple layers of security. Fortunately, with the right people, process and technology, lenders may support their data security policies through continual monitoring and visibility into every access point and with insurance back-up.



Andrew Liput is CEO of Secure Insight, a risk analytics firm offering vendor management services addressing settlement agent risk. He can be reached by e-mail at [email protected].



This article originally appeared in the December 2015 print edition of National Mortgage Professional Magazine. 

About the author
Published
Mar 22, 2016
CFPB Issues AI Underwriting Guidance On Adverse Action Notices

The agency says proprietary and machine-learning models do not relieve lenders of their fair lending and disclosure responsibilities

VantageScore Says 4.0 Model Could Unlock $1 Trillion In Mortgage Originations

New study says VantageScore 4.0 scores five million more creditworthy borrowers than FICO Score 10T, expanding lending opportunities as the industry prepares for the GSE credit score transition

MISMO Updates Mortgage Insurance Standards To Support FICO 10T, VantageScore 4.0

New implementation guide standardizes mortgage insurance data exchange, helping lenders, insurers and technology providers prepare systems for newer credit scoring models

Congress Weighs New Roadmap To End Fannie, Freddie Conservatorship

Rep. Scott Fitzgerald's three-bill housing package would establish a statutory framework for releasing the GSEs while expanding construction lending and easing some TRID compliance requirements

CHLA Backs Bank Capital Proposal, Questions Impact On Mortgage Lending

Trade group supports lower mortgage risk weights but says broader market forces — not capital rules — drove banks' retreat from the market

Senate Passes 21st Century ROAD To Housing Act In 85-5 Vote

Sweeping housing package heads back to House after Senate clears final version with broad bipartisan support