Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
1
Steps to Protect Borrowers from Identity Theft: Step One, Take the Privacy Self-Assessment
By Elaine Wright Harris
President, Trusted Agent Services Group #144
Introduction
“More than 700 million data records
compromised last year . . . [2015]”
Borrower’s Non-public Personal Information
(NPPI) is at risk of identity theft
NSA is the guardian of borrower’s
mortgage documents
Introduction
NSA bears the responsibility: Accepting the role as guardian of mortgage
documents
Understanding the connection between identity theft and NPPI
Keeping abreast of industry regulatory requirements
Identifying and minimizing data risks
Taking the NNA Privacy & Security Self-Assessment
Developing and implementing borrower NPPI protection plan
2
Identity Theft and NPPI
What is Identity Theft?
What is NPPI
Personally identifiable data
Data not available to general public
Information comprising NPPI
The threat of identity theft to borrowers’ NPPI
Identity Theft and NPPI
Mortgage Documents Guardian 101
Lender Requirements
Download documents from
lender’s secured website portal
If borrower wants electronic
copy, advise lender
3
Mortgage Documents Guardian 101
Lender Requirements
If closing at a bank’s branch get permission from
borrower if:
a trainee attends
copies are made by other personnel
If loan package is lost or misplaced, advise lender immediately
Mortgage Documents Guardian 101
NSA Best Practices and Procedures for
Handling NPPI [NNA Privacy Tips]
Before Signing Appointment
During Signing Appointment
After Signing Appointment
Industry Regulatory Requirements
The Gramm-Leach Bliley Act – 1999
Handling “financial data” in a secure manner
Three specific provisions
Privacy Notice Requirement
Title V—Privacy Subtitle A—Disclosure of NPPI
Privacy protections for “personal” information
4
Industry Regulatory Requirements
Federal Trade Commission (FTC) Announced
Privacy “Safeguards” Rule – 2003
Real estate settlement service providers must
develop “written information security programs”
Designed to protect unauthorized access and
misuse of customer NPPI
Industry Regulatory Requirements
The Consumer Financial Protection Bureau’s
(CFPB) Bulletin 2012-03
Financial institutions may be held responsible for
service providers
Financial institutions process for managing risks
of service providers
Industry Regulatory Requirements
American Land Title Association (ALTA) “Settlement Company Best Practices” – 2013
Enhancing existing business practices to: Protect consumers
Ensure quality service
Provide ongoing employee training
Comply with legal and market requirements
5
Industry Regulatory Requirements
NNA NSA Code of Conduct – 2013 Guiding Principle 6: Privacy and Confidentiality
space
“The Certified Signing Specialist will respect the
privacy of each signer and protect closing documents from unauthorized disclosure.”
Today’s regulatory environment
Identifying and Minimizing Risk
What is risk?
Asset + Threat + Vulnerability = Risk
A + T + V = R
Identifying and Minimizing Risk Asset – People, property,
information
An asset is what we’re trying to protect
Threat – Anything that can
exploit a vulnerability, …, and
obtain, damage, or destroy an asset
A threat is what we’re trying to protect against
Vulnerability – Weaknesses or gaps in a security program hat can be
exploited by threats to gain unauthorized access to an asset
A vulnerability is a weakness or gap in protection efforts
Risk – The potential for loss, damage or destruction of an asset as a result
of a threat exploiting a vulnerability
Risk is the intersection of assets,
threats, and vulnerabilities.
A + T + V = R
6
Identifying and Minimizing Data Risk
Electronic Programs
A + T + V = R
SPYWARE TROJAN HORSE VIRUSES WORMS
Identifying and Minimizing Data Risk
Internet-Based Applications/Technology
A + T + V = R
E-MAIL WI-FI SPAM
Identifying and Minimizing Data Risk
Physical Handling of Data
A + T + V = R
HOME VEHICLES OFFICE
7
Identifying and Minimizing Data Risk
Adhere to strong password policy
Install software updates immediately
Use firewalls
Identifying and Minimizing Data Risks
Encrypt everything
Immediate disposal of borrowers’ loan
documents
Handling a security breach
NNA Privacy & Security Self-
Assessment
1. Go to: NNA Signing Agent Tools
2. Click on the Self-Assessment icon
3. Download the Self-Assessment
4. Assess your privacy/security
business practices twice a year
8
Borrower NPPI Protection Plan
Take an honest risk assessment (https://www.nationalnotary.org/knowledge-center/signing-agent-resources/signing-agent-tools/self-assessment)
NNA Privacy Assessment Results
88
50
75 88 88
63 50
100 88 88
75 88
50 50
75 88 88 88
50 63
75
0
20
40
60
80
100
120
DA
Document Acceptance
NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11
NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21
(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)
NNA Privacy Assessment Results
87
47
80
100
80 93
60
93
73
100 87
93 87
53
73
100
73
93 87
47
75
0
20
40
60
80
100
120
DH
Document Handling
NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11
NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21
(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)
9
NNA Privacy Assessment Results
88
63
88
75
88 88
75
88 88 88
75 63
50
88 88
75
88 88
63 63
80
0
20
40
60
80
100
SA
Signing Appointments
NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11
NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21
(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)
NNA Privacy Assessment Results
100
67
92 92 83
92 100
83 92
100 100
83
58 58
75
100
42
92
50
92 80
0
20
40
60
80
100
120
DD
Document Delivery
NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11
NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21
(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)
NNA Privacy Assessment Results
71 71 71
86 86 100
14
100 90
100 100
71 57
71 57
86
43
86
29
86 80
0
20
40
60
80
100
120
NJ
Notary Journals
NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11
NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21
(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)
10
NNA Privacy Assessment Results
71
43
86
71 71 57 57
86 86 86
57 71 71 71
86 100
86 86
57 71 71
0
20
40
60
80
100
120
CM
Communications
NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11
NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21
(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)
NNA Privacy Assessment Results
78
44
78 78 78 67 67
89 89 78
89 78
67 78 78 78 78 78
67
44 44
0
20
40
60
80
100
C&N
Computers and Networks
NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11
NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21
(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)
NNA Privacy Assessment Results
100
63 63 75
63 63
25
88
60
88 75 75
50
75 80 88
38
100
50
75
50
0
20
40
60
80
100
120
MD
Mobile Devices
NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11
NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 22
(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)
11
NNA Privacy Assessment Results
DA
DH
SA
DD
NJ
CM
CN
MB
0 10 20 30 40 50 60 70 80 90
Privacy Assessment Results by Category
DA DH SA DD NJ CM CN MB
Strong: 90-100% Pretty Good: 80-89%
So-So: 70-79% Off the Mark: 60-69%
At: Risk: =/< 59%
Borrower NPPI Protection Plan Step 2 - Ask yourself 7 basic questions:
1. What NPPI is accessible to me?
2. How do I receive this info?
3. How do I store this information?
4. How do I protect this information while in my possession?
5. How do I return this information safely to the lender?
6. How do I dispose of NPPI?
7. How do we notify lender of compromised information?
Borrower NPPI Protection Plan
Step 3 – Develop your NSA
Borrower Protection Plan
My NSA Borrower Protection
Plan
12
Borrower NPPI Protection Plan
Step 4 - Implement the NPPI Protection Plan
Summary
As the guardian of mortgage documents, the
informed Notary Signing Agent minimizes the
risk of borrower identity theft by keeping
abreast of industry requirements, developing
and implementing a NPPI protection plan for
the borrower.
Acronyms
Privacy Rights Clearing House (PRC)
Federal Trade Commission (FTC)
The Consumer Financial Protection Bureau’s
(CFPB)
American Land Title Association (ALTA)
National Notary Association (NNA)
13
Resources
Notary Bulletin – January 15, 2014
TitleNews - June 2014
The National Notary, October 2015
Handling Loan Documents and Privileged
Communications, NNA 2014
THANK YOU
to Participants in NNA’s
Privacy Self-Assessment Test 21 Notary Signing Agent Participant List
Bland, Richard Burton, Sherreka Collins, Iris Cooper, Erlinda
Epps, Willie Hall, Lois Harris, Frederick Jenkins, Pamela
Kibunja, Linda Kyttle, Joni Lewis, Daniel Moore, Wanda
Morgan-Smith, Rosalyn Odom, Audralyn Poindexter, Lankford Poindexter, Rodney
Samelson, Tracy Smith, Donnell Valentine-Simmons, Louise Wallace, Shirley
Wright Harris, Elaine
Presenter
Elaine Wright Harris
President, Trusted Agent Services Group
www.wrightnotarypublicnews.com