Protecting Non-Public Personal Information

Nov 09, 2016 Realtor Resources , Technology Share:

When you hear the word, cybersecurity, you might immediately think of huge catastrophes that affected hundreds or thousands of people; however, cybersecurity is an issue that all business owners and professionals need to pay attention to. Both real estate agents and title companies are privy to loads of nonpublic personal information (NPI) and are perfect candidates for cyber criminals.

What is NPI?

According to the Federal Trade Commission’s (FTC) website, “NPI is any ‘personally identifiable financial information’ collected about an individual in connection with providing a financial product or service.” The exception is information that is already publicly available.
The FTC website also states that NPI includes:

  • Any information an individual gives you in order to receive a financial product or service (name, address, income, Social Security number, or other information on an application.
  • Any information you receive about an individual from a transaction involving your financial products or services, including account numbers, payment history, loan and deposit balances, credit card purchases and more.
  • Any information you receive from a third party about an individual in connection with providing a financial product or service, such as information from court records or from a consumer report.

The Threat to Realtors

Real estate companies have been hit by an increasing number of recent attacks. Some of these are sophisticated ploys, such as email phishing scams attempting to trick buyers into wiring money to cyber criminals. However, most attacks simply take advantage of sloppy realtor security.

Stolen laptops with unsecured financial data, intercepted emails, and other crimes of opportunity can give identity thieves access to your clients’ financial and personal information, which can be used to scam your clients and harm their credit. Failing to protect client NPI can subject real estate agents to costly CFPB compliance penalties, but more importantly, it can trash your reputation and alienate your clients.

Consider the process of buying a house. Applications for a mortgage are often filled out online, a lender is sending nonpublic personal information to a title company and there may be several other email interactions with NPI. The same goes for selling a home. Many of the interactions between the realtor and title company include NPI, such as Social Security numbers and loan numbers, which is why it is of vital importance that systems are in place to protect this information.

Keeping NPI Safe

Help ensure your clients’ information is safe and your business is up-to-par on cybersecurity.

  1. Conduct data-privacy training for all new hires. New staff has a lot to learn, but data-privacy should never be left out. All new hires should undergo training on how to handle any physical and online documents containing NPI. They should also be trained on identifying phishing emails and other common scams.
  2. Create strict NPI procedures. If your staff is not sure what to do with that email containing a client’s social security number or the fax containing loan information, then NPI could end up in the wrong hands. Construct a document with clear procedures on what to do with NPI, both online and in print. Be sure your procedures meet the FTC’s privacy rule guidelines.
  3. Test staff with phony phishing emails. It may seem silly, but sending out phony phishing emails is a great way to provide teachable moments to your employees while preventing them from falling for these common scams. These kind of “pop quizzes” also help employees know what to look for in the future.
  4. Make sure to encrypt any NPI and get rid of the rest. This may go without saying, but don’t let any staff sit there with an inbox full of unprotected NPI. Be sure these emails are encrypted and protected by both email and server passwords. When the information is no longer needed, shred paper documents of NPI so it can’t be stolen or misplaced.
  5. Limit the number or people handling NPI. The less people who handle NPI, the less chance it has of ending up in the wrong hands or not being handled correctly. Again, be sure all employees handling NPI are well-versed on regulations and using computers that are up-to-date with antivirus software and encrypting abilities.
  6. Consider contracting a specialist. If protecting NPI and meeting the FTC’s standards is becoming a bigger job than you can bear alone, then consider hiring an outside firm. There are individuals and firms who specialize in cybersecurity and can help ensure your software is safe and equipped to adequately protect your clients’ sensitive information.

South Oak Title protects NPI by remaining complaint with all seven Pillars of the American Land Title Association’s Best Practices, but specifically Pillar 3 which is centered around the collection, storage, and transmission of electronic information and the protection of NPI.

As Settlement Agents, it is our responsibility to ensure we have the appropriate measures in place to protect this data in both its virtual and physical forms. This responsibility no longer solely lies with the lender, nor should it. The consumer, our buyer/borrower, is the person that everyone in a real estate transaction is servicing.

Why Wait?

Cybersecurity will continue to be an important part of any healthy business as more and more interactions happen over email and online. Solid systems, trained staff and consulting with experts in the field could be what ensures a positive relationship between you and your clients…and saves you from being the bearer of some very bad news.

Please let us know if we can guide and direct you into keeping your client’s information safe during a transaction.