1

Steps to Protect Borrowers from Identity Theft: Step One, Take the Privacy Self-Assessment

By Elaine Wright Harris

President, Trusted Agent Services Group #144

Introduction

“More than 700 million data records

compromised last year . . . [2015]”

Borrower’s Non-public Personal Information

(NPPI) is at risk of identity theft

NSA is the guardian of borrower’s

mortgage documents

Introduction

NSA bears the responsibility: Accepting the role as guardian of mortgage

documents

Understanding the connection between identity theft and NPPI

Keeping abreast of industry regulatory requirements

Identifying and minimizing data risks

Taking the NNA Privacy & Security Self-Assessment

Developing and implementing borrower NPPI protection plan

2

Identity Theft and NPPI

What is Identity Theft?

What is NPPI

Personally identifiable data

Data not available to general public

Information comprising NPPI

The threat of identity theft to borrowers’ NPPI

Identity Theft and NPPI

Mortgage Documents Guardian 101

Lender Requirements

Download documents from

lender’s secured website portal

If borrower wants electronic

copy, advise lender

3

Mortgage Documents Guardian 101

Lender Requirements

If closing at a bank’s branch get permission from

borrower if:

a trainee attends

copies are made by other personnel

If loan package is lost or misplaced, advise lender immediately

Mortgage Documents Guardian 101

NSA Best Practices and Procedures for

Handling NPPI [NNA Privacy Tips]

Before Signing Appointment

During Signing Appointment

After Signing Appointment

Industry Regulatory Requirements

The Gramm-Leach Bliley Act – 1999

Handling “financial data” in a secure manner

Three specific provisions

Privacy Notice Requirement

Title V—Privacy Subtitle A—Disclosure of NPPI

Privacy protections for “personal” information

4

Industry Regulatory Requirements

Federal Trade Commission (FTC) Announced

Privacy “Safeguards” Rule – 2003

Real estate settlement service providers must

develop “written information security programs”

Designed to protect unauthorized access and

misuse of customer NPPI

Industry Regulatory Requirements

The Consumer Financial Protection Bureau’s

(CFPB) Bulletin 2012-03

Financial institutions may be held responsible for

service providers

Financial institutions process for managing risks

of service providers

Industry Regulatory Requirements

American Land Title Association (ALTA) “Settlement Company Best Practices” – 2013

Enhancing existing business practices to: Protect consumers

Ensure quality service

Provide ongoing employee training

Comply with legal and market requirements

5

Industry Regulatory Requirements

NNA NSA Code of Conduct – 2013 Guiding Principle 6: Privacy and Confidentiality

space

“The Certified Signing Specialist will respect the

privacy of each signer and protect closing documents from unauthorized disclosure.”

Today’s regulatory environment

Identifying and Minimizing Risk

What is risk?

Asset + Threat + Vulnerability = Risk

A + T + V = R

Identifying and Minimizing Risk Asset – People, property,

information

An asset is what we’re trying to protect

Threat – Anything that can

exploit a vulnerability, …, and

obtain, damage, or destroy an asset

A threat is what we’re trying to protect against

Vulnerability – Weaknesses or gaps in a security program hat can be

exploited by threats to gain unauthorized access to an asset

A vulnerability is a weakness or gap in protection efforts

Risk – The potential for loss, damage or destruction of an asset as a result

of a threat exploiting a vulnerability

Risk is the intersection of assets,

threats, and vulnerabilities.

A + T + V = R

6

Identifying and Minimizing Data Risk

Electronic Programs

A + T + V = R

SPYWARE TROJAN HORSE VIRUSES WORMS

Identifying and Minimizing Data Risk

Internet-Based Applications/Technology

A + T + V = R

E-MAIL WI-FI SPAM

Identifying and Minimizing Data Risk

Physical Handling of Data

A + T + V = R

HOME VEHICLES OFFICE

7

Identifying and Minimizing Data Risk

Adhere to strong password policy

Install software updates immediately

Use firewalls

Identifying and Minimizing Data Risks

Encrypt everything

Immediate disposal of borrowers’ loan

documents

Handling a security breach

NNA Privacy & Security Self-

Assessment

1. Go to: NNA Signing Agent Tools

2. Click on the Self-Assessment icon

3. Download the Self-Assessment

4. Assess your privacy/security

business practices twice a year

8

Borrower NPPI Protection Plan

Take an honest risk assessment (https://www.nationalnotary.org/knowledge-center/signing-agent-resources/signing-agent-tools/self-assessment)

NNA Privacy Assessment Results

88

50

75 88 88

63 50

100 88 88

75 88

50 50

75 88 88 88

50 63

75

0

20

40

60

80

100

120

DA

Document Acceptance

NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11

NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21

(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)

NNA Privacy Assessment Results

87

47

80

100

80 93

60

93

73

100 87

93 87

53

73

100

73

93 87

47

75

0

20

40

60

80

100

120

DH

Document Handling

NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11

NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21

(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)

9

NNA Privacy Assessment Results

88

63

88

75

88 88

75

88 88 88

75 63

50

88 88

75

88 88

63 63

80

0

20

40

60

80

100

SA

Signing Appointments

NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11

NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21

(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)

NNA Privacy Assessment Results

100

67

92 92 83

92 100

83 92

100 100

83

58 58

75

100

42

92

50

92 80

0

20

40

60

80

100

120

DD

Document Delivery

NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11

NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21

(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)

NNA Privacy Assessment Results

71 71 71

86 86 100

14

100 90

100 100

71 57

71 57

86

43

86

29

86 80

0

20

40

60

80

100

120

NJ

Notary Journals

NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11

NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21

(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)

10

NNA Privacy Assessment Results

71

43

86

71 71 57 57

86 86 86

57 71 71 71

86 100

86 86

57 71 71

0

20

40

60

80

100

120

CM

Communications

NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11

NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21

(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)

NNA Privacy Assessment Results

78

44

78 78 78 67 67

89 89 78

89 78

67 78 78 78 78 78

67

44 44

0

20

40

60

80

100

C&N

Computers and Networks

NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11

NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 21

(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)

NNA Privacy Assessment Results

100

63 63 75

63 63

25

88

60

88 75 75

50

75 80 88

38

100

50

75

50

0

20

40

60

80

100

120

MD

Mobile Devices

NSA 1 NSA 2 NSA 3 NSA 4 NSA 5 NSA 6 NSA 7 NSA 8 NSA 9 NSA 10 NSA 11

NSA 12 NSA 13 NSA 14 NSA 15 NSA 16 NSA 17 NSA 18 NSA 19 NSA 20 NSA 22

(90-100% Strong) (80 – 89% Pretty Good) (70-79% So-so) (60-69% Off the Mark) (59% & Under At Risk)

11

NNA Privacy Assessment Results

DA

DH

SA

DD

NJ

CM

CN

MB

0 10 20 30 40 50 60 70 80 90

Privacy Assessment Results by Category

DA DH SA DD NJ CM CN MB

Strong: 90-100% Pretty Good: 80-89%

So-So: 70-79% Off the Mark: 60-69%

At: Risk: =/< 59%

Borrower NPPI Protection Plan Step 2 - Ask yourself 7 basic questions:

1. What NPPI is accessible to me?

2. How do I receive this info?

3. How do I store this information?

4. How do I protect this information while in my possession?

5. How do I return this information safely to the lender?

6. How do I dispose of NPPI?

7. How do we notify lender of compromised information?

Borrower NPPI Protection Plan

Step 3 – Develop your NSA

Borrower Protection Plan

My NSA Borrower Protection

Plan

12

Borrower NPPI Protection Plan

Step 4 - Implement the NPPI Protection Plan

Summary

As the guardian of mortgage documents, the

informed Notary Signing Agent minimizes the

risk of borrower identity theft by keeping

abreast of industry requirements, developing

and implementing a NPPI protection plan for

the borrower.

Acronyms

Privacy Rights Clearing House (PRC)

Federal Trade Commission (FTC)

The Consumer Financial Protection Bureau’s

(CFPB)

American Land Title Association (ALTA)

National Notary Association (NNA)

13

Resources

Notary Bulletin – January 15, 2014

TitleNews - June 2014

The National Notary, October 2015

Handling Loan Documents and Privileged

Communications, NNA 2014

THANK YOU

to Participants in NNA’s

Privacy Self-Assessment Test 21 Notary Signing Agent Participant List

Bland, Richard Burton, Sherreka Collins, Iris Cooper, Erlinda

Epps, Willie Hall, Lois Harris, Frederick Jenkins, Pamela

Kibunja, Linda Kyttle, Joni Lewis, Daniel Moore, Wanda

Morgan-Smith, Rosalyn Odom, Audralyn Poindexter, Lankford Poindexter, Rodney

Samelson, Tracy Smith, Donnell Valentine-Simmons, Louise Wallace, Shirley

Wright Harris, Elaine

Presenter

Elaine Wright Harris

President, Trusted Agent Services Group

www.wrightnotarypublicnews.com

thedeskofelainewright@comcast.net