Never have there been so many legal and ethical considerations surrounding mortgage lender handling of consumer data. There are good reasons for this fact.
Mortgage lenders have access to the most personal and private information owned and guarded by consumers. This includes their names, age and dates of birth, marital status, home addresses, work addresses and detailed employment and salary information, assets including bank accounts, credit card and debt information, spouse and family members, and credit scores. This information is collected usually electronically, occasionally manually, and is passed through the hands and eyes of dozens of persons both within and without an organization as the loan process progresses towards a closing. It is obvious that the handling of this information represents a significant trust factor, as well as offering ethical and legal considerations which must be appropriately managed at the risk of litigation, regulator and reputation costs.
The Gramm-Leach-Bliley Act, Federal Trade Commission rules, CFPB, OCC and HUD directives, and new state data privacy and security laws (i.e. New York and California) among others, all bring specific obligations and the risk of severe penalties to those who fail to “plan and execute.”
Managing this problem, like most operational issues, requires a carefully crafted plan to assure the data collected from trusting consumers does not end up being stolen, lost or abused and thereby causing them harm. Some key considerations every lender should be addressing include:
Private data (also known as PII-or Personally Identifiable Information) is entrusted to mortgage lenders with the reasonable expectation that it will be handled appropriately throughout the organization. Next to medical data, personal and financial data is the most coveted private data sought by criminals for its resale value. Recognizing their unique role in handling this sensitive information, all lenders must plan and execute appropriately.