Gramm-Leach-Bliley Act (GLBA) and the Notary
As a Notary have you ever wondered what the GLBA regulation is? Let alone why you need to be concerned with it?
Chances are you have seen it referenced in your SPW Code of Conduct and the exam you likely took with the NNA as a Notary Signing Agent. I'm guessing you want to know what that has to do with you as a Notary Signing Agent. I promise I'll get to that, but first you should understand exactly what you are dealing with here.
This is also known as the Financial Modernization Act of 1999 and is a Federal law enacted to control the ways financial institutions handle the private information of individuals. It not only governs when they can share Non-public Personal Information (NPPI) but also how they can share it. Several agencies contribute to the regulations within the act as well a have a role in enforcing those regulations.
Consumer Financial Protection Bureau (CFPB)
Federal Trade Commission (FTC)
Federal Banking Agencies
Federal regulatory Agencies
State Insurance oversight Agencies
The Securities Exchange Commission (SEC)
State laws also play a role and can require greater compliance, but not less than what is required by GLBA.
What is considered Non-Public Personal Information (NPPI)?
An individual’s name
Income
Social Security Number
Marital Status
Address
Birth dates
Education level
Employment data
Amount of savings or investments
Loan or deposit balance
Credit and debit card purchases
Account numbers
Consumer credit reports
Where the individual may have an account – what financial institution
A phone number – if it is an unlisted number
Bio-metric Data (Fingerprints)
Geolocation data
Internet and other electronic information
Tax information
Who is regulated by GLBA?
Financial institutions
Non-bank mortgage lenders
Real Estate Appraisers
Loan Brokers
Some Financial or investment advisers
Credit reporting companies
Pay-day lenders
Debt collectors
Car rental companies
Car Dealers
Courier services
Universities
Tax return preparers and accountants
Banks and Credit Unions
Real Estate Settlement providers, including Title and Escrow and Real Estate closing attorneys
There are two major components of the GLBA;
Financial Privacy Rule, this restricts the sharing of NPPI
Safeguards Rule, requires a security plan both as a company policy and Cyber Security policy
It also states that when information is shared with unaffiliated parties, the unaffiliated party must handle the information in accordance with GLBA regulations. GUESS WHAT? We and Notary Signing Agents fall into that ‘unaffiliated party’ category.
Just like the companies we do assignments for, we are subject to the Safeguard Rule;
Insure the confidentiality and integrity of NPPI
Protect against data breaches, data leaks and unauthorized access to or use of NPPI
Regulations apply to any record containing NPPI whether paper, electronic or other form
There are other regulations that we really don’t need to get into here as they really don’t apply to us…yet.
Under GLBA, Financial institutions who disclose NPPI to a third-party vendor or service provider (that’s us) must enter into a contractual agreement. (Which is why we will typically sign an agreement with the companies that we work with)
Non-compliance penalties are steep. $10,000 fine for each violation for individuals and up to 5-yrs in prison.
As Notary Signing Agents, we really need to think twice about how we are handling NPPI received through our loan signings.
Don’t use public computers or printers
Don’t store loan documents or order assignments on our computers
Always store loan documents un a locked drawer until it’s time to go to your appointments
Don’t allow your children, spouse, or friends to use your business computer
Never allow someone to ride-along to your appointments
Don’t use names and address you have from our appointments to solicit new business.
Ensure your internet connection is secure and that you have other data breach safeguards in place on your equipment.
Recent GLBA cases brought by the FTC include:
Ascension Data and Analytics. In 2020, the Arlington, Texas,
company agreed to an undisclosed financial settlement after a
vendor, OpticsML, was found to have stored customer financial
information in plain text in insecure cloud storage.
PayPal. The online payment processor agreed to pay $175,000 to
the state of Texas in 2018 to settle GLBA and Federal Trade Act
violations that compromised data security and privacy of customers
using its Venmo peer-to-peer application.
TaxSlayer. Hackers were able to access nearly 9,000 of the
Augusta, Ga., online tax preparer and customer records for several
months in 2015. The FTC said it failed to implement a
comprehensive security program.
Comments