top of page

Gramm-Leach-Bliley Act for the Notary Signing Agent




Gramm-Leach-Bliley Act (GLBA) and the Notary

As a Notary have you ever wondered what the GLBA regulation is? Let alone why you need to be concerned with it?

Chances are you have seen it referenced in your SPW Code of Conduct and the exam you likely took with the NNA as a Notary Signing Agent. I'm guessing you want to know what that has to do with you as a Notary Signing Agent. I promise I'll get to that, but first you should understand exactly what you are dealing with here.

This is also known as the Financial Modernization Act of 1999 and is a Federal law enacted to control the ways financial institutions handle the private information of individuals. It not only governs when they can share Non-public Personal Information (NPPI) but also how they can share it. Several agencies contribute to the regulations within the act as well a have a role in enforcing those regulations.

  • Consumer Financial Protection Bureau (CFPB)

  • Federal Trade Commission (FTC)

  • Federal Banking Agencies

  • Federal regulatory Agencies

  • State Insurance oversight Agencies

  • The Securities Exchange Commission (SEC)

State laws also play a role and can require greater compliance, but not less than what is required by GLBA.

What is considered Non-Public Personal Information (NPPI)?

  • An individual’s name

  • Income

  • Social Security Number

  • Marital Status

  • Address

  • Birth dates

  • Education level

  • Employment data

  • Amount of savings or investments

  • Loan or deposit balance

  • Credit and debit card purchases

  • Account numbers

  • Consumer credit reports

  • Where the individual may have an account – what financial institution

  • A phone number – if it is an unlisted number

  • Bio-metric Data (Fingerprints)

  • Geolocation data

  • Internet and other electronic information

  • Tax information

Who is regulated by GLBA?

  • Financial institutions

  • Non-bank mortgage lenders

  • Real Estate Appraisers

  • Loan Brokers

  • Some Financial or investment advisers

  • Credit reporting companies

  • Pay-day lenders

  • Debt collectors

  • Car rental companies

  • Car Dealers

  • Courier services

  • Universities

  • Tax return preparers and accountants

  • Banks and Credit Unions

  • Real Estate Settlement providers, including Title and Escrow and Real Estate closing attorneys

There are two major components of the GLBA;

  1. Financial Privacy Rule, this restricts the sharing of NPPI

  2. Safeguards Rule, requires a security plan both as a company policy and Cyber Security policy

It also states that when information is shared with unaffiliated parties, the unaffiliated party must handle the information in accordance with GLBA regulations. GUESS WHAT? We and Notary Signing Agents fall into that ‘unaffiliated party’ category.

Just like the companies we do assignments for, we are subject to the Safeguard Rule;

  • Insure the confidentiality and integrity of NPPI

  • Protect against common cyber attacks, cyber threats and attack vectors

  • Protect against data breaches, data leaks and unauthorized access to or use of NPPI

  • Regulations apply to any record containing NPPI whether paper, electronic or other form

There are other regulations that we really don’t need to get into here as they really don’t apply to us…yet.

Under GLBA, Financial institutions who disclose NPPI to a third-party vendor or service provider (that’s us) must enter into a contractual agreement. (Which is why we will typically sign an agreement with the companies that we work with)

Non-compliance penalties are steep. $10,000 fine for each violation for individuals and up to 5-yrs in prison.

As Notary Signing Agents, we really need to think twice about how we are handling NPPI received through our loan signings.

  1. Don’t use public computers or printers

  2. Don’t store loan documents or order assignments on our computers

  3. Always store loan documents un a locked drawer until it’s time to go to your appointments

  4. Don’t allow your children, spouse, or friends to use your business computer

  5. Never allow someone to ride-along to your appointments

  6. Don’t use names and address you have from our appointments to solicit new business.

  7. Ensure your internet connection is secure and that you have other data breach safeguards in place on your equipment.

Recent GLBA cases brought by the FTC include:

Ascension Data and Analytics. In 2020, the Arlington, Texas,

company agreed to an undisclosed financial settlement after a

vendor, OpticsML, was found to have stored customer financial

information in plain text in insecure cloud storage.

PayPal. The online payment processor agreed to pay $175,000 to

the state of Texas in 2018 to settle GLBA and Federal Trade Act

violations that compromised data security and privacy of customers

using its Venmo peer-to-peer application.

TaxSlayer. Hackers were able to access nearly 9,000 of the

Augusta, Ga., online tax preparer and customer records for several

months in 2015. The FTC said it failed to implement a

comprehensive security program.

3 views0 comments

Comments


bottom of page