What Is NPI in Mortgage and How Is It Protected?
Unpack the importance of Non-Public Personal Information (NPI) in mortgages and the robust protections in place for your financial privacy.
The handling of personal data in financial transactions is important, particularly within the mortgage industry. Consumers entrust mortgage companies with sensitive information, making data privacy a concern. Understanding what constitutes non-public personal information (NPI) is important for maintaining consumer trust and ensuring the secure management of financial details throughout the mortgage process.
What is Non-Public Personal Information?
Non-Public Personal Information (NPI) refers to personally identifiable financial information that is not publicly available. This includes any data an individual provides to a financial institution to obtain a financial product or service. It also encompasses information resulting from transactions between a consumer and a financial institution, or data otherwise obtained by the institution in connection with providing a financial product or service.
Information is considered non-public if it is not lawfully made available to the general public from sources like government records or widely distributed media. Financial institutions are obligated to protect this data.
Examples of NPI in Mortgage Applications
Within the mortgage application and servicing process, various types of information qualify as NPI. This includes personal identifiers provided on application forms, such as your name, address, and Social Security number. Income details, employment history, and credit history are also considered NPI.
Financial specifics like bank account numbers, loan balances, payment histories, and credit card purchases fall under NPI. Information obtained from consumer reports or court records in connection with providing a mortgage product or service is also classified as NPI. Property-related information, such as a property address when directly linked to an individual’s ownership and loan details, is also NPI collected during the mortgage process.
Safeguarding Your Mortgage Data
The legal and regulatory framework for protecting NPI in the mortgage industry stems from the Gramm-Leach-Bliley Act (GLBA). GLBA mandates that financial institutions clarify their practices for collecting, processing, and sharing customer data.
GLBA incorporates the Privacy Rule, which governs the collection, disclosure, and protection of NPI. This rule requires financial institutions to provide consumers with privacy notices explaining their data-sharing practices and offering the right to opt out of certain information sharing with nonaffiliated third parties. Consumers generally receive an initial privacy notice when establishing a customer relationship and annually thereafter.
The Safeguards Rule, another component of GLBA, requires financial institutions to implement security programs to protect NPI. These programs must include administrative, technical, and physical safeguards appropriate for the institution’s size and complexity. These safeguards ensure the confidentiality, integrity, and availability of current and former customers’ nonpublic personal information.
Mortgage companies are required to develop a written information security plan to address potential threats to customer data. This includes measures such as secure data storage, employee training on data handling protocols, and physical security for sensitive documents. The aim is to prevent unauthorized access, misuse, or theft of sensitive customer information.