|Mortgage bankers urged U.S. senators to adopt a national data security system that would preempt a patchwork of state laws.
The Mortgage Bankers Association expressed the need for the uniform standard in a recent testimony before the U.S. Senate Committee on Banking, Housing and Urban Affairs, according to a prepared transcript provided by MBA.
Currently, the Safeguards Rule of the Gramm-Leach-Bliley Act reportedly requires mortgage companies to safeguard customer records and information.
But a number of cases involving unauthorized access to personal information improperly disclosed to third parties or lost by way of postal transmission has prompted a variety of federal and state bills that outline provisions for proper storage of personal data and for notifying consumers when their data has been compromised. At the present time, 18 Congressional bills and 266 state bills relating to consumer privacy have been introduced, according to the testimony.
“Upon MBA’s review of the proposed Federal legislation and state bills that have either been proposed or passed, a number of issues have emerged that could have a significant impact on the mortgage banking industry,” MBA said in the testimony.
Congressional bills generally set storage and disposal standards for companies that store, maintain or utilize personal identification data, as well as provide requirements for consumers to be notified if their identifying data has been compromised. However, legislation is not fully clear as to which institutions the requirements would apply to, they have varying “triggers” as to what security breaches would require notification to consumers, and vary in their applications to GLB, the Washington, D.C.-based association said.
MBA also noted that breaches could end up not being reported because some states don’t address specific reference or exclusion for encryption, leaving unclear whether businesses are to assess if the confidentiality or integrity of the data presents a security breach and if all security breaches are to be reported whether data is encrypted or not.
Mortgage lenders could be required to encrypt computerized data to prevent an unintended recipient from reading it and further be required to notify consumers if a security breach has occurred, MBA said.
“As mortgage promissory notes migrate through their life cycle from the primary origination market to the secondary investor market and are used to create mortgage backed securities, identifying ownership of personal information is difficult to pinpoint and track,” MBA said. “Liabilities associated with the ownership and responsibility of security breach notifications requires a very clear and concise definition.”
MBA suggested that the responsible organizations should bare all costs incurred when there is a security breach, regardless of the origin of personal information involved in the breach or the organization that performs notifications. The group also recommended that the cost of penalties for violations of the proposed federal legislation be commensurate with the type and scope of a security breach.
“MBA hopes that new Federal legislation will be put in place that provides a clear, consistent and uniform set of guidelines and laws by which financial organizations can implement personal information protection programs and policies that better protect consumers from [the] expanding threat” of identity theft, the group added.
So, you’re interested in refinancing your mortgage. Maybe you want some extra capital to do that home project you’ve always dreamed of, interest rates are nearing record lows, or you want to start consolidating debt. Regardless of the motivation behind the refinance,...