16 Hoosier Banker August 2014 DIRECTORS / SENIOR MANAGEMENT We all learned how to keep a secret in the backyard as a small child – “Do not tell anyone.” If you intentionally or unintentionally divulged another’s secret, then you were subject to their wrath. The lessons we learned growing up become more complicated, as we have to communicate with others for legitimate reasons, and such communications have to be kept secret. We call it keeping information in confidence; therefore, we develop procedures and policies to keep information confidential. Today, we must not only know how to keep information confidential, but we have to demonstrate that we have procedures in place to ensure confidentiality. What Is Non-Public Personal Information? Secrets can be in many forms, but knowledge of a person’s financial secrets, which can be used against them, provides the holder of such information a great deal of power. Congress recognized the need to outline standards for protecting financial information and, in 1999, passed the Gramm-Leach-Bliley Act (GLB). GLB required certain protections for non-public personal information (NPI) in the hands of certain companies. In order to protect NPI, it is essential to understand what it is and where it is. Non-public personal information: personally identifiable data such as information provided by a customer on a form or application, information about a customer’s transactions, or any other information about a customer which is otherwise unavailable to the general public. NPI includes first name or first initial and last name, coupled with any of the following: Social Security number, driver’s license number, state-issued identification number, credit card number, debit card number or other financial account numbers. This definition of NPI is rather broad in that two or more pieces of publically available information can be collected with the intention of influencing a consumer credit decision and be considered NPI. If you have an individual’s name or address, that does not amount to NPI. Add the fact that that individual is involved in a real estate transaction, and it becomes NPI. Most information handled in a real estate transaction will rise to the standard when viewed collectively. About the Author Jonathan Biggs is vice president for risk management at Investors Title Insurance Company and a member of the ALTA Best Practice Task Force. He joined the company in 2012, prior to which he served for more than 20 years for a law firm in Durham, North Carolina. Biggs is a past president of the Durham Bar Association’s Young Lawyers Division and of the Durham Junior Chamber of Commerce. He has been recognized with The Distinguished Service Award by the Durham Jaycees Inc. and, in 1999, was named one of the Five Outstanding Young North Carolinians by the North Carolina Junior Chamber of Commerce. Biggs is a graduate of Duke University and of the Wake Forest University School of Law. The author can be reached at 800-326-4842, email: jbiggs @invtitle.com. Investors Title Insurance Company is an associate member of the Indiana Bankers Association and an IBA Preferred Service Provider. Information Security – Keeping Secrets From the Backyard to the Boardroom The American Land Title Association (ALTA), a title insurance and settlement company, gives guidance to help ensure the protection of consumers during real estate transactions. ALTA offers seven standards — known as ALTA Best Practices — by which each bank should measure its service providers. During the next few months, Hoosier Banker will be featuring a series of articles by Investors Title Insurance Company outlining the seven best practices. The June issue covered ALTA Best Practice No. 1 — Licensing; July covered ALTA Best Practice No. 2 — Escrow Accounts: Follow the Money.
RkJQdWJsaXNoZXIy MTg3NDExNQ==