Thursday, March 5, 2020

Where's my Privacy Policy?

Most Important - The first form you should give to a customer

In this era of wholesalers taking applications in your name at the point of sale, it's important to note the timing of the Privacy Policy. It should be delivered BEFORE you share the information with a vendor (credit bureau, appraiser, WHOLESALER/INVESTOR, etc.)

Where's my Privacy Policy?




Gramm-Leach-Bliley (GLB) Privacy rules received an inordinate amount of attention in the pre-crisis compliance era. This is due to corporate structures that share consumer information, often without the customer's knowledge. To protect consumers against unauthorized sharing so that affiliates and other firms can market to your consumer, the Opt-Out Provisions of the Gramm-Leach-Bliley privacy rules require that companies tell consumers how they treat consumers' private information. In addition, the company must give the consumer the option to elect NOT to share that information. This results in the form the consumer receives and the instructions they use to opt out. 

We still see MANY questions regarding this form and its proper completion, so we have provided this simple guide to correctly populating the form fields. 

When a Regulator Asks for your Privacy Policy

We get the question, "where is my Privacy Policy?" in the policies and procedures we provide. It's natural to ask us because of how the question is phrased. But this one does not come in a formulaic narrative manual. It's embodied in your disclosures and (hopefully) on your website. The "Model Privacy Notice" is your "Privacy Policy" as far as GLB is concerned. 



How to Correctly Complete the Form

  1. Add income/employment, asset, credit history, and property information as necessary.
  2. YES - you send to investors, underwriters, secondary market partners, title companies, etc. 
  3. NO - they can't limit it because they wouldn't get a loan if you didn't share it.
  4. Depends on your marketing - do you market to your customers - past or present? (e.g., email blasts) If yes, then yes, and your customer must be able to opt out, and you have to have a toll-free number.

Many States Require Specific Disclosures on the Form, Such as Vermont





Build Your Own Form


You can use the CFPB's form builder tool here to build your own privacy document:




Not Every Privacy Policy is a GLB Privacy Policy


Often, a regulator will ask for a Privacy Policy, referring to a policy or procedure describing how you will keep your customer's private information secure. In other words, "Information Security" and not "Privacy."

No comments:

Post a Comment