Protect Your Signers’ Private Information Fiercely!Brenda Stone
Would you be bothered by giving a stranger complete access to all of your financial matters, your Social Security Administration (SSA) card, a copy of your driver’s license, and all of your credit card numbers? I am not talking about handing these things over to your banker, physician, lawyer, family member, or best friend! I mean a random person, someone you have not picked out!
This person would hold enough information about your life that your credit could be ruined and your identification could be stolen, as well, if the person wasn’t careful.
That’s the position our signers are in when they agree to allow a mobile notary signing agent to become involved in their loan document signing tasks. Borrowers must trust notaries with all of their private financial information before meeting them.
As notary signing agents, we have a heavy load on our shoulders. It’s up to us to protect that information fiercely. This week, we will talk about tightening up on the way we handle our notary signing agent activities to better protect private financial information of signers and borrowers.
ALTA’s Stance on Non-Public Private Information
The non-public private information of our borrowers is what we are duty bound to protect.
If you have read the American Land Title Association’s (ALTA’s) requirements for hiring third-party vendors, you’ll understand where these concerns come from. Any company who hires you to work as a loan signing agent is supposed to vet you for proper credentials. Those credentials are listed in this article, one we previously published.
The requirements resulted from a critical federal review of how borrower information was handled by financial institutions. This monumental oversight and review began in earnest in 2012. That’s when we all learned about the Consumer Financial Protection Bureau (CFPB) via the famous memo released on April 23, 2012. Suddenly, everyone in the process of mortgage loans became accountable for making sure that the private information of consumers were protected. The memo referred to “service providers” and that included notaries signing agents in the process. And, in our case, consumers are “borrowers.”
Today, I want to revisit ALTA’s expectations on protecting the non-public private information of borrowers. I will direct you to the Best Practices FAQ’s published by ALTA. Please take a long look at that, but first, let’s have a moment of plain talk about what it is we are protecting. What exactly is Non-Public Private Information?
Non-Public Private Information
The phrase non-public private information (also known as NPI or NPPI) refers to information that reveals personal financial information and which isn’t publicly available. Some of the most common pieces of NPI that notaries receive via email and print out on their printers are
- SSA Numbers
- Driver license numbers
- Passport numbers
- Birth dates
- Family information
- Account numbers
- Credit ratings
- Assets and debts listings
Any one of those items sitting all alone on a fragment of paper doesn’t pose a big threat to anyone. But when paired with a name, the fragment of paper becomes dangerous to the rightful owner of the information. When several items are all in one bundle of papers, abuse of that information would be lethal to a person’s financial future and possibly even be used to destroy the victim’s standing in the community and reputation.
Recommended Best Practices from ALTA – Pillar #3 – NPI
At the bottom of the document containing the recommended best practices FAQ’s is another link to a document entitled ALTA Best Practices Framework – Assessment Procedures V3.0. Click on that link and download the PDF.
Yes, I know this is a complicated process, and that is why I am writing on it, to try to make it easier to digest. If we don’t regulate ourselves as notary signing agents, bad habits will catch up with us. All of the practices recommended in this document regarding how to handle NPI applies to us–we are service providers and must mimic the guidelines in our own tasks.
The document is 20 pages long, and every notary who handles loan signings should read it with a highlighter in hand to determine better procedures for handling NPI.
Below are Tips to Improve How you Handle NPI
First of All, Have Written Rules and Policies.
Write down your rules for handling NPI. Follow them. You might try creating rules from the following tips. These certainly aren’t all inclusive, but if you write rules and make following them a habit, your professionalism won’t go unnoticed.
Engage Clean Desk, Shredding, & Locking Policies.
Keep bundles of documents safe under lock and key while they are waiting for you to head out the door to meet with a signer. If you live alone, that’s one thing. But, if anyone has a key to your home or office aside from you, that’s grounds for locking up the documents. Purchase a file cabinet to drop your documents into that can be locked when they are out of your sight. I know this sounds like overkill, but it is for yours and your signer’s protection. A notary friend of mine has a security camera in his notary office. One night, he caught a video of his office being snooped in by a security person! Fortunately, he follows a locking file and clean desk policy.
When you print, shred everything that you do not take to be signed. If you cannot shred immediately, put your discarded loan documents into a locking file cabinet or container.
Tighten Up on Your Email and Cloud Usage.
Scrutinize your handling of email that contains NPI.
There are alternatives to Gmail, Hotmail, Yahoo, or other free providers. Look at ProtonMail and HushMail. Both have affordable alternatives. ProtonMail has a free version. HushMail will let you try before you buy.
At minimum, you should use dual authentication on email addresses that you use to handle documents with NPI. Additionally, your email passwords should be long, difficult to crack, and contain no words. Another security measure that is becoming popular are pass phrases which you can read more about on HushMail’s website.
Use strong passwords and dual authentication on your cloud storage, as well.
Password Protect Documents to the Extent You Can.
When you store a document with NPI on your computer, remove it from your email, and set a password on that document to protect it. As discussed in a previous article, you might need to purchase Adobe Acrobat (the full version for $12.50 a month) to have the capability to lock up documents with a password while you have them on your computer desktop.
Set Up a “Time to Delete from Disk” Trigger Policy.
We should all have a written rule on the trigger that will decide when we will delete a package of loan documents from the computer. Don’t let this languish in email accounts or on your hard drive! Log when those files are deleted.
You Need a Policy Against Taking Pictures of ID with YOUR Devices.
Be smart about technology. Insist that the signers produce a paper copy of his or her ID at your appointment. Paper copies provided to the notary is better.
Make it a policy not use your cell phone to take pictures of signer’s ID. Why? Because every time you take a picture of an identification document with your cell phone or camera, you risk exposing yourself to liability. Your phone has a hard drive in it upon which pictures become a permanent part. Even if the files are deleted after your send them off to the hiring party, some part of the snapshot remains. They can be reconstructed.
What if that signer’s ID is stolen in the near future? They will remember that your phone has their ID on it. My experience is that most borrowers have a way to reproduce the ID in their home. Push back if they want you to take the picture. Put the burden on the owner of the ID to send it to your email if they insist. Let them take the picture and email it to you.
I have read more than once on social media that notaries protest that they use their cell phones for everything from faxing in pictures of documents containing NPI to sending in ID copies and there is no law against it. They do it as a convenience for themselves.
The reason we should stop doing those things is because it isn’t taking the best care possible of private information, a requirement of the Consumer Financial Protection Bureau and ALTA. Even more so, I would say that I don’t do those things because I think of how I want my information to be treated. I certainly do not want a notary taking picture of my ID or playing loose and fast with my own non-public private information. Read up on how to clean up your smart devices before handing them over to another user, selling, or discarding them. This article is enlightening on why you should destroy phones. Here is an article that explains how to clean up a phone–by using an app or using a large video file to overwrite all the information you need to cover up.
Use Private / Secured Wifi Only.
Don’t use public Wifi period. Anything you transmit is also public information when you use the wifi around in public places like doctor’s offices, hotels, coffee shops, and retail stores. Here’s more information on it if this warning doesn’t convince you.
Never Use Public Printers or Copiers.
When you pay to have documents printed you expose NPI to the employee that operates that printer.
Furthermore, the same is true if you use a public library’s printer or that of an employer if the printer has a hard drive in it, as many do. For instance, printers that are also used as copiers burn images of documents onto hard drives. Someone else eventually has access to the NPI of your signers.
Use Antiviral Software & Malware Protection.
Install antiviral software on every device you own: computers, smart phones, and tablets. My preference is Sophos for everything. It is highly recommended by my own IT advisor and Sophos has many free tools. Additionally, it doesn’t seem to take up a lot of memory in my cell phone or computer. There are many types of antiviral apps to consider. Just do a simple Google search for your type of device and “top apps for antivirus.”
One article recommends the list below for antiviral software apps designed for Android devices.
- Avast Mobile Security
- Bitdefender Antivirus Free
- McAfee Security & Power Booster Free
- Kaspersky Mobile Antivirus
- Sophos Free Antivirus and Security
- Norton Security and Antivirus
- Trend Micro Mobile Security & Antivirus
- AhnLab V3 Mobile Security
- Avira Antivirus Security
TechRadar recommends this list of apps for protecting your iPhone.
- Avira Mobile Security
- Lookout: Security and Identity Theft Protection
- McAfee Mobile Security
- Trend Micro Mobile Security
- F-Secure SAFE
- Fyde Mobile Security & Access
Notary Record Books
If your state requires you to collect the numbers from driver licenses, for instance, and add them to your notary record book when you perform a notarial act, you have critical information that can create a great deal of danger for anyone who has used your notary services. We discussed safeguarding record books recently. You can read more about that here.
Can you think of anything else?
We would love to hear your tips and tricks on keeping your signer’s NPI safe! Please comment below. As always, we appreciate you sharing this article across social media via link. Be safe as we approach the holiday season!