Chayan Jagsukh of Tavant: Borrower Data Privacy: The Unsung Differentiator
Chayan Jagsukh is Client Partner-Strategic Accounts with Tavant, Santa Clara, Calif., a position he has held for the past three years. He has nearly 20 years of industry experience; previously, he served as Engagement Manager with EY and in management positions with Cognizant. He began his career as a Relationship Manager with HDFC Bank.
Let’s start with a home shopping scenario: a homebuyer shortlists two homes – one is at the end of a cul-de-sac surrounded by trees and the other is along a street. Which one do you think the homebuyer will buy? If the homebuyer is like us, they would buy the one at the end of the cul-de-sac surrounded by trees. But why is that? Because it’s away from the hustle and bustle and provides some peace and privacy. Additionally, homebuyers will most likely be ready to pay a premium for a property that offers privacy. This indicates that we humans value privacy, and it is inherent in our nature even if we don’t recognize it consciously.
Furthermore, when a borrower starts shopping for home loans and chooses a lender, they have a reasonable expectation of privacy. That reasonable expectation leads them to believe that all the personally identifiable information (PII) and sensitive data that is being shared with the lender and others in the value chain will be used for the purpose for which it’s being collected – getting a home loan in this case. Moreover, the lender that’s collecting this information will store it securely and share it with other third-party providers as required for due process only. The lender will keep the PII only for the time required during the process and as mandated by applicable laws and regulations. The lender also provides an option to homebuyers to opt-out of data sharing and delete their user data where applicable.
With the vast amount of information required to approve a mortgage/home loan, it’s the responsibility of the lenders to ensure that the privacy of the information collected from the borrower is maintained. This personally identifiable and sensitive information often includes tax returns that could contain a social security number, credit reports, W-2s, bank statements, pay stubs, identity verification like a driver’s license, and internal and external pictures of the home.
So, the question beckons – What can lenders do to maintain the reasonable expectation of privacy of their borrowers? How do they keep that trust?
Here are seven tips that lenders and others in the value chain can utilize:
- Privacy Notices/Statements – Publishing privacy notices/statements on your website educates consumers about the information that’s being collected, how it will be used and disclosed, how to exercise any choices about use and disclosures and how to access and update the information. It’s also helpful for the employees to understand the data practices of the firm.
- Identify the points of data collection – The user data could be collected in multiple ways (known or unknown), so having a view of the various user touchpoints from where the data is being collected goes a long way. Some of the common touchpoints for user data collection include websites, borrowers’ web browsers, emails, chats, phone conversations, call centers, data directly from borrowers, and data about borrowers from third parties (financial institutions, CRAs, state/county etc).
- Types of data collected – With the purpose of the user interaction being a mortgage/home loan, it’s important to understand the different types of user data being collected from multiple touchpoints. Then one can determine if the data collected is necessary for the home loan process.
- Data categorization by sensitivity – Due to most of the user data collected being personally identifiable and sensitive, it should be categorized in buckets of sensitivity (low/medium/high). This categorization will also help in granting the appropriate employees access to the user data.
- Data shared with third parties – A mortgage process requires the sharing of user data with third parties such as appraisers, notary, title and insurance companies and many others. Data shared with them should be limited to the purpose of the service required from them.
- Privacy practices of the third parties – Since the third parties receive the PII and sensitive data of the users, it’s beneficial for the third party to follow the practices as mandated by the lender or the industry best practices.
- Applicable regulations – Some of the long-standing regulations provide guidance to protect individuals and their data. One of the most well-known legislations regarding privacy is the Gramm-Leach-Bliley Act (GLBA) of 1999 that requires specific data privacy and security standards for financial institutions and others who receive non-public financial information of their consumers.
There is also the Fair Credit Reporting Act (FCRA) that limits the ways a consumer’s information can be used, informs the consumer how and when the information is being used and provides ways to correct mistakes. Furthermore, there are self-regulatory standards like PCI Security Standards Council which require certain features and protocols to best protect the company and customers. Some states like California, Utah, Virginia and Colorado have passed data privacy protection laws while many other states are in the process of approving similar legislations. These are just a few examples that help show the measures that are taken to protect the homebuyer’s information and hopefully shed light on why it is so important to be aware of lenders’ privacy practices.
When it comes to choosing a lender for a mortgage, borrowers have many options. How do you as a lender deter borrowers from going elsewhere? Of course, providing a home loan faster and cheaper than the competition will put you ahead of the rest. However, in response to this rapidly changing climate, lenders must consider the data privacy of borrowers as a differentiator as all individuals have a paramount expectation of privacy.
(Views expressed in this article do not necessarily reflect policy of the Mortgage Bankers Association, nor do they connote an MBA endorsement of a specific company, product or service. MBA NewsLink welcomes your submissions. Inquiries can be sent to Mike Sorohan, editor, at email@example.com; or Michael Tucker, editorial manager, at firstname.lastname@example.org.)