Last year, hackers targeted a number of retailers to compromise shoppers’ financial and personal information. A recent hack of a health insurer possibly jeopardized policy holder data. And Krebbs Security (krebsonsecurity.com) reported on February 15th about an investigation being conducted by the Defense Contract Management Agency of a possible hacking.
Surely the reports of stolen data by hackers have made you more aware of protecting your credit cards when shopping. But how protective are you about handing over personal information to mortgage lenders, real estate brokers/agents, and title companies? If not managed or disposed of properly, your sensitive personal information could be at risk of being stolen – an identity thief only needs a few pieces of personal information to access bank accounts, credit card accounts, health record/insurance, etc.
When buying a home, your information is “out there;” and you are trusting those who have it to protect it. If you want to obtain a mortgage, you must complete a mortgage application; which requires a social security number, date of birth, address, employment, and other information. Mortgage lenders also collect financial documents (such as w-2’s, tax returns, and bank statements) to verify income and asset information on your application.
Additionally, your real estate agent may ask you to complete a financial information sheet to demonstrate to the seller your ability to purchase the home. And as a means of record keeping, transaction files maintained by brokers and agents may also contain copies of deposit checks, credit card information, and other financial instruments.
Renters may be required to submit personal information too. A rental application is a lot like a mortgage application, asking social security number, date of birth, address, employment, and other information.
The National Association of Realtors® (nar.realtor) Data Security and Privacy Toolkit states that although there is no federal law specifically applicable to real estate brokers, the Gramm-Leach-Bliley Financial Modernization Act applies to businesses that qualify as financial institutions; which may subject brokers to comply with “Red Flag Rules” (and other rules), and require policies and procedures to protect against identity theft.
States have also implemented laws to protect consumers from identity theft. For example, the Maryland Personal Information Protection Act (MD Code Commercial Law § 14-3501) describes personal information as an individual’s first name or first initial and last name in combination with any one or more of the following: Social Security number; driver’s license number; financial account number (including credit cards); and/or an Individual Taxpayer Identification Number. Additionally, the law requires a business to take reasonable steps to protect against unauthorized access to or use of the personal information when destroying a customer’s records that contain personal information.
When choosing a mortgage lender and real estate agent, you might consider asking about the company policy on protecting personal information. Some questions about personal data might be: what types of information will be collected; what is it used for; who has access; when transmitted, is it encrypted; how long will the information be retained; and how will the information be disposed? Besides the management of your personal data, you should ask about procedures in case there is a suspected data breach.
To learn more about protecting your personal information and protecting yourself from identity theft, visit these consumer websites: FTC (consumer.ftc.gov/features/feature-0014-identity-theft) and the FDIC (fdic.gov/consumers/privacy).
By Dan Krell
Disclaimer. This article is not intended to provide nor should it be relied upon for legal and financial advice. Readers should not rely solely on the information contained herein, as it does not purport to be comprehensive or render specific advice. Readers should consult with an attorney regarding local real estate laws and customs as they vary by state and jurisdiction. Using this article without permission is a violation of copyright laws.