According to the a la mode, inc. “Best Practices” Series dealing with compliance issues of the Gramm-Leach-Bliley Act Click here for the full article ] :
"The important thing when evaluating your options is to scale them to your needs, and remember that it’s not “all or nothing”.
"Improving security and compliance is a path, not a destination. It will never be done because the risks and methods constantly change. Don’t feel like you have to have it all done tomorrow. You don’t. You do need to start, and be educated, however. Security and privacy issues are not going away, ever."
I think that the logical starting point is to develop or adopt some sort of Privacy Policy that complies with the Privacy Rule of GLB. When the act was first adopted I used the GLB form that was included in my appraisal software package. Brian J. Davis & Associates GLB Privacy Statement - click here.
That GLB Privacy Statement however has been hidden on the password protected "Licenses and Certificates" page of my web site. The problem with that practice is that it does NOT comply with GLB's instructions!
- Develop a privacy policy and opt-out mechanism. Privacy policy examples are all over the web, on nearly every site you visit. Check out the GLB policies of your clients, posted on their sites, for examples too. Like the security plan, keep it simple at first – anything is better than nothing. I've posted an example below.
- Post the policy conspicuously on your website. It should be on the footer of every page, as well as in the main navigation. It should visually stand out. The law specifically requires that it be conspicuous. This is where MY "current" web site solution is not going to work! It's just too hidden to be considered "conspicuous". So, I've decided to add a "footer" that will appear at the bottom of every page on my web site that is hyperlinked to my Privacy Policy page. THAT should do the trick for now.
- Send the policy immediately any time you get a new consumer order. As soon as you receive an order from a consumer, you must provide the policy. You do not have to make it a mandatory “click through” before accepting an order. You only have to provide it quickly enough after the order that the consumer would be able to opt-out before his or her NPI is shared with anyone. Generally speaking, you should send the notice as soon as the order is received.
To assist NAR appraisers in dealing with privacy issues related to the Gramm-Leach-Bliley Act, a Privacy Statement template was developed. To download the Word Doc. version of this statement click - here.
2. How we protect information: We restrict access to any nonpublic personal information about you that we collect to those employees who need to know that information to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your nonpublic personal information. 3. Where do we collect information from: We may collect and maintain nonpublic personal information in the course of providing you with the appraisal services you requested, including:
- Information we receive from you on applications, letters of engagement, forms found on our web site, correspondence, or conversations, such as your name, address, telephone number and social security number.
- Information about your transactions with us, our affiliates or others, including, but not limited to, payment history, parties to transactions and other financial information.
- Information we receive from a consumer reporting agency such as a credit history.
4. What information we may disclose: OPTION #1: We do not disclose nonpublic personal information about clients or former clients except as permitted by law. (If you select this option and you in fact don’t share information with anyone, then your form is done – if you share information as permitted under one of the exceptions, i.e., as permitted by law, then you will need to include that disclosure. See, for example part C(3) of the article on preparing a disclosure form.) OPTION #2: We may disclose the nonpublic personal information about you described above, primarily to provide you with the appraisal services you seek from us. 5. Who we share information with: Unless you tell us not to, we may disclose nonpublic personal information of the type described above about you to the following types of third parties:
- Financial service providers _________________________ (others as they pertain to your business, such as banks and lending institutions, estate planners, mortgage brokers, tax attorneys, etc.)
- Non-financial companies ______________________ (others as they pertain to your business, such as retailers, direct marketers, etc.)
- We may also disclose nonpublic personal information about you to nonaffiliated third parties as permitted by law. (If you include this provision then you will also need to include another section identifying the types of nonaffiliated third parties to whom you are referring in this provision, See, for example part C(3) of the article on preparing a disclosure form.)
Opt-Out-Notice
- You may limit information shared about you. If you prefer that we not disclose nonpublic personal information about you to third parties, you may opt out of those disclosures, that is, you may direct us not to make those disclosures (except those permitted by law). If you wish to opt out, check the block below. Please acknowledge that you have read and understand this form with your signature below.
Recent Comments