Bulletin: NY000183

Date:
June 26, 2001
To:
All Issuing Offices and Agents in New York
RE:
Privacy of Personal Information of Consumers and Customers

Dear Associates:

Gramm-Leach-Bliley Act

In 1999, the President signed into law the Gramm-Leach-Bliley Financial Services Modernization Act (GLB). GLB protects the privacy of nonpublic personal information relating to consumers and customers.

It protects nonpublic personal financial information of individual consumers concerning non-commercial transactions.

It does not protect financial information in commercial transactions of businesses (such as corporations, companies or partnerships) or individuals. It does not apply to commercial transactions.

It regulates "financial institutions," which can include title insurance companies, title insurance agents, survey companies, attorneys, appraisers, flood certification providers, and other providers of settlement services on residential transactions.

It requires financial institutions to make written privacy disclosures to their customers. A customer may include an insured under a title policy or a buyer, seller or borrower to whom you provide closing services.

It prohibits a financial institution from sharing nonpublic personal information with non-affiliates (less than 25% common ownership) for a non-exempt purpose unless the financial institution gives a written notice to all consumers and allows them to opt-out from sharing of nonpublic personal information.

In response to GLB, the New York State Insurance Department promulgated 11 NYCRR 420 known as Regulation 169. A complete copy of Regulation 169 may be obtained via the internet at http://www.ins.state.ny.us/

Effective Date of Changes

The state insurance departments and Federal Trade Commission (FTC) have generally said that financial institutions must begin complying with the new privacy protection requirements of GLB by July 1, 2001. The FTC and many state insurance departments have adopted regulations to clarify the privacy obligations.

The compliance date for Regulation 169 is July 1, 2001 with respect to consumer financial information and December 31, 2001 with respect to health information.

You should begin complying with our guidelines immediately. This will give you time to fully implement your privacy policy and procedures before July 1, 2001.

Who Must Comply

GLB applies to "financial institutions." The FTC says "financial institutions" include anyone who performs settlement services.

Financial institutions include anyone performing the following on a sale, purchase or finance of an individual's home:

  • Closings

  • Escrows

  • Surveys

  • Appraisals

  • Flood certifications

  • Exchange services

  • Tax searches

  • Title searches

  • Title insurance policies

  • Credit reports

  • Notary services

  • Preparation of Documents

It appears that lawyers who provide these services must comply with this law.

Who is Protected

GLB protects the privacy of individuals who acquire services for personal, family or household purposes. This law protects the privacy of individuals who are buying, selling or securing a loan on their home. This law does not protect businesses or individuals in commercial transactions. This law does not protect institutional lenders.

What is Protected

The law protects the privacy of "nonpublic personal information." Nonpublic personal information includes personal health information and personal financial information.

Examples of nonpublic personal financial information include:

  • Driver's license numbers

  • Sale prices (if not in the public records)

  • Credit reports

  • Loan applications

  • Owner's Policies - including policy number and amount of insurance

  • Social Security Numbers

  • Payoff amounts

  • Loan numbers

  • Bank account numbers

  • Credit card numbers

  • HUD-1s

  • HUD-1As

  • Contracts of sale

  • 1099s

  • Addresses and phone numbers unless known to be public information

  • Tax returns

The law does not protect public information, such as title information in the real property records.

What You Must Do

Except as necessary to process the real estate transaction, do not share nonpublic personal information that you collect.

Provide the attached disclosure (STG Privacy Policy Notice for Commitments and Policies 1, available through the references section at the end of this bulletin) with the certificate of title (title report) to individuals who are buying or selling their home, if you deliver a certificate of title to them for an owner's or loan policy.

Provide the attached disclosure (STG Privacy Policy Notice for Commitments and Policies 1, available through the references section at the end of this bulletin) at the time of closing to individuals who are buying or selling their home, if you perform closing or escrow services.

Provide the attached disclosure (STG Privacy Policy Notice for Commitments and Policies 1, available through the references section at the end of this bulletin) with the title policy to individuals who are buying or selling their home, if you issue a title policy to them.

Provide a disclosure, such as the form (Example Privacy Policy Notice 1, available through the references section at the end of this bulletin), with your company's name on it to individuals on non-commercial transactions (including buyers, sellers, and borrowers) if you perform closing or escrow services. Example Privacy Policy Notice 1 and STG Privacy Policy Notice for Commitments and Policies 1 are not the same forms. You may put both Example Privacy Policy Notice 1 and STG Privacy Policy Notice for Commitments and Policies 1 on the same piece of paper. Both Example Privacy Policy Notice 1 and STG Privacy Policy Notice for Commitments and Policies 1 do not allow sharing of nonpublic personal information with non-affiliates. You are not authorized to share nonpublic personal information that you collect on our behalf with non-affiliated persons. If you share other nonpublic personal information, you may be subject to additional disclosures and you must consult with your own counsel.

You do not need to secure signatures on the attached privacy disclosures.

Establish a written policy on privacy, such as the form Example Privacy Policy Notice 1 and educate your personnel about the policy. Only allow your personnel to access nonpublic personal information on a need to know basis.

Maintain security of any nonpublic personal information that you collect, and avoid keeping copies of nonpublic personal information, such as credit reports and loan applications, if not necessary for your files.

Sharing Starters

You may share and receive starter owner's and loan policies and certificates of title on commercial transactions.

You may share and receive starter loan policies on residential transactions.

You may share and receive starter owner's policies on residential transactions - but you must mark out the name of the insured, the policy number and the amount of insurance. Our NPFI (National Prior Files Index) program (involving starter policies we share with you) will be addressed separately.

You may share and receive certificates of title on residential transactions, but you must mark out the amount of the proposed insurance and name of the proposed insured. Our NPFI program (involving starter policies we share with you) will be addressed separately.

Sharing Affidavits of Identity (Not Same Person Affidavits)

If you share or receive Affidavits of Identity on residential transactions, you must mark out Social Security Numbers and driver license numbers.

Examples of Matters You Should Not Share Without Written Consent of the Parties to the Transaction

Don't share sales price information (unless this is a public record in your state).

Don't share Social Security Numbers or driver license numbers, such as may appear on an affidavit of identity.

Don't share HUD-1s or HUD-1As..

Don't share copies of payoff checks.

Don't share customer lists, such as names of people who placed an order with you.

Don't share other nonpublic personal financial information relating to individuals.

Websites

If you have a website, you should develop a privacy notice for the site, based upon advice of your own counsel.

We agree to comply with the new privacy law. You also agree to comply with the new privacy law when acting as our title insurance agent.

Please notify us of consumer or customer complaints about our privacy practice.

THIS BULLETIN IS FURNISHED TO INFORM YOU OF CURRENT DEVELOPMENTS. AS A REMINDER, YOU ARE CHARGED WITH KNOWLEDGE OF THE CONTENT ON VIRTUAL UNDERWRITER  AS IT EXISTS FROM TIME TO TIME AS IT APPLIES TO YOU, AS WELL AS ANY OTHER INSTRUCTIONS. OUR UNDERWRITING AGREEMENTS DO NOT AUTHORIZE OUR ISSUING AGENTS TO ENGAGE IN SETTLEMENTS OR CLOSINGS ON BEHALF OF STEWART TITLE GUARANTY COMPANY. THIS BULLETIN IS NOT INTENDED TO DIRECT YOUR ESCROW OR SETTLEMENT PRACTICES OR TO CHANGE PROVISIONS OF APPLICABLE UNDERWRITING AGREEMENTS. CONFIDENTIAL, PROPRIETARY, OR NONPUBLIC PERSONAL INFORMATION SHOULD NEVER BE SHARED OR DISSEMINATED EXCEPT AS ALLOWED BY LAW. IF APPLICABLE STATE LAW OR REGULATION IMPOSES ADDITIONAL REQUIREMENTS, YOU SHOULD CONTINUE TO COMPLY WITH THOSE REQUIREMENTS.

References

Bulletins Replaced:
None
Related Bulletins:
None
Underwriting Manual:
None
Exceptions Manual:
None
Forms:
STG Notice - Privacy Policy