VIEWS: 5 PAGES: 1 POSTED ON: 7/8/2012
4 The Counselor Summer 2009 5 Continued from page 3 Getting a Grip on Identity Theft Jennifer M. Miller and Kelly B. Roney requires that a business in the State of Nevada shall not Erring on the Side of Caution transfer any personal information of a customer through an electronic transmission, other than a fax, to a person Responding to Qualified Written Requests under RESPA outside of the secure system of the business unless the business uses encryption to ensure the security of the elec- The Real Estate Settlement Practices concerning the reasons the borrower account is correct, and specific contact tronic transmission. The Nevada Law defines encryption Act of 1974 (RESPA) represents a believes his account is wrong, or pro- information of an individual, office broadly to mean “any protective or disruptive measure, response by Congress to perceived vide details to the servicer regarding or department that can provide assis- including, without limitation, cryptography, enciphering, abuses in the real estate settlement “other information sought by the bor- tance to the borrower; or 3) conduct- encoding or a computer contaminant, to prevent access, process and an attempt to protect rower.” RESPA makes clear that even ing an investigation and providing the make the information unusable or disrupt the use of the consumers from unnecessarily high this “other information” must relate borrower with a written explanation network.” As a result of the passage of the Nevada Law, settlement charges resulting from to the servicing of the loan in order to or clarification that explains why the any business that operates in that state is obligated to en- those abuses. One of the three gen- classify the inquiry as a qualified writ- requested information is unavailable crypt all of its customers’ personal information when it eral requirements imposed on mort- ten request. Servicing can be loosely or cannot be obtained, and the spe- will be sent electronically, unless the transmission is by fax. gage servicers under RESPA is a defined as receiving any payments cific contact information of an indi- requirement to respond to written from the borrower due under the loan. vidual, office or department that can Massachusetts inquiries from the borrower. In order provide assistance to the borrower. Jennifer M. Miller On Sept. 19, 2008, the OCABR issued the comprehensive to elicit the mandated response from Servicers have begun to receive writ- Jenny practices in the area of Litiga- Massachusetts Regulations, which require businesses that the mortgage servicer, however, the ten requests containing more than just Most, if not all, cases interpreting tion at Sirote. She received her J.D. own, license, store or maintain personal information of from Indiana University School of Law Massachusetts residents to create a comprehensive, written borrower’s inquiry must be a qualified inquiries into the servicing of the loan; violations of RESPA deal with the in 2008. Jenny received her M.A. in information security program and establish and maintain written request under the RESPA stat- many requests also demand documenta- failure to respond within a timely man- 2003 and her B.A. in 2001 from the a computer security system. The Massachusetts Regula- ute. When a mortgage servicer receives tion and details regarding the mortgage ner or to determine whether written University of Alabama-Birmingham. tions apply to all businesses that possess personal informa- application process and origination of or oral communication between the tion about a Massachusetts resident even if the business is the loan, as well as other demands that borrower and servicer constitutes a not located in the state. The effective date for compliance “Because RESPA is a remedial do not appear related to the servicing qualified written request. The courts with the Massachusetts Regulations was originally set for of the loan. While some requests, or have failed thus far to substantively Jan. 1, 2009, but has been pushed back until Jan. 1, 2010. act that is designed to protect portions of the requests, may certainly address whether a servicer is required consumers, erring on the side contain legitimate servicing inqui- ries, these especially lengthy written to respond to inquiries contained in an otherwise legitimate qualified written Kelly B. Roney Each company's security program will be evaluated on a case by case basis taking into consideration: 1) the size, requests appear to be a tactic borrowers request that do not relate to the ser- Kelly practices in the areas of Corporate scope and type of business of the company obligated and Real Estate Law as well as Busi- of caution in situations where use to effectively forestall an impend- vicing of the loan. For example, it has ness and Financial Services. She re- to safeguard the personal information under such com- ing foreclosure. These delays, however, been held that merely providing pay- ceived her J.D. from The University of prehensive information security program; 2) the amount a servicer is faced with a lengthy can be very costly and time consum- off quotes containing an itemization Alabama School of Law in 2008 of resources available to the company; 3) the amount of ing for servicers, who typically must of charges to the account, but provid- and her B.S. in Finance from The stored data; and 4) the need for security and confidential- inquiry that is purported to postpone the foreclosure proceedings ing no explanation of each charge, will University of Alabama in 2001. ity of both consumer and employee information. It is and incur additional legal fees in order not constitute a sufficient response to also important to note that the obligations imposed by be a qualified written request to adequately address the requests a legitimate qualified written request. the Massachusetts Regulation include the responsibility to and reschedule the foreclosure sale. ensure that third-party service providers that do business is probably the best response.” Because RESPA is a remedial act that with a covered entity are applying security measures at Servicers are required to address a is designed to protect consumers, err- least as stringent as those required of the covered entity. a qualified written request, RESPA qualified written request, by provid- ing acknowledgement of receipt of ing on the side of caution in situa- tions where a servicer is faced with R. Michael Murphy Conclusion Mike practices in the area of The emerging legal trend is clear. Regulators are placing in- sets forth specific statutory require- the borrower’s correspondence within a lengthy inquiry that is purported ments Beardsley Robin J.that the servicer must com- 20 days, and taking certain substan- to be a qualified written request is Corporate Law. He received his J.D. creasing obligations on businesses to provide security for from Vanderbilt University School ply with in responding to the request, tive actions within 60 days of receipt probably the best response Servicers of Law in 2007 and his B.A. sensitive data. The multi-state scope of many companies and the nature of electronic commerce may effectively or face penalties for noncompliance. of a qualified written request, includ- must be sure, however, that any such from Vanderbilt University in 2004. make laws like those of Massachusetts applicable nation- ing: 1) making appropriate corrections response meets the statutory require- wide. If a company is not currently subject to a legal ob- A qualified written request is a writ- to the borrower’s account; 2) conduct- ments set forth in RESPA, as a failure ligation to implement information security procedures, it ten correspondence that contains or ing an investigation and providing the to do so could leave the servicer sub- probably will be in the near future. Businesses that collect enables the servicer to identify the borrower with a written explanation ject to the variety of penalties avail- personal information of customers or employees should name and account of the borrower. or clarification, including the reasons able to borrowers under RESPA. be aware of these requirements and consider taking It must also either include a statement the servicer believes the borrower’s steps to implement an information security program.
Pages to are hidden for
"Erring on the Side of Caution"Please download to view full document