ALTA Urges Congress to Develop Uniform Rules on Data Protection, Collection

March 18, 2019

ALTA submitted a letter to the Senate Committee on Banking, Housing and Urban Affairs on the collection, use and protection of sensitive information by financial regulators and private companies

ALTA urges Congress to develop national, uniform rules to guide businesses about how to protect data and to ensure consumers are notified of breaches in a timely and consistent manner.

“Data privacy, protection and collection standards should recognize differences in the sensitivity of the data, the risk of harm to the consumer if its exposed and the reasonable ability of businesses, based on their size, to implement different safeguards,” Justin Ailes, ALTA’s senior vice president of policy, wrote in the letter.

In its letter, ALTA explains that information is frequently provided by the consumer for the real estate sales contract and the deed. If a consumer is buying or selling the real estate or applying for a loan with others, each additional borrower must provide information as well. Often state law mandates this information be retained by businesses for a long period of time, typically seven years.

Since this information is necessary to buy and sell real estate, and obtain a mortgage loan, it is not feasible to provide consumers more control over the use and retention of their financial data. This makes the “opt-in” or an “opt-out” features of many proposed data privacy laws unworkable.

However, ALTA says that legislation could require additional third parties to comply with the Gramm Leach Bliley Act (GLBA), including the Safeguards Rule. This existing regulation requires a financial institutions—including title insurance companies and agents—to develop, implement and maintain a comprehensive information security program that consists of the administrative, technical and physical safeguards the financial institution uses to access, collect, distribute, process, protect, store, use, transmit, dispose of or otherwise handle customer information.

“By broadening the Safeguards Rule, consumers could be given more control over and enhance the protection of consumer financial data to address the practice by some contracted service providers in a real estate transaction to also present consumers with agreements to use the consumer’s data in other ways, for purposes not core to the service or product offered to the consumer for that transaction,” the letter says. “Consumer protections are needed to maintain data privacy in these situations.”

ALTA also supports a national standard to ensure consumers are notified of breaches in a timely and consistent manner. A single federal law will provide consumers with clarity regarding the scope of protections of their personal information and will eliminate disparity in consumer rights and protections based solely on the consumer’s state or residence or location of the business. Data is now typically shared electronically across jurisdictional boundaries. Physical location of the consumer or the business should not be a factor in consumer protection. It is important for consumers served by the industry to have the same set of safeguards and protections in place, regardless of the state jurisdiction.

“Consider the confusion that can result when data is breached from a single data storage location of a company that conducts business in multiple states,” the letter says. “The company will have to attempt to follow myriad timing and formatting requirements for sending information about the same incident to similarly-impacted customers whose only point of differentiation is the state where they reside. Along with equal protection for consumers, a single national standard will eliminate compliance and operational uncertainty.”


Contact ALTA at 202-296-3671 or communications@alta.org.

110021