Q: I’ve been hearing a lot about the need to encrypt e-mails in order to prevent the disclosure of sensitive, personal information they might contain. Are title agents required to encrypt their e-mails? If so, how do we go about that and exactly what information should we be concerned about protecting?
A: Yes, title agents are required to encrypt e-mails. That is one of many steps agents must take to protect “non-public, personal Information (NPPI) and meet the data security standards financial institutions will demand of the vendors with whom they do business.
The information you must protect begins with the obvious: Social Security Numbers, driver’s license numbers and credit card numbers ―the “Holy Grail” of data protection. But data protection concerns for title agents don’t end there. Any information contained in the closing file is considered NPPI during the closing process. Information that might otherwise be considered public — the names of the buyer and seller, the property address, and the loan amount, for example – must be treated as NPPI from the time the closing file is created until after the closing has been completed.
If you discuss closing transactions in e-mails – and it is hard to imagine that you don’t – then you should be encrypting those messages and any others containing NPPI. You have two encryption options: Policy-based and hands-on.
Policy-based encryption uses software that can be programmed to identify and automatically encrypt specific formats or data sets. The alternative is to rely on staff to spot and encrypt information that should be protected. Policy-based encryption is more expensive, but it also removes the potential for human error. You don’t have to worry that someone may encrypt information that needn’t be encrypted, or, much worse, fail to encrypt information that should be protected, creating the risk of a data breach and the liability resulting from it. For our money, the liability protection and peace-of-mind it provides make policy-based encryption well worth the added cost.
Some agents worry that encryption will inconvenience their clients but that’s a minor concern, if it’s a concern at all. Recipients will have to create a log-in and password, but they only have to do that once. After that, they will simply enter their log-in information to receive encrypted messages. It’s an extra step, but not a big one and one with which most of the industry professionals receiving your e-mails are already familiar.
If you opt for policy-based encryption, there are many software programs from which you can choose. WFG recommends Echoworx. It is compatible with virtually any e-mail program and is sold through Cloudstar, which gives WFG agents a 20 percent discount.