Regulation P – Gramm-Leach-Bliley Act
The financial services industry is rapidly changing and being shaped by technology, which is literally changing the way Vision Mortgage Group in lieu of true Corporate Name; Vision Mortgage Group (VMG) conducts its business. To be successful in this environment, VMG must continue to grow and ensure that its customers are confident that their financial affairs will be expertly and confidentially managed.
VMG customers have access to a broad range of products and services such as conventional fixed rate & adjustable mortgages, government fixed rate & adjustable mortgages, portfolio fixed rate and adjustable mortgage, and several other mortgage products. To deliver these products and services effectively and conveniently, VMG uses technology to manage and maintain certain customer information while ensuring that customer information is kept confidential and protected.
The safeguarding of customer information is an issue that the Board of Directors of Vision Mortgage Group takes seriously. The Board maintains its continuing commitment to the proper use and protection of customer information, and has established and affirmed the following Principles of Privacy as the Consumer Privacy and Information Security Policy (the “Policy”) of Vision Mortgage Group. This Policy and the accompanying Principles are in compliance with the Gramm-Leach-Bliley Act (the “Act”) and Regulation P, Privacy of Consumer Financial Information. This Policy will be used to guide VMG in serving the privacy needs of its customers, and protecting confidential information.
Customer’s Expectation of Privacy. VMG believes the confidentiality and protection of customer information is one of its fundamental responsibilities. While information is critical to providing quality service, it is recognized and understood that one of VMG’s most important assets is the trust of its customers. The safekeeping of customer information is a priority for VMG.
Collection, Use, and Retention of Customer Information. VMG limits the use, collection, and retention of customer information to what it believes is necessary or useful to conduct its business, provide quality service, and offer products, services, and other opportunities that may be of interest to customers. VMG will carefully handle information it obtains about a visitor to its web site. VMG believes that the
Confidentiality and protection of its web site visitor information is another of its fundamental responsibilities.
Anytime someone visits the site, the following information is collected and stored:
- Name of the domain from which they access the Internet;
- Date and time;
- Internet address of the web site they left to visit us;
- Names of the pages they visit while at our site; and
- Internet address of the web site they then visit.
To do this, the VMG’s web server will write a “cookie” to the individual’s hard drive upon their first visit to the site. This electronic file is tracked during the visit and helps the VMG understand which parts of its site visitors find most useful and where they are likely to return over time. This information allows VMG to improve the site and make it more useful.
If a consumer submits an online application or sends an e-mail:
- VMG may enter the information into its electronic database.
- Consumers may also be contacted for additional information.
- Most of the forms on the VMG’s web site use encryption to send information across the Internet. This is the case where confidential information, such as account numbers or social security numbers, is requested.
- VMG has requested that consumers do not send confidential information via e-mail. E-mail is not necessarily secure against interception. If the communication is very sensitive, or includes personal information such as account numbers, credit card numbers, or social security numbers, we have instructed the consumer to call us or send the information by regular mail instead.
- VMG will not obtain personally-identifying information about any consumer when they visit our site unless they choose to provide such information to us.
Maintenance of Accurate Information. VMG recognizes that accurate customer records must be maintained. To accomplish this, VMG has established procedures to maintain the accuracy of customer information and to keep such information current and complete. These procedures include responding to requests to correct inaccurate information in a timely manner.
Limited Employee Access to Information. VMG employee access to personally identifiable customer
Protection of Information via Established Security Procedures. VMG recognizes that a fundamental element of maintaining effective customer privacy is to provide reasonable protection against unauthorized access to customer information. Therefore, VMG has established appropriate security standards and procedures to guard access to customer information.
Restrictions on the Disclosure of Customer Information. When sharing customer information with unaffiliated companies, VMG places strict limits on both the specific information shared and on who receives information about customer accounts or other personally identifiable data. Information is specifically identified as “Public Personal Information” and “Non-Public Personal information.” VMG may share Public information with such companies if they provide a product or service that may benefit customers. In sharing public information, VMG carefully reviews the company and the product or service to ensure that it provides value to customers. VMG shares the minimum amount of information necessary for that company to offer its product or service.
VMG will not share Non-Public Personal Information except as permitted by law in the course of its business (for example, with consumer reporting agencies and government agencies; when legally required or permitted in connection with fraud investigations and litigation; in connection with acquisitions and sales; in the audit process or the secondary market sale of loans; and at the request or with the permission of a customer).
Maintaining Customer Privacy in Business Relationships with Third Parties. If the broker provides personally identifiable customer information to a third party with which VMG has a business relationship, it will insist that the third party keep such information confidential, consistent with the law and the conduct of the business relationship.
Customers who have questions regarding the privacy of their information will be directed to contact Vision Mortgage Group. at its toll free telephone number (815-555-5555) or to email VMG at firstname.lastname@example.org.
This Policy provides for general guidance and does not constitute a contract or create legal rights and does not modify or amend any agreements the Bank has with its customers.
Information Security Objectives.
Customer information is a valuable asset and must be protected against accidental or intentional misuse. Customer information must be kept secured and confidential, and safeguarded against unauthorized access by non-VMG personnel, and must not be sold, exchanged, or given away without prior written consent of the customer.
Working with Independent Service Providers.
As VMG periodically works with independent service providers, it must ensure that providers have security programs that meet the security objectives of this Policy.
Threats to Security Controls.
VMG must take all measures possible to identify immediate or potential threats to VMG’s information security controls, including:
- Proper disposal of confidential information
- Securing of confidential information
- Computer access to confidential data
- Employee violations of the Policy
- Computer hackers
- Unauthorized transaction to customer accounts
- Password integrity
Any breaches or attempted breaches of security must be reviewed and reported to the appropriate legal authorities, the Executive Committee, and the Board of Directors. To comply with VMG Consumer Privacy and Information Security Policy, each department will have written procedures to support this Policy.
Review and Revision of Information Security Program.
This Consumer Privacy and Information Security Policy will be reviewed and revised annually by the Board of Directors, or its appointed committee.