ShareFile Blog

Is your NPI data traversing the internet unprotected?

Personal data protection concept. Cabinet full of files and folders. 3D rendered illustration.

Non-Public Information (NPI) data is personally identifiable financial information, such as social security numbers, account numbers, driver’s license numbers, loan amounts, income, and the like. NPI data must be stringently protected in order to ensure that your personal identity is not compromised.

Banks and other financial-related entities are excruciatingly aware of the importance of protecting NPI. They must adhere to strict regulatory requirements and are frequently audited to ensure compliance. These financial institutions must govern themselves in such a manner so as to extensively protect your NPI.

For example, when you open a bank account over the internet, the data that you enter is secured via SSL/TLS encryption and typically masked via asterisks during the session. All data is transferred within the secured session and thus protected. In the United States, financial institutions are subject to numerous audits, principally from the Federal Financial Institutions Examinations Council (FFIEC), and there are hefty repercussions to banks and credit unions for incorrectly handling NPI data.

How NPI works in the real world

But let’s say that you are purchasing a new home. The bank and title company (as well as the real estate agent, mortgage broker, appraiser, and inspector) will request detailed information from you in order to process the mortgage, issue title insurance, and address legalities associated with the home purchase. The mortgage broker may ask you to submit copies of documents, including tax returns and pay stubs, as well as provide NPI data. Where that entity is located within the local community, you may hand-deliver the documents; or you may elect to scan them and send them via email. RED FLAG.

Let’s move this scenario to a new home that is out of the area where communications with the various vendors occur largely via email. You receive an email from the title company asking for information including social security number, driver’s license state and number, and other details. Further, you are told to provide this NPI data via return email. ANOTHER RED FLAG.

While financial institutions are heavily regulated and recognize the criticality of securing this information, many associated entities are small businesses that don’t understand and more importantly, are not explicitly required, to follow stringent guidelines regarding your personal data. Sending NPI data across the internet may compromise your identity.

Insist on security for your own NPI

When asked for personal data, be sure to say no unless the entity can provide a secure mechanism for your NPI data. While the title company, mortgage broker or associated entity probably doesn’t understand the security hole that is being created by openly requesting your NPI data via email, after reading the above information, you should raise this issue to protect yourself and demand a secure system for your personal data.

Stepping back in the technology realm, faxing or signed-for delivery packages are much safer ways to provide your NPI to the respective entity; but there is a better way — ShareFile.

How your business can secure NPI

As these associated entities become more aware of the importance of protecting your NPI data, they’ll understand that the technology behind ShareFile is conducive for small businesses to securely transmit data across the internet.

ShareFile provides a protected mechanism for securing email and sending/receiving documents, as well as securing electronic signatures. In addition to ensuring that your social security number isn’t haphazardly floating in an email message that may be compromised in transit or get routed to numerous people, loan documents and other legal instruments can be electronically signed. Further, ShareFile provides the capability for secure file sharing and upload sites so that financial data between the various entities can be communicated safely.

When engaging in a financial transaction that encompasses various vendors, be sure to ask how your NPI data will be transmitted between entities. If one or more of the companies can’t provide a firm answer as to how security is addressed, this should be raised with the entity and your financial institution as it could make the difference between your NPI data becoming openly available on the internet — or tightly secured.