GLB Privacy Rule For Appraisers - Policy Statements and Opt-out Provisions
Best Practices: Do not send privacy notices to consumers brought to you by a business client. The obligation is on the institution whom the consumer directly engages.Appraisers who are indeed directly engaged by individuals must do the following:
- Provide opt-out notices of sharing of NPI, with a "reasonable opportunity" to respond (weeks or months)
- Provide new revised privacy and opt-out notices if policies change
- For “customers” only, provide an annual privacy statement reminder for the duration of the relationship
Typically, an appraiser does not share the NPI with any non-affiliated third parties except where required to process the report. Appraisers don’t usually sell or otherwise distribute their databases for marketing purposes. Most appraisers should be able to invoke the exceptions to opt-out notification as provided in sections 313.13, 313.14, and 313.15 of the act.
Under section 313.14 in particular, appraisers would not be required to send an opt-out notification nor even provide notice that sharing of the NPI has been undertaken, when the party to whom the data is disclosed is a non-financial service provider used in processing the transaction. Likewise, in cases where the appraiser was not directly engaged by the consumer, the act of providing the data to the appraiser’s service providers would not be a violation of the original client’s privacy obligations to the consumer under section 313 of the law.
Also, note that the security provisions still apply. The appraiser must be sure that the service provider provides security controls, and that they are commensurate with the appraiser’s written security and safeguards policy.
The privacy statement itself needs to address how the NPI will be handled and disclosed (if at all), how the consumer may opt out, and how the appraiser safeguards the data.
The latter is why the company’s individual safeguards policy must be in writing. The privacy statement does not need to include the full text of it, but it does need to state that the procedures are in place and are in writing.Appraisal, Real Estate , Appraiser , Blog , Technology , USPAP , RESPA, Illinois