Office of the Australian Information Commissioner will have greater powers
Brokers are being reminded that protecting borrowers’ privacy is not just a legal requirement it’s also key to maintaining a strong client-broker relationship.
Aggregator Connective has underlined the importance of brokers doing all they can to safeguard clients’ privacy, particularly as many brokers are busy trying to close as many finance deals as they can in the lead-up to 2024, and reacting quickly can have dramatic consequences.
“The end of year rush to lodge applications and ensure settlements by Christmas, [means this is a] timely reminder to our members that it is important to check information and protect their clients’ privacy,” Connective Group counsel Daniel Oh said.
Oh (pictured above) said legislators were in the midst of undertaking privacy reforms, so understanding the practical implications of the looming changes was essential.
The reforms, which aim to provide individuals with new privacy rights and enhance enforcement powers for the Office of the Australian Information Commissioner (OAIC), mean brokers will have to avoid some potentially dangerous practices.
Oh said there had been a heightened awareness by clients of the importance of security and privacy given the number of companies experiencing breaches including Medibank, Optus and Latitude.
“Clients are hyper conscious of their personal information, and we need to be mindful that a client’s personal information is paramount,” he said.
Oh said it was vital brokers remain vigilant, stay compliant, and, most importantly, stay committed to safeguarding their clients' privacy and reinforcing the trust between the two parties.
Connective released a report on why borrowers choose brokers earlier this year, which showed the relationship between a broker and client was moving beyond the transactional and towards a valued relationship between the two parties.
Oh said despite heightened security concerns, popular communications methods such as emailing would not be outlawed but rather used with caution.
“Emails will not be obsolete, there are always clients who will use emails however there are better ways such as using our Client Centre in Mercury to send personal information,” Oh said.
“Most aggregators offer an equivalent to ensure clients’ information is protected.
“We need to be aware that while the aggregators’ platforms are secure, there is a risk when information is held in other programs such as email, cloud storage, or even on desktops etc.”
Connective has provided some real-world scenarios of mistakes brokers can make very easily that highlight the importance of these reforms and offer practical tips on how to avoid them.
Mistakes brokers can make when it comes to privacy
Scenario 1: Tax File Numbers (TFNs)
Picture this
You’re on your phone replying to emails on the go and you forward an email from your client to a lender, with the information the lender was after in the body of the email. But the email had attachments containing your client’s TFN information.
What the law says
The TFN Rule, issued under Section 17 of the Privacy Act, governs the collection, storage, use, disclosure, security, and disposal of individuals' TFN information. It's legally binding, and breaching it is a breach of both the Privacy Act and the Taxation Administration Act 1953.
Impact on brokers
If a loan application contains TFNs, it can slow down the assessment process. The file may be returned to the admin team for TFN redaction, delaying approval for the client.
Practical Tip
Utilise the redact tool available in Mercury Nexus to remove TFNs from PDF attachments to ensure smooth loan processing.
Scenario 2: Provision of Information to Third Parties
Picture this
You’re juggling several loan applications at once and you’re going on leave soon, so you need to get this all tied up by the end of the week. You’re doing your best to ensure nothing gets missed so you briefly eye-scan the documents that come through for an application for missed information.
Protecting clients’ sensitive personal information
Brokers should be cautious not to share client sensitive personal information with lenders when discussing scenarios. Without a signed privacy declaration, lenders should not receive personal identifying information.
When ordering valuations, valuers should only receive the information necessary to complete their valuations. Lenders are reporting privacy incidents to Aggregators when valuers receive documents such as client identification or other personal identifying information.
Practical tip
Only provide information necessary for the transaction, ensuring that lenders and valuers receive only what's essential, safeguarding client privacy.
Scenario 3: Audits of Loan Files
Credit checks and privacy consent
Credit checks should be conducted after the client has signed a Privacy Consent, ensuring they are aware of the process and have given their consent.
Handling personal identifying information
Brokers must provide explanations when holding personal identifying information of individuals not directly involved in the loan transaction. This includes instances where multiple individuals initially inquired about the loan but proceed with only one party.
Practical reminder
Always obtain a Privacy Consent before conducting credit checks and ensure transparent communication regarding the handling of personal information for all involved parties.
This month’s MFAA webinar, Keeping Compliant in 2024 – Top Tips and Key Themes, highlighted a number of key issues facing brokers including the need to protect customers’ privacy.
Do you think there is enough emphasis on privacy in the mortgage sector? Share your thoughts below.