Is Your Email Secure? Maybe Not.
In 2016, over 250 million email accounts were hacked. This should be a cause for concern to notaries when you consider the amount of non-public information our emails contain. A breach of an email account could result in loss of business, damage to reputation, restitution to injured parties and more.
We decided to reach out to Christopher Cury of Notary Transfer, an email encryption solution for notaries, and ask some questions so we would have a better understanding surrounding email encryption.
Why is it important for a notary to have an encrypted email?
The Legal Answer:
This depends entirely on what kind of documents the notary is notarizing. It also depends on what kind of data is being emailed to and from the notary. If the information contained within the email is about a financial transaction, parties to a financial transaction, details about a financial transaction (even if the email does not contain documents about the financial transaction), then one may interpret that email as containing non-public personal information.
But why? Because it is the law according to the Gramm-Leach-Bliley Act passed in 1999. The Gramm-Leach-Bliley Act addresses issues of consumer privacy. It answers the question “What is a financial institution?” — and the answer in part is: Brokering loans, servicing loans and the big one, providing real estate settlement services. As a notary, do you have access to information provided by any those services? Do they notarize any loan documents, settlement documents, mortgage notes? Do you send emails discussing a pending real estate transaction? (SOURCE: Gramm-Leach-Bliley Act)
The Federal Trade Commission’s “Safeguards Rule” is the enforcement arm of the Gramm Leach Bliley Act. Under Title 15 (Chapter 94, Subchapter I, U.S.C. Sec. 6801(b), 6805(b)(2). Source: 67 FR 36493, May 23, 2002, unless otherwise noted), Section 314.3 establishes Standards for Safeguarding Consumer Information whereby one must 1) Ensure the security and confidentiality of customer information; 2) Protect against the anticipated threats and hazards to the security or integrity of such information; and 3) Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer. (SOURCE: Federal Trade Commission Safe Guards)
Email, in of itself, is not safe. This is a proven fact that has been litigated. Email is not safe because it can be easily intercepted by hackers, anyone working at an Internet Service Provider, or anyone with a network sniffer. As such, by not encrypting it, the notary is failing to protect consumer information under FTC Federal Register 16 CFR Part 314.
The Real-World Answer:
The passage of the Dodd-Frank legislation gave birth to the CFPB or Consumer Financial Protection Bureau. This government regulatory body is self-funded, meaning it subsists on the fine it levies against financial institutions. Under CFPB guidelines, the CFPB holds banks accountable for the actions of third-party and fourth-party vendors of a financial transaction. Title companies are third-party vendors. As such, the American Land Title Association has developed a set of standards called the ALTA Best Practices.
The standards help title companies stay out of trouble and in the good graces of lenders. When lenders see that a title company is compliant, secure, and taking data protection seriously, they are more apt to give them more business. Why? When a lender does business with a secure title company, it represents less financial risk to them.
More and more title companies are vetting their vendors -- and they’re choosing to only conduct business with vendors who prove they adhere to a data security standard. Title companies don’t want to risk fines, law suits and being banned from conducting business with lenders over a data breach. As such, they too need to be careful with whom they conduct business. Therefore, they will become choosy when selecting a notary. Does that notary encrypt email? Or is there a risk of disclosing information considered by the government to be non-public information?
Aren’t yahoo, Gmail and AOL encrypted?
Yes, No, and You Don’t Know. Yahoo, Gmail, and AOL try to send messages encrypted via TLS encryption. That’s like sending a package via your favorite carrier such as UPS or FedEx. But what if the recipient doesn’t support TLS encryption? The answer is, your email gets delivered anyway, unencrypted -- just as if UPS or FedEx was secure, but delivered your package and just left it on someone’s doorstep where anyone could open it and steal the contents. That’s not very secure, is it?
In other words, there is no system in place by which to ensure the receiving party supports and accepts secure delivery – thus, the email is may be sent NON-ENCRYPTED. So, to answer the question, Yahoo, Gmail and AOL are only encrypted sometimes. You’re playing Russian Roulette with the law when sending consumer data through those services.
What are the benefits to using a cloud based system?
Almost all email encryption systems these days are cloud based. The benefits are many. First, you do not need to purchase additional server hardware, set up your own mail server, buy firewalls, and then hope that it all works after spending thousands of dollars. Cloud based services just work.
For more information visit www.NotaryTransfer.com
Marcy Tiberio is a Contributing Writer with the American Association of Notaries