Skip to main content
Search the Guide:

A3-4-01, Confidentiality of Information (01/31/2017)

Introduction
This topic contains the following:

General Requirements

A seller/servicer often obtains confidential information about borrowers, security property, Fannie Mae technologies, products or services and Fannie Mae’s business when performing underwriting, origination, selling, servicing, or other activities under the Lender Contract or when previewing technologies, products or services (“Confidential Information”).

Confidential Information includes nonpublic personal information (NPI) and all of the following:

  • information relating to

    • technical specifications;

    • product development strategy and activity;

    • pricing and financial information;

    • designs;

    • unpublished patent applications;

    • inventions;

    • improvements;

    • writings and other works of authorship;

    • trade secrets;

    • drawings;

    • models;

    • software (including source code and object code), algorithms, and flow charts; and

    • other documentation;

  • all other confidential, proprietary, or trade secret information which a reasonable person would recognize as such, or which is specifically designated as confidential; and

  • any compilation or summary of the foregoing when disclosed by or on behalf of Fannie Mae to the seller/servicer.

The following table describes Fannie Mae’s requirements related to Confidential Information.

The seller/servicer must...
  Take appropriate steps to ensure the security, integrity, and confidentiality of Confidential Information.
  Comply with all relevant applicable laws and regulations, including laws protecting borrower privacy.
  Not disclose Confidential Information to third parties, without Fannie Mae’s prior written approval, except on a need-to-know basis to the seller/servicer’s partners, affiliates, officers, employees, directors, contractors, counsels, agents, or representatives, provided they are subject to confidentiality obligations at least as stringent as those set forth in this topic.

Note: These restrictions do not apply to the extent the seller/servicer is required to disclose the Confidential Information by applicable law, provided that the seller/servicer

  • uses all reasonable efforts to give Fannie Mae notice at least ten business days prior to such disclosure; and

  • discloses only that portion of the Confidential Information that the seller/servicer’s legal counsel determines is legally required to be furnished, and request that the information remain confidential.

The requirement to provide Fannie Mae notice is waived if the seller/servicer

  • is required by law to disclose in confidence Confidential Information in response to requests from a governmental agency, regulator, or self-regulatory authority that has authority to regulate or oversee the seller/servicer’s business (including bank examiners, securities examiners, and regulators’ inspector general offices); and

  • formally requests that the information be treated in confidence and exempt from the Freedom of Information Act (FOIA) and other open records laws requests.

  Not use Confidential Information in any way that could be viewed as
  • a conflict of interest

  • a breach of confidentiality or privacy, or

  • the gaining of an unfair advantage from the seller/servicer’s relationship with Fannie Mae.

  Implement commercially reasonable measures meeting or exceeding industry standards to ensure the security, integrity, and confidentiality of Confidential Information, including:
  • using industry-standard encryption for data in transit and virus checking programs designed to prevent the transmission and receipt of viruses and other malicious code,

  • instituting appropriate disaster recovery and back-up procedures,

  • instituting appropriate procedures to prevent disclosure of data and other materials to a party other than the intended recipient, and

  • employing methods for securely disposing or destroying such information.

Note: These measures must meet, at least, the same level of protection that the seller/servicer seeks for its own information of a similar nature. The seller/servicer must collaborate with Fannie Mae in assessing the sufficiency of these measures and the seller/servicer’s information security program, upon reasonable request from Fannie Mae.

  Promptly notify Fannie Mae’s Privacy Office (see E-1-02, List of ContactsE-1-02, List of Contacts) in writing of any loss or unauthorized use, disclosure of , or access to Confidential Information and take all steps reasonably requested by Fannie Mae to mitigate the consequences of such breach.

The seller/servicer must have the borrower’s authorization to disclose borrower NPI, unless permitted by applicable law, and may disclose information about a borrower’s payment history to a third party if the borrower submits written authorization. The information disclosed must be accurate, complete, and easily understandable.

Fannie Mae may seek immediate equitable relief to enjoin any unauthorized use or disclosure of Confidential Information, in addition to all other rights and remedies it may have at law or otherwise.


Loan Quality, Loan Performance Data and NPI

Fannie Mae may at times share loan quality and loan performance data and other NPI with the seller/servicer in compliance with permitted purposes outlined in the Gramm-Leach-Bliley Act and other applicable privacy laws. The seller/servicer must use such data only for those limited permitted purposes.


Feedback on New Products, Product Upgrade, or New Service Offering

The seller/servicer may provide feedback in connection with a new product, product upgrade, or new service offering yet to be released by Fannie Mae in the marketplace. The feedback may include comments and recommendations. When the seller/servicer provides feedback, it grants Fannie Mae an unlimited, worldwide, perpetual, and irrevocable license under the seller/servicer’s intellectual property rights, without duty to account, to disclose, incorporate, practice, deploy, or adapt such feedback.


Specific Transactions or Dealings

For specific transactions or dealings, the seller/servicer and Fannie Mae may enter into a separate written confidentiality agreement. This separate agreement will control in case of conflict with the provisions of this topic. In addition, the seller/servicer and Fannie Mae may also agree in a separate written agreement that the confidentiality obligations set forth in this topic will apply to Fannie Mae.


Fannie Mae Obligations

Fannie Mae will not disclose confidential information received from a seller/servicer in furtherance of this Guide to a third party, except as required or permitted by law.


Exclusions from Confidential Information

The obligations in this topic do not apply to information that

  • is or becomes public through no fault of the seller/servicer,

  • was previously known or is disclosed to the seller/servicer free of any obligation to keep it confidential, or

  • is independently developed by the seller/servicer without reference or access to the Confidential Information.


Recent Related Announcements

There are no recently issued Announcements related to this topic.