A seller/servicer often obtains confidential information about borrowers, security property, Fannie Mae technologies, products or services and Fannie Mae’s business when performing underwriting, origination, selling, servicing, or other activities under the Lender Contract or when previewing technologies, products or services (“Confidential Information”).
Confidential Information includes nonpublic personal information (NPI) and all of the following:
information relating to
product development strategy and activity;
pricing and financial information;
unpublished patent applications;
writings and other works of authorship;
software (including source code and object code), algorithms, and flow charts; and
all other confidential, proprietary, or trade secret information which a reasonable person would recognize as such, or which is specifically designated as confidential; and
any compilation or summary of the foregoing when disclosed by or on behalf of Fannie Mae to the seller/servicer.
The following table describes Fannie Mae’s requirements related to Confidential Information.
|✓||The seller/servicer must...|
|Take appropriate steps to ensure the security, integrity, and confidentiality of Confidential Information.|
|Comply with all relevant applicable laws and regulations, including laws protecting borrower privacy.|
|Not disclose Confidential Information to third
parties, without Fannie Mae’s prior written approval, except
on a need-to-know basis to the seller/servicer’s
partners, affiliates, officers, employees, directors, contractors,
counsels, agents, or representatives, provided they are subject
to confidentiality obligations at least as stringent as those set
forth in this topic.
Note: These restrictions do not apply to the extent the seller/servicer is required to disclose the Confidential Information by applicable law, provided that the seller/servicer
The requirement to provide Fannie Mae notice is waived if the seller/servicer
|Not use Confidential Information in any way
that could be viewed as
|Implement commercially reasonable measures
meeting or exceeding industry standards to ensure the security,
integrity, and confidentiality of Confidential Information, including:
Note: These measures must meet, at least, the same level of protection that the seller/servicer seeks for its own information of a similar nature. The seller/servicer must collaborate with Fannie Mae in assessing the sufficiency of these measures and the seller/servicer’s information security program, upon reasonable request from Fannie Mae.
|Promptly notify Fannie Mae’s Privacy Office (see E-1-03, List of Contacts) in writing of any loss or unauthorized use, disclosure of , or access to Confidential Information and take all steps reasonably requested by Fannie Mae to mitigate the consequences of such breach.|
The seller/servicer must have the borrower’s authorization to disclose borrower NPI, unless permitted by applicable law, and may disclose information about a borrower’s payment history to a third party if the borrower submits written authorization. The information disclosed must be accurate, complete, and easily understandable.
Fannie Mae may seek immediate equitable relief to enjoin any unauthorized use or disclosure of Confidential Information, in addition to all other rights and remedies it may have at law or otherwise.
Fannie Mae may at times share loan quality and loan performance data and other NPI with the seller/servicer in compliance with permitted purposes outlined in the Gramm-Leach-Bliley Act and other applicable privacy laws. The seller/servicer must use such data only for those limited permitted purposes.
The seller/servicer may provide feedback in connection with a new product, product upgrade, or new service offering yet to be released by Fannie Mae in the marketplace. The feedback may include comments and recommendations. When the seller/servicer provides feedback, it grants Fannie Mae an unlimited, worldwide, perpetual, and irrevocable license under the seller/servicer’s intellectual property rights, without duty to account, to disclose, incorporate, practice, deploy, or adapt such feedback.
For specific transactions or dealings, the seller/servicer and Fannie Mae may enter into a separate written confidentiality agreement. This separate agreement will control in case of conflict with the provisions of this topic. In addition, the seller/servicer and Fannie Mae may also agree in a separate written agreement that the confidentiality obligations set forth in this topic will apply to Fannie Mae.
Fannie Mae will not disclose confidential information received from a seller/servicer in furtherance of this Guide to a third party, except as required or permitted by law.
The obligations in this topic do not apply to information that
is or becomes public through no fault of the seller/servicer,
was previously known or is disclosed to the seller/servicer free of any obligation to keep it confidential, or
is independently developed by the seller/servicer without reference or access to the Confidential Information.
The table below provides references to the Announcements that have been issued that are related to this topic.