Podcast: Protecting your customer's mortgage lending data and the California Consumer Privacy Act (CCPA)

Steven James

There’s a new piece of regulation that has the potential to impact a Lender’s policy and procedure for managing personal data. It’s called the CCPA or (California Consumer Privacy Act). It’s essential that mortgage lenders ensure their compliance for doing business in California and most likely other states in the near future.



Finalized back in 2018, this piece of legislation was modeled after the GDPR (General Data Protection Regulation) with the intent to protect consumer data being collected on websites, landing pages and lead submission forms. Even though GDPR only impacted businesses interfacing with Europe, we knew it was only a matter of time before it crossed the pond to the US. The CCPA has now come to California and likely to impact other states.

It makes sense that most Mortgage professionals aren’t aware of this kind of legislation at this point, since GDPR mostly impacted companies doing business with European citizens. Like GDPR in its limited scope, CCPA only affects lenders originating loans in California. But similar regulations are already spreading to other states including Maine and Nevada with others certain to follow.

So how do we make sure that we are compliant with our business tools? First, we need to understand CCPA’s core components of compliance:

  • The consumer’s right to request any and all personal information being collected, tracked and stored or provided to other parties 
  • The consumer’s right to request their information be removed 

In short, lenders can ensure they’re being compliant and avoid potentially costly fees by implementing a step by step process in their CRM which includes a means to suppress or remove consumer data without concern of data repopulation with import or updates via external systems such as the LOS.  

If you want to learn more on this topic or feel free to contact us.