Utah adopted rules amending the Utah Residential Mortgage Practices and Licensing Act (URMPLA). Under the adopted rules, a mortgage entity licensed under the URMPLA must notify, in writing and without unreasonable delay, each affected customer of a suspected breach of the mortgage entity’s security system (if misuse of the customer’s personal information occurs or is likely to occur as a result of the suspected security breach). The adopted rules also require mortgage entities to maintain all customer information acquired in the application or lending process as part of the mortgage entity’s records. In addition, the adopted rules require a principal lending manager of a mortgage entity to establish policies and procedures to ensure customer privacy, customer information security, encryption of data, and password management (including a cyber-security policy that requires each teleworking employee and sponsored originator to use a secure virtual private network maintained by the sponsoring mortgage entity). The rule adoption went into effect August 8, 2023.
Click to view the Utah RA 102229: https://www.tenaco.com/wp-content/uploads/2023/08/UT-RA-102229-08-16-23.pdf
