PRIVACY AND SECURITY NOTICE

We understand the importance of protecting the privacy of your borrowers. We recognize that your borrowers' nonpublic personal information (“NPI”) belongs to you, and our goal is to treat this sensitive data carefully and in accordance with applicable law and this privacy notice.¹

COLLECTION OF NONPUBLIC PERSONAL INFORMATION

Generally, we rely upon the information you provide to us, and do not obtain NPI from other sources, except from a consumer reporting agency to supplement and confirm the information you have provided to us. The information we collect includes a broad array of consumer data that enables us to evaluate your customers' eligibility for a loan program or for mortgage insurance, such as (but not limited to) employment history, credit history and credit score, income, assets and liabilities, and similar financial information. In addition to NPI, we also collect information relating to the real property securing the loan. In limited situations, after the origination of an insured loan, we may obtain additional NPI directly from the borrower, from consumer reporting agencies, or other third parties

USE AND SHARING OF YOUR BORROWERS' NONPUBLIC PERSONAL INFORMATION

Enact will not share your borrowers' NPI with affiliated companies or third parties, except as permitted by applicable federal and state privacy laws and regulations, and as further described and limited by this notice. Enact will use and share such information only as needed to provide the services your company has requested, which may include loan underwriting, mortgage insurance underwriting and policy servicing, claims administration, and loss mitigation and recovery efforts. Enact may disclose NPI to approved vendors who help Enact perform the functions described above. Enact will require all third parties with whom it shares NPI to maintain the confidentiality of such information and to use it only for the specific business purpose for which it was provided. Enact does not share or sell your borrowers’ NPI to third parties for marketing purposes.

Periodically, borrower data that is not personally identifiable may be shared with third parties, including consultants, regulators, and industry trade groups for purposes of risk management, industry reporting, or other analytical purposes. Additionally, we will share your borrowers' personal information as required by applicable federal and state laws and regulations, including as required to comply with subpoenas, regulatory inquiries or examinations. We may also share borrower data with Fannie Mae and Freddie Mac in the course of administering the insurance coverage for loans where those entities are the beneficiaries of our insurance.

BORROWERS' ACCESS TO THEIR DATA

Please note that upon written request, your borrowers have the right to obtain a copy of the personally identifiable information we maintain concerning them, and they may request correction or deletion of any disputed information pursuant to a process described in the North Carolina Insurance Information and Privacy Protection Act.

EMPLOYEE TRAINING

To promote heightened awareness of privacy issues, we train our employees on permissible use of all NPI, and on security procedures intended to minimize the risk of unauthorized access or disclosure. Our training includes a review of the requirements of applicable privacy laws and this privacy notice.

SECURITY

In order to protect the confidentiality of your borrowers' personal information, we maintain procedures and technology designed to prevent unauthorized access to both electronic databases and paper files. These include placement of firewalls and deployment of data loss prevention and intrusion detection software. We limit access to NPI to those individuals who require such access to perform their assigned responsibilities. We also restrict access to our premises to authorized personnel via card keys and video surveillance. We will give you prompt written notice as required by law if we become aware of any unauthorized access to your data. When disposing of paper files or other tangible storage media containing NPI, such media will be shredded, mutilated, or otherwise rendered unreadable. For further details on our security protocols, you may obtain a copy of our Information Security Procedure by contacting the ActionCenter® at 800-444-5664.

We reserve the right to modify this privacy notice, but will provide at least 30 days' prior written notice of any material change. If you have any questions or comments concerning this notice, please contact the ActionCenter® at 800-444-5664.

Version date 1/25/2022

¹This Privacy Policy applies only to Enact's US-based operations.