Printer-friendly version

REDX Non-Public Service Privacy Policy

This policy applies to the Real Estate Data Exchange (“REDX”) Non-Public Service operated by Teranet Services Inc. (“Teranet”). REDX is a risk-management service provided to entities involved in originating, servicing, insuring, and trading mortgage loans in Canada. The REDX Non-Public Service contains information provided by REDX Subscribers regarding alleged fraud, misrepresentation and misconduct by mortgage and real estate industry professionals and/or companies.

Principle 1 – Accountability

Teranet is responsible for maintaining and protecting personal information under its control and complies with all applicable privacy and access to information laws. Teranet has appointed a Privacy Officer who is accountable for compliance with information practices and procedures at Teranet.

Principle 2 - Identifying Purposes

The purposes for which Teranet collects and uses personal information, through the REDX Service, is to facilitate the investigation and prevention of fraudulent activity within the real estate industry. Teranet operates the REDX Non-Public Service, a centralized database, where Subscribers to the REDX Non-Public Service can file information relating to alleged property related fraud in Canada. Subscribers include persons, companies and entities involved in the property marketplace such as: financial institutions, insurers, government, professional regulatory bodies, mortgage brokers, organizations and persons that originate, service, insure or trade mortgage loans, and law enforcement. The REDX Non-Public Service contains information on professionals in the real estate industry, not consumer or non-industry related parties. Subscribers to the REDX Non-Public Service are trained to explain the purposes for collecting the information described below to any individual who asks for an explanation.

Subscribers, using REDX Incident Reports, deposit information into the REDX Non-Public Service. Incident Reports consolidate incident information about alleged fraud, material misrepresentation and misconduct.

Information on the following types of fraud, misrepresentation and/or misconduct may be included in the database and in reports, but is not limited to:

Property related information
Overvaluation, misrepresentation of property characteristics, conditions not released at closing.

Employment related information
Forged or altered employment letter or employment reference, inflated income.

Identification
Forged or altered identification, the use of a ‘straw’ borrower, nonexistent individuals, multiple unrelated borrowers.

Equity
Account statements not belonging to the borrower, equity withdrawn prior to closing, full or partial down payment paid directly to the vendor.

There are three primary uses of the REDX database:

·                       REDX Information is used, by Subscribers, to evaluate the suitability of arrangements or professional parties in a current or contemplated business relationship with Subscribers;

·                       To support a specific Subscriber investigation into loans that may involve fraud; and

·                       Queries to aggregate statistics, undertake specialized and customized queries against the database, support subscribers in their investigations, and communicate with customers.

Information provided by a Subscriber as part of the application process will be used for access and use of the REDX Non-Public Service; for example: to set up accounts, issue user names and passwords, verify identity and to deliver guides and training materials.

Principle 3 – Consent

Teranet has developed the REDX Non-Public Service to provide Subscribers with tools and information they can use in the detection and prevention of property-related fraud, misrepresentation and misconduct. It may be inappropriate in these circumstances to obtain the consent of persons who are the subject of the information being deposited to the REDX Non-Public Service. When information is being collected for the detection and prevention of alleged fraud, material misrepresentation and misconduct, seeking consent from the subject may defeat the purposes of collecting the information. Furthermore, Teranet does not have a relationship with such persons, companies and entities that are the subject of Incident Reports (“Database Subjects’) and therefore is not able to seek consent.

Teranet strongly recommends that Subscribers obtain written consent from the Database Subjects. However, in many cases obtaining consent will not be possible. Non-Public Personal Information collected, used and disclosed by Teranet without consent will be in accord with section 7 of the Personal Information Protection and Electronic Documents Act, S.C. 2000 c. 5.

Principle 4 - Limiting Collection

Information collected by Teranet is limited to that which is necessary for the purposes of operating the REDX Non-Public Service. The information in the REDX Non-Public Service will be used by Subscribers to aid in the detection and prevention of fraud, misrepresentation and misconduct in real property related transactions. REDX Non-Public information consists of information regarding alleged fraud, material misrepresentation and misconduct perpetrated by a mortgage industry professional, that is deposited via Incident Reports and supplementary information submitted by Subscribers. Subscribers may only collect information submitted to the REDX Non-Public Service by fair and lawful means. Consumers and other non-professionals who may be a party to a transaction are not named and personal information related to non-professionals is not included in the REDX database. Information collected may include, but is not limited to, the following:

·                       The name of the person submitting the report together with the name of the Subscriber. This information is used for internal Teranet purposes to verify that an authorized organization or individual is submitting information. This information shall not be disclosed to third parties unless required by law.

·                       Originating Entity information including the name of the company and/or individual who originated/approved the loan or transaction, where known. This includes: company address, professional and/or company licence number, date of birth, business name, other identifying references i.e. AKA, cob, acronyms, other license types, or identification numbers. Detailed identification information is required so that Subscribers receiving REDX Incident Reports can make the most positive identification possible of a Database Subject.

·                       Description of the incident including: the date of the incident, the property information to which the incident relates, supportable facts relating to the incident, the name of mortgage industry professional(s) or corporation(s) who perpetrated a wrongdoing, the name of industry professional(s) or corporation (s) associated with the incident.

·                       Professional of Record information, where applicable, including: full name of the professional, the professional’s company name and/or employer, business address, Business Number, license information, type of professional and other identifying references. A Professional of Record is a professional or company that participated in the transactions but is not necessarily involved in the alleged fraud, misrepresentation or misconduct being reported.

·                       Method and level of verification of the facts related to the incident.

Principle 5 - Limiting Use, Disclosure and Retention

Limiting Use and Disclosure

Use of REDX Non-Public Service will be limited to the purposes described above, unless the Database Subject has otherwise consented, or when such use is required or permitted by law. Specifically, information in REDX Non-Public Service will be used by Subscribers to detect and prevent fraud, misrepresentation and misconduct in the property marketplace. The REDX Subscriber Agreement, Legal Terms and Conditions and the REDX Policy and Procedures Guides govern how Subscribers may use and disclose non-public data obtained from REDX. Incident information received by Subscribers may not be republished or shared with parties outside of their companies. All REDX Information received by Subscribers shall be held in strict confidence. Teranet is an independent third party operator of the REDX Service that receives Incident Reports from Subscribers and provides Incident Reports to other Subscribers without revealing the identity of the report-submitting Subscriber. The operation and use of the REDX Non-Public Service does not entail any direct contact between or among REDX Non-Public Subscribers.

Retention

REDX Non-Public Information is only active and available to Subscribers to the Non-Public Service for a maximum of 10 years from the date of its inclusion in the REDX Non-Public Service. Inactive Non-Public information is archived but is still available to provide Teranet with the ability to recreate the transaction histories and data sets as required for legal and audit purposes.

Principle 6 – Accuracy

Agreements for the Non-Public Services place certain obligations on Subscribers who submit Incident Reports to Teranet. Each subscriber is obligated to ensure the information contained in its Incident Reports is complete, true and accurate. Incident Reports must be factual and based on the Subscriber’s own direct investigation or the investigation of an agent of the Subscriber.

Teranet reviews the information in each Incident Report prior to inclusion in the REDX Non-Public Service for compliance with the REDX Policies and Procedures Guide but does not confirm the content or validity of the information. Proposed edits are provided to the submitting Subscriber and, once approved, are made available in the REDX Non-Public Service. Where a submitting subscriber indicates that the incident Information has changed, due to new information or subsequent developments regarding the incident, changes to an Incident Report may be made. Updated REDX Incident Reports are provided to all Subscribers in good standing who received the report during the previous two (2) years.

Principle 7 - Safeguards

The REDX Non-Public Service is a secure method to contribute and receive information relating to alleged real property fraud, misrepresentation and misconduct. For the internet based Non-Public Service Teranet employs the use of 128-bit SSL encryption. The REDX Non-Public Service is a subscription service open to Subscribers that have a compliance department. Information contained in the REDX Non-Public Service is held in a secure environment as described above and only accessed by Teranet, its consultants, agents, etc. and Subscribers.

Each Subscriber is required to identify a limited number of Users who can access the Non-Public Service on behalf of the Subscriber. Users must not share their password. Each User is also provided materials and training on the use of the REDX Non-Public Service and its operating procedures, including obligations relating to protecting the confidentiality of REDX Information, as part of a subscription to REDX.

Principle 8 – Openness

Upon request, the Policies and Procedures Guides for the REDX Services may be made available. All Subscribers receive a copy of the REDX Policy and Procedures Guides.

Principle 9 - Access

Access to the REDX Non-Public Service is limited to: (a) the Teranet Group, its affiliates and their contractors, employees and agents; (b) Subscribers’ and (c) Database Subjects, (to a limited extent Database Subjects are persons, companies and/or entities named in REDX Incident Reports). Database Subjects may request Teranet to search the REDX Non-Public Information to determine if they are named in any Incident Report. These reports, or parts thereof, that relate to the Database Subject may be disclosed. Prior to receipt of REDX Information, the Database Subjects must sign a non-disclosure agreement and agree to keep REDX Non-Public information confidential. A reasonable processing fee may be charged.

Access requests may be submitted through the REDX web site at www.redx.ca or to the Teranet legal department. Database Subjects may submit a written statement relating to the information contained in an Incident Report and Teranet may, if requested to do so in writing, add an approved statement (2,000 word limit) to an Incident Report. If a Database Subject alleges there is an error in a report, Teranet will refer the allegation of error to the Subscriber that submitted the Incident Report for investigation. If an Incident Report is subsequently updated or amended, Teranet will provide an updated Incident Report to all REDX Non-Public Service Subscribers in good standing who received the original report during the previous two years.

Principle 10 – Challenging Compliance

You may direct any questions or complaints with respect to the privacy principles outlined above or about Teranet practices by contacting the REDX Privacy Officer at:

123 Front Street West, Suite 700, Toronto, Ontario M5J 2M2

Telephone: 416 360-8863 x2702
Fax: 416 360-7473
E-mail: PrivacyOfficer@Teranet.ca

If you are not satisfied with a REDX response to a complaint, or are otherwise not satisfied with respect to Teranet's handling of personal information, a complaint may only be made in writing to:

The Office of the Privacy Commissioner of Canada

112 Kent Street

Ottawa, ON

K1A 1H3

Telephone: 1-800-282-1376

Website: http://www.privcom.gc.ca

REDX Non-Public Service Privacy Policy

Teranet Legal - Version 2.5 - February 2006

Copyright © 2004-2006 Teranet Services Inc. and its suppliers. All rights reserved.