Home > Legal
MGIC Investment Corporation, through its subsidiaries, including Mortgage Guaranty Insurance Corporation ("MGIC"), MGIC Indemnity Corporation, MGIC Assurance Corporation, MGIC Credit Assurance Corporation, MGIC Investor Services Corporation, and MGIC Mortgage Services, LLC (collectively, the "MGIC Companies"), provides mortgage guaranty insurance and other products and services to mortgage lenders, investors and loan servicers.
In the course of providing products and services to your company, you may provide us with confidential information about your company and we may independently obtain or receive from your company, lenders, loan brokers, correspondents, consumer reporting agencies and other unaffiliated third parties certain personal and financial information concerning consumers, including nonpublic personal information, as such term is defined in Title V of the Gramm-Leach-Bliley Act and regulations promulgated pursuant to that Act, and customer information and sensitive customer information, as defined in the Interagency Guidelines Establishing Information Security Standards ("Security Guidelines") and the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice ("Guidance") adopted jointly by the FDIC, FRB, OCC and OTS (collectively, "confidential information"). Confidential information about consumers collected by MGIC in connection with providing mortgage guaranty insurance includes loan application information, transaction information, such as payment history data, credit information and information related to property owned by consumers. Confidential information collected by other MGIC Companies in connection with providing other services will depend on the nature of the services provided, as described in the contract for the services.
We may retain confidential information as reasonably required in the ordinary course of our business and in compliance with applicable law. Confidential information, whether in paper or electronic format, including consumer information and customer information, will be properly disposed of in accordance with the requirements of the Security Guidelines, the Fair and Accurate Credit Transactions Act of 2003 and the related regulations, when retention is no longer required by the applicable MGIC Company.
It is the policy of the MGIC Companies to comply with all laws and regulations concerning use and disclosure of confidential information, including the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act and related regulations.
The MGIC Companies may disclose confidential information (a) to their affiliates, (b) to third parties as may be reasonably necessary to effect, administer or enforce insurance transactions, (c) to consumer reporting agencies in accordance with applicable law, (d) with the consent or at the request of your company or the consumer to whom the confidential information relates, and (e) as permitted or required by applicable law, including without limitation, pursuant to the provisions of the Security Guidelines, the Guidance, Section 502(e) of Title V of the Gramm-Leach-Bliley Act and federal and state regulations implementing such provisions. The MGIC Companies do not disclose confidential information to third parties for marketing purposes or under other circumstances that would require either that prior notice be given to the consumer or that the consumer be afforded an opportunity to opt out of such disclosure under the provisions of the Gramm-Leach-Bliley Act and related regulations.
In the case of non-insurance services, the MGIC Companies disclose confidential information to their respective clients and to such other unaffiliated third parties to whom disclosure is requested or authorized by such clients, and use confidential information only as described in the contract for services. Contracts for non-insurance services typically include provisions requiring the MGIC Companies to maintain confidentiality of information.
Consultants, subcontractors or other unaffiliated third parties who are given access to confidential information in connection with services performed for the MGIC Companies will be subject to information security risk assessment and monitoring. Such third parties will be required to sign confidentiality agreements restricting use and disclosure of confidential information to the persons who have a need to know the information in connection with the consulting assignment or service engagement, and requiring that the recipients safeguard confidential information in accordance with the Security Guidelines and our information security program, and report incidents of unauthorized access of confidential information to the MGIC Companies consistent with the Guidance.
We may automatically collect information on our server logs regarding your computer hardware and software, including your IP address, operating system, browser type, domain names, access times, service provider and referring website addresses. We may disclose this information to certain companies that provide services to us.
We, and our third party service providers, may also collect information about how you use our websites through web beacons, internet tags, embedded scripts and track navigational data. We also collect information such as the URL of the website you previously visited, the pages you visit within our websites, the links on which you click, and any transaction details (downloads, requests, etc.).
The MGIC Companies have implemented and maintain a comprehensive information security program to protect the security, confidentiality and integrity of confidential information in accordance with the objectives of the Security Guidelines and Guidance. As part of our program, the MGIC Companies have adopted and agree to maintain policies and practices designed to:
The MGIC Companies maintain physical, electronic and procedural safeguards, measures and controls for the protection, security and integrity of confidential information that are consistent with commercially reasonable standards and practices.
Security measures include access controls on computer systems, access restrictions at physical locations where confidential information is maintained, encryption of confidential information transmitted electronically, employee screening, and monitoring of security measures, both internally and in connection with confidential information disclosed to third parties, as described above.
For more information, email firstname.lastname@example.org to request a copy of our Information Security Program.
The MGIC Companies will notify your company in writing (at such address as may be specified by your company in a written notice addressed to: MGIC Information Security Director, P.O. Box 488, 250-270 East Kilbourn Avenue, Milwaukee, Wisconsin 53201-0488) of any incident of unauthorized access to your company's customer information involving the MGIC Companies or our information systems. The notice will describe the incident, the type of customer information that was the subject of the unauthorized access or use, and the measures taken to protect the customer information from further unauthorized access.
We routinely perform risk assessments of our information security program and procedures, adopt reasonable controls designed to address the identified risks, and regularly monitor the controls using both internal and independent audits and security tests. In addition, we conduct security reviews periodically and coordinate third party assessments as deemed appropriate. Internal audit findings are not made publicly available.
We will respond to reasonable requests for additional information concerning our information security program and we will cooperate with your company in order to permit you, your employees or agents, at your expense, to conduct reasonable audits at MGIC's premises of our confidential information safeguards, consistent with your company's responsibilities under the Security Guidelines and applicable banking and privacy laws and regulations, provided that you give us reasonable advance notice and your company, employees and agents agree in writing to treat any information observed and/or obtained during such audits as confidential information of the MGIC Companies and to disclose such information only to your company's directors, officers, employees, agents, regulators and examiners who need to know such information for the purposes described in this paragraph. In conducting any such audits, your company, employees and agents will not interfere with the MGIC Companies' confidentiality obligations to third parties or the protection of the integrity and security of the MGIC Companies' own confidential information. Any actual contact with our information systems in the course of such audits will be performed exclusively by our personnel, who will cooperate in good faith to provide your company, employees and agents with pertinent information.
The MGIC Companies also have developed a thorough program to prevent interruptions in our business operations. Our full-time Business Continuity Coordinators are dedicated to the development and on-going testing of recovery plans for all business units within the MGIC Companies, as well as the overall network and system infrastructure. Our business continuity program includes measures designed to provide for prompt recovery of key business functions in the event of a disaster through back-up power facilities, a hot-site recovery location and co-location of high availability applications with a leading recovery services company.
The above statement sets forth our current policies with respect to confidential information regarding your company, customers and consumers. We may make changes to our policies as we determine appropriate; however, we will notify you before any change to our policy regarding sharing consumer information with unaffiliated third parties which would require notices to be given to consumers.