Which person holds primary responsibility for privacy and disposal of personal information within a mortgage entity?

Ownership of privacy and disposal of personal information in a mortgage entity rests with the person who oversees the entire loan process. The Principal Lending Manager holds primary accountability because they manage the full loan lifecycle—from application through closing and post-close activities—so they control how borrower data is collected, stored, accessed, shared with third parties, retained, and finally securely destroyed. This role coordinates with Compliance to ensure privacy controls are actually implemented, with IT to secure data systems, and with vendors for third-party handling. While the Compliance Officer sets policies and monitors adherence, the day-to-day privacy practices and data-disposal decisions in the lending workflow are owned by the PLM. The Branch Manager and the Loan Processor participate in data handling and execution, but they do not own the privacy program across the organization.