Tips on Improving Policies to Protect Private Information
|August 15, 2013|
The third pillar of ALTA's “Title Insurance and Settlement Company Best Practices” provides information on adopting and maintaining a written privacy and information security plan to protect Non-public Personal Information (NPI) as required by local, state and federal law.
NPI includes first name or first initial and last name coupled with any of the following: Social Security Number, driver’s license number, state-issued ID number, credit card number, debit card number, or other financial account numbers.
A plan to protect NPI must be appropriate to the company’s size and complexity, the nature and scope of the company’s activities, and the sensitivity of the customer information the company handles. For a small agency, a one-page memo placed in a file drawer may be sufficient, as long as the steps are followed. For a large company, the safeguards program may be more complex.
Most important, lender customers who are federally regulated or insured and other business partners will require that companies with which they contract have programs in place to safeguard customer information. Consequently lenders will require that title insurers and settlement agents have a safeguard program in place.
Frank Pellegrini, ALTA’s president, suggests title companies post their written privacy policies in the office.
“This will help employees understand why they should have a clean-desk policy, why there needs to be network security, why computers are password protected and why the bank relationship must be secure. There must be communication and employees must be trained,” Pellegrini said.
Title companies should also take precaution when working with contract closers. Bill Burding, general counsel of Orange Coast Title Co., said title companies should have contract closers sign a Gramm-Leach-Bliley disclosure.
A privacy program should have the following: