MISMO Releases White Paper on Data Security
|March 31, 2006|
|Identifying and Safeguarding [pdf]|
San Diego, CA – MISMO, a not-for profit subsidiary of the Mortgage Bankers Association (MBA), today announced the release of a white paper on data security produced by its Information Security Workgroup. This white paper identifies personal information data elements as specified by states, outlines data use case studies applicable to the mortgage industry, and references recommended security practices for technology policy and security breach response.
Recently, the protection of personal information has become a major concern to the private sector as well as the public sector – federal, state and local governments. The Internet and the continued emergence of distributed technology have rapidly escalated risks associated with the unauthorized disclosure of personal information. Today’s Internet-driven business environment enables unlimited availability to services for customers, employees, and trading partners, and unfortunately many organizations adopted Internet-based solutions driven by revenue or cost reduction without due consideration to adequate personal information protection.
“Combined with other recommended security practices, this white paper is an effective source of reference for the industry,” said John Simon, Chair of MISMO’s Information Security Workgroup and Vice President of Client Services, Technology Initiatives at LandAmerica Lender Services. “Identification of personal information is critical to assessing overall risk, and the list of threats and vulnerabilities is an asset when determining the likelihood of adverse events.”
The objective of the paper is to identify and recommend guidelines to prevent the unauthorized disclosure of computerized personal information, as identified by breach notification legislation. This guide is intended to help the mortgage industry with privacy protection practices, and as such, it provides guidance for developing and implementing preventive practices. MISMO believes that by suggesting guidelines for the mortgage industry that are consistent with the previously articulated recommendations of recognized standards-setting organizations, and the U.S. government, this guide provides information helpful in establishing defensible information security policies and procedures for the mortgage industry.
Information security is a rapidly developing field. As the environment develops and matures, this document will be revised to accommodate changes in law, technology and industry practices.