Hacker Attacks Highlight Need for Plan to Protect Sensitive Data
|April 21, 2011|
Recent high-profile attacks on corporate databases highlight the importance for every company to have readily-available legal and technical plans to address data security breaches when the inevitable happens.
As many companies learned over the past few weeks, a breach in a service provider’s network can create significant legal obligations and liabilities for them.
According to D.C.-based law firm Patton Boggs, liability can attach to a company, through its service provider, regardless of the security of the company’s own network.
To help ALTA members of all sizes safeguard sensitive customer and company information, ALTA’s Technology Committee has developed the ALTA Office Security and Privacy Guidelines.
The protection of Non-public Personal Information (NPI) is vital to the success of any title company. NPI is personally identifiable information provided by a customer on a form or application, information about a customer’s transactions, or any other information about a customer which is otherwise unavailable to the general public. Social Security Numbers, Driver License Numbers and Financial Account Numbers are always considered NPI. All of this is information that title companies should protect.
These protections are also required by federal law. With the advent of State “Notification of Breach” Laws and Federal legislation like the Gramm-Leach-Bliley Act (GLB) and the Fair and Accurate Credit Transactions Act (FACTA), all title operations should work to adequately safeguard NPI and protect their employees, clients and consumers.