Continuing with our Summaries of the ALTA Best Practices, we turn our attention to the Best Practice that has likely drawn the most attention. . .protecting data and information. Pillar #2 is entitled “Information and Data Privacy. In today’s modern era, replete with Cyber Criminals, taking steps to protect our clients’ private data has become critical. Which data you ask?
You will need to become acquainted with the term Non-public Personal Information or NPI for short. NPI is defined as “Personally identifiable data such as information provided by a customer on a form or application, information about a customer’s transactions, or any other information about a customer which is otherwise generally unavailable to the general public.” NPI includes the obvious, a client’s name coupled with a social security number, drivers license number or credit card number. Less obvious, it includes information related to a transaction suchas the lending institution and loan amount for any particular deal.
In addition to taking steps to safeguard our clients’ NPI, we must have written procedures in place and your respective offices must comply with those procedures. I have listed below some, but not all, of the things you will need to be doing in order to comply with Pillar #3. The best tool that I have seen to drafting the appropriate written polcies and procedures is First American’s CAP Program (see side bar on left-hand side of this Newsletter).
1. Securing NPI in the workplace, including, but not limited to, secure networking and messaging;
2. Restricting Access to NPI to authorized employees only;
3. Performing background checks on employees with access to NPI;
4. Prohibiting and controlling the use of removable media from the workplace;
5. Establishing a Disaster Management Plan;
6. Training employees so that they comply with Company procedures;
7. Overseeing third party vendors and suppliers to prevent breaches;
8. Implementing procedures to actively and continually improve your Company’s security Program
Many of you have discussed with each other or your co-workers the effect these requirements will have on our work lives. Many of us will need to change the way we work. We can no longer have files open on our desks when we are not in the office. Offices, filing cabinets and computer that contain NPI will have to be locked up to prevent security breaches. It’s a Brave New World.