1 / 0

Best Practice Pillar #3:

Best Practice Pillar #3:. Securing NPI. Mary Schuster Mike Murphy. How Did We Get Here?. Gramm-Leach-Bliley Act Enacted to control the ways that financial institutions deal with the private information of individuals consisting of three sections:

berget
Télécharger la présentation

Best Practice Pillar #3:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Best Practice Pillar #3:

    Securing NPI Mary Schuster Mike Murphy
  2. How Did We Get Here? Gramm-Leach-Bliley Act Enacted to control the ways that financial institutions deal with the private information of individuals consisting of three sections: The Financial Privacy Rule, which regulates the collection and disclosure of private information The Safeguards Rule, which stipulates that financial institutions must implement security program to protect private information The Pretexting Rule, which prohibits accessing private information using false pretenses
  3. How Did We Get Here? The CFPB Responsible for consumer protection in the financial sector Authorized by the Dodd-Frank Act in 2010 in response to the financial crisis of 2007-08 Service Provider Memo of 4/13/12 extends some GLB service providers of the lender Has developed new rules and forms related to the closing of a real estate transaction
  4. How Did We Get Here? ALTA Advocacy on behalf of title agents related to proposed CFPB regulations Educated the CFPB on the value of the title industry and title agent Formed a task force that worked with the CFPB related to changes Created Best Practices as industry-wide proactive offering of Standards – as opposed to waiting for each lender to set individual standards Worked with title agents to review and comment on the proposed CFPB changes
  5. How Did We Get Here? But what does the coming together of these parts really mean? Lenders have a greater responsibility than ever before Responsible for title agents and their processes, practices and procedures used in transactions Ultimately responsible for title agency 3rd party vendors Notaries Cleaning staff IT service providers That’s 4th party level responsibility and that got the Lender’s attention!
  6. The Solution ALTA’s answer…Best Practices 7 Pillars ALTA/Underwriter/Software Vendor Tools Webinars Readiness Assessments Certification Pillars 1, 2, 4, 5, 6, 7 Pillar 3
  7. What Do We Need To Do? Develop a security program to protect NPI – Electronic & Paper Identify where NPI exists in your organization Data in use Active order data within Title Production Software Active order data in paper files Active order data in documents (Word, Excel, etc) Documents at the closing table Data in motion Any order data moving along your network Any order data being shared with other parties Data at rest Inactive order data within Title Production Software Inactive order data in data warehouse Offsite backups, tapes, etc.
  8. What Do We Need To Do? Develop a security program to protect NPI Examples of NPI The obvious SSN/EIN Credit card numbers The little less obvious Bank or credit card payoff statements Insurance, retirement, divorce or tax information Dates of birth How about this one? Buyer/Seller names with property address on a HUD on an active order? Yep, that’s NPI until the data is recorded
  9. What Do We Need To Do? Develop a security program to protect NPI Ask questions about your operation Do you have a clean desk policy? Are you shredding sensitive documents? If you use a shredding service are documents to be shredded secured? Does you scanning solution have levels of security to limit access? Are all files locked and secured? Common area stand-ups? Do you conduct background checks of employees? How often?
  10. What Do We Need To Do? Develop a security program to protect NPI Ask questions about your operation Are devices password protected and are they locked down at night? Are your servers secure with limited access? Do you destroy old hard drives of computers and copiers? Are mobile devices secure and can they be remotely wiped clean? How are paper files secured that leave the office or are with couriers? Do you have oversight of service providers to be sure they secure NPI?
  11. What Do We Need To Do? Develop a security program to protect NPI Ask questions about your operation Does your office and work areas have secured entry points with individual access codes or keyed access? Do you control the use of removable media devices like flash drives? Do you have Disaster Recovery and Business Continuity plans? Do you have audit procedures to insure that staff comply with security measures and procedures? Are email and attachments containing NPI encrypted?
  12. What Do We Need To Do? Develop a security program to protect NPI Ask questions about your operation Are you restricting personal email accounts? Does a training program for employees related to protecting NPI exist? Do you have guidelines and controls for use of company technology that has access to NPI?
  13. What Do We Need To Do? Develop a security program to protect NPI Build company policies, educate staff and review regularly Clean Desk Policy Acceptable Use Policy Password Policy Information Technology Electronic Asset Disposition Policy Security of Information and Records Policy Privacy of Personal Information of Consumers and Customers Policies Exception Standard Firewall Policy Vulnerability Scanning Policy
  14. Do’s And Don’ts Do continue to educate yourselves Do take action – get started as this is a process. Compliance is a continuous journey, not a destination. Do ask questions and get help Do train your staff members about NPI Do review your Security Program Do become compliant – get certified
  15. Do’s And Don’ts Don’t be this title agent
  16. Do’s And Don’ts Don’t be this title agent
  17. Business Continuity and D/R Business Continuity How we work when we can’t get to work or when equipment isn’t available Can Business Continuity be built into our systems? Disaster Recovery What we do when resources are gone for good or gone for an extended period of time Recovery Point Objective Recovery Time Objective Developing the process to determine if/when to enable Disaster Recovery Testing
  18. Systems and Design Application Database Storage Web Email Nice 10 years ago – Today’s grade F
  19. Back To Basics Application Database Storage Web Email Nice 10 years ago – Today’s grade F
  20. Server For Each Function Application Database Storage Web Email
  21. Clustering – 2 or more servers working together Application Application Database Database Storage Storage Web Web Email Email
  22. Single Points Of Failure Application Application Database Database Storage Storage Web Web Email Email Getting better– Today’s grade C-
  23. Single Points Of Failure + Disaster Recovery Application Application Application Database Database Database Storage Storage Storage Web Web Web Email Email Email Getting better– Today’s grade B
  24. Introducing High Availability Application Application Database Database Storage Storage Web Web Email Email
  25. High Availability + Disaster Recovery Application Application Application Database Database Database Storage Storage Storage Web Web Web Email Email Email This is it! – Today’s grade A+
  26. Emerging Trends Best Practices Lender Questionnaires Pressure on Lenders for not 3rd Parties but 4th Parties Build It or Lease It Cloud Basics
  27. Where Do We Go For Help? State Land Title Associations American Land Title Association Best Practices www.alta.org/bestpractices Underwriters Webinars, White Papers, Checklists Op2 bestpractices@op2online.com
  28. Contact Information Mary Schuster – RamQuest/op2 mary.schuster@op2online.com mschuster@ramquest.com Mike Murphy – op2 mike.murphy@op2online.com
More Related