Best Practices Policy #3- Privacy and Information Security: First Action Title Agency has adopted the following policies and procedures to document our information security program to protect Non-public Personal Information as required by local, state and federal law (including the Gramm-Leach-Bliley Act) require. The program is appropriate to the size and complexity of our company and the nature and scope of our activities. Compliance with the following procedures is required of all employees and failure to comply with the procedures outlined herein will be grounds for immediate termination of employment.
Our company recognizes we must take necessary and appropriate steps, within our capabilities, to protect Non-public, Personal Information (NPI) from loss or misuse to avoid reputational damage and to prevent the use of this data from adversely impacting our customers and business. The protection of this data is a critical business requirement, yet flexibility to access the data and to work efficiently with it was also considered in the development of this policy. This policy will be evaluated annually, and adjusted in the event our business operations change or in light of relevant circumstances.
For the purposes of this policy Non-public Personal Information (NPI) is defined as “First name or first initial and last name coupled with any of the following: Social Security Number, Driver’s license number, state issued ID number, credit card number, debit card number or other financial account numbers.” "Personal Information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
A. Physical security of Non-public Personal Information (NPI)
To help ensure the physical security of all Non-public Personal Information we will:
B. Network Security of Non-public Personal Information
To help ensure the secure collection, transmission, and storage of Non-public Personal Information within our network we will:
C. Disposal of Non-public Personal Information
To help protect and properly dispose of Non-public Personal Information we have:
D. Establish a Disaster Management Plan
The company has established a Disaster Management Plan (attached). This plan helps ensure adequate back-up, recovery and business continuity procedures for our company. This plan is reviewed and updated annually or as appropriate.
E. Appropriate Management and Training of Employees to Help Ensure Compliance with the Information Security Program of First Action Title Agency .
To ensure appropriate management of our policy, and employee training regarding the Company’s information security policy we:
F. Notification of Security Breaches to Customers and Law Enforcement
To ensure proper notification of security breaches to our customers and law enforcement we will: