Contact Us
| 800.374.8475 |
AgentLink Login
Home
About Us
Meet Our Executive Team
Meet Our Underwriting Counsel
States Where We Are Licensed
Family Of Companies
Contact Us
Career Opportunities
Careers at NATIC
Financial Ratings
For Our Customers
Agency Verification
Lender Services
Real Estate Services
Commercial Services
STAR Agent Network
CPL Validation
Submit a Claim
Title Basics
What is Title Insurance?
Real Estate Dictionary
Useful Links
For Agents
Become an Agent
Submit a Claim
Knowledge Link
NATIC University
Webinars & Seminars
Newsletters & Reports
FAQs for CE/CLE Credit
Best Practices
BP 1 Licensing
BP 2 Escrow/Accounting
BP 3 Nonpublic Information
BP 4 Pricing/Recording
BP 5 Deliver/Remit
BP 6 E&O/Bonds
BP 7 Consumer Complaints
BP Certified
NATIC News
Best Practices
>
BP 3 Nonpublic Information
Search for:
ALTA Best Practice 3:
Nonpublic Personal Information
Best Practice:
Adopt and maintain a written privacy and information security program to protect Nonpublic Personal Information as required by local, state and federal law.
Purpose:
Federal and state laws (including the Gramm-Leach-Bliley Act) require title companies to develop a written information security program that describes the procedures they employ to protect Nonpublic Personal Information. The program must be appropriate to the company’s size and complexity, the nature and scope of the company’s activities, and the sensitivity of the customer information the company handles. A company evaluates and adjusts its program in light of relevant circumstances, including changes in the company’s business or operations, or the results of security testing and monitoring.
Procedures to meet this best practice:
1. Physical security of Nonpublic Personal Information
Restrict access to Nonpublic Personal Information to authorized employees who have undergone background checks at hiring.
Prohibit or control the use of removable media.
Use only secure delivery methods when transmitting Nonpublic Personal Information.
2. Network security of Nonpublic Personal Information
Maintain and secure access to company information technology
Develop guidelines for the appropriate use of company information technology.
Ensure secure collection and transmission of Non public Personal Information.
3. Disposal of Nonpublic Personal Information
Federal law requires companies that possess Nonpublic Personal Information for a business purpose to dispose of such information properly in a manner that protects against unauthorized access to or use of the information.
4. Establish a disaster management plan
5. Appropriate management and training of employees to help ensure compliance with company’s information security program
6. Oversight of service providers to help ensure compliance with a company’s information security program
Companies should take reasonable steps to select and retain service providers that are capable of appropriately safeguarding Nonpublic Personal Information.
7. Audit and oversight procedures to help ensure compliance with company’s information security program
Companies should review their privacy and information security procedures to detect the potential for improper disclosure of confidential information.
8. Notification of security breaches to customers and law enforcement
Companies should post the privacy and information security program on their websites or provide program information directly to customers in another useable form. When a breach is detected, the company should have a program to inform customers and law enforcement as required by law.
(Source: American Land Title Association)
For additional resources to help you adhere to the Best Practices, please visit the Best Practices section of the
AgentLink
site.
Best
Practices
BP 1 Licensing
BP 2 Escrow/Accounting
BP 3 Nonpublic Information
BP 4 Pricing/Recording
BP 5 Deliver/Remit
BP 6 E&O/Bonds
BP 7 Consumer Complaints
BP Certified
Scroll to see more...