Landmark's Seven Best Practices | ALTA Guide
Best Practice #3 | Information and Data Privacy
Landmark Title has taken measures to guard against unauthorized or unlawful processing of personal data and against accidental loss, destruction or damage.
- Adopting an information security policy (this document is our policy)
- Taking steps to control physical security (projects and staff records are all kept in a locked filing cabinet)
- Putting in place controls on access to information (password protection on files and server access)
- Establishing a business continuity/disaster recovery plan (including, at a minimum taking regular back-ups of its computer data files and this is stored away from the office at a safe location)
- Training all staff on security systems and procedures
- Detecting and investigation breaches of security should they occur
- Personal data is to be collected only for the purpose specified.
Data collected is to be relevant but not excessive for the purposes required.
- On an annual basis, title insurance application forms and any other forms that we use is reviewed to confirm that we are not asking for irrelevant information.
- Data is not to be kept for longer than necessary for the purposes collected including complying with applicable laws.
Within 30 days of closing
- Files are scanned into our secure server and paper copies are stored in a secure area onsite and offsite storage.
- Files are moved to locked files in a secure location in our office.
- We protect the data with appropriate technical and organizational measures to minimize the risk of unauthorized or unlawful processing and against accidental loss or destruction or damage to personal data.
- Servers are stored in locked facilities with access limited to:
- Remote access to files is available only to our IT technician whom we trust implicitly.
- Data is not removed from the office, except when contained on/within appropriately secured data transmission methods.
- Paper files are never removed from the office except as needed for a remote closing.
- Remote access is not provided to our server for employees.
- When access is provided, the following security measures are in place: It is a condition of remote access to the office network by staff that their home computers also have anti-virus software installed which is regularly updated with the latest virus definitions.
- We employ shred-IT firm which takes care of secure, confidential paper shredding.
- Access to data whether current or archived is provided to those individuals who, in the course of performing their responsibilities and functions, must use the specified data.
- Access is limited to the following job positions: Landmark’s Information Technology principal only.
- All data on the network is protected by Symantec anti-virus software that runs on servers and workstations, and is updated atuomatically with on-line downloads from the McAfeeSAS website / vie updates received on CD. (Use as applicable. This includes alerts whenever a virus is detected.)
Any viral infection that is not immediately dealt with by IT Tech is notified to the two principals of Landmark.
- All user data is backed u to tape automatically on a daily basis, using an appropriately secure system for fast indexing and data restoration.
- A full server backup to tape takes place weekly.
- Daily and weekly backups are securely stored in a room remote from the server room and reused on a fortnightly basis.
- A half-termly archive tape is preserved, and for the next half-term is securely stored off-site, in case of catastrophic system loss such as school-wide fire.
- A separate business continuity plan is established.
- We are presently looking into email encryption in preparation of new CFPB laws. Also may purchase Spyware Business Version entitled “Malware Bytes” which updates each individual station 8 times per day. We have purchased Cyber Insurance as a segment of our Errors & Omissions Coverage effective 4/17/15.
Landmark Title Agency’s Seven Best Practices
(click on image to review full document)