Best Practice #3 | Information and Data Privacy

Security Statement

Landmark Title has taken measures to guard against unauthorized or unlawful processing of personal data and against accidental loss, destruction or damage.

This includes:

• Adopting an information security policy (this document is our policy)
• Taking steps to control physical security (projects and staff records are all kept in a locked filing cabinet)
• Putting in place controls on access to information (password protection on files and server access)
• Establishing a business continuity/disaster recovery plan (including, at a minimum taking regular back-ups of its computer data files and this is stored away from the office at a safe location)
• Training all staff on security systems and procedures
• Detecting and investigation breaches of security should they occur

Basic Principles

• Personal data is to be collected only for the purpose specified.
  Data collected is to be relevant but not excessive for the purposes required.
• On an annual basis, title insurance application forms and any other forms that we use is reviewed to confirm that we are not asking for irrelevant information.
• Data is not to be kept for longer than necessary for the purposes collected including complying with applicable laws.

Within 30 days of closing

• Files are scanned into our secure server and paper copies are stored in a secure area onsite and offsite storage.
• Files are moved to locked files in a secure location in our office.
• We protect the data with appropriate technical and organizational measures to minimize the risk of unauthorized or unlawful processing and against accidental loss or destruction or damage to personal data.
• Servers are stored in locked facilities with access limited to:
• Remote access to files is available only to our IT technician whom we trust implicitly.
• Data is not removed from the office, except when contained on/within appropriately secured data transmission methods.
• Paper files are never removed from the office except as needed for a remote closing.
• Remote access is not provided to our server for employees.
• When access is provided, the following security measures are in place: It is a condition of remote access to the office network by staff that their home computers also have anti-virus software installed which is regularly updated with the latest virus definitions.
• We employ shred-IT firm which takes care of secure, confidential paper shredding.
• Access to data whether current or archived is provided to those individuals who, in the course of performing their responsibilities and functions, must use the specified data.
• Access is limited to the following job positions: Landmark’s Information Technology principal only.

End Point

• All data on the network is protected by Symantec anti-virus software that runs on servers and workstations, and is updated atuomatically with on-line downloads from the McAfeeSAS website / vie updates received on CD. (Use as applicable. This includes alerts whenever a virus is detected.)
  Any viral infection that is not immediately dealt with by IT Tech is notified to the two principals of Landmark.
• All user data is backed u to tape automatically on a daily basis, using an appropriately secure system for fast indexing and data restoration.
• A full server backup to tape takes place weekly.
• Daily and weekly backups are securely stored in a room remote from the server room and reused on a fortnightly basis.
• A half-termly archive tape is preserved, and for the next half-term is securely stored off-site, in case of catastrophic system loss such as school-wide fire.
• A separate business continuity plan is established.
• We are presently looking into email encryption in preparation of new CFPB laws. Also may purchase Spyware Business Version entitled “Malware Bytes” which updates each individual station 8 times per day. We have purchased Cyber Insurance as a segment of our Errors & Omissions Coverage effective 4/17/15.

Landmark Title Agency’s Seven Best Practices

(click on image to review full document)