Privacy Plan – Central Texas Title Company
   Purpose:
             This Privacy Plan is enacted in accordance with Section 314.3 of the Federal Trade Commission Regulation which states that: “You shall develop, implement, and maintain a comprehensive security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue.”
  Below are the elements of the Central Texas Title Company plan:
  • For purposes of this plan, Sensitive Personal Information (“SPI”) is defined as a person’s first name or initial with the last name in conjunction with any one of the following:
o   Date of Birth
o   Social Security Number
o   Driver’s License Number
o   Mother’s Maiden Name
o   Debit or Credit Card Number
o   Government ID Number
o   Unique Electronic ID Number
o   Any Financial Institution Account Number or other financial information
  • The acting Escrow Manager and/or his/her designee will coordinate the plan.
  • Risks have been identified and  safeguards implemented to control risk of disclosure of SPI
o   GF files are routinely scanned, and then the related physical files are stored in a limited access area
o   Scanned files are located in a restricted-access area of the local area network server
o   Physical GF files are shredded in accordance with retention requirements of the Texas Department of Insurance
  • New employees receive a copy of the Privacy Plan
  • Posters regarding proper disposal of documents containing SPI are posted throughout the office
  • Crisscross or confetti shredders are made available to employees who have a need to destroy documents containing SPI
  • Electronic Files and Information Systems
o   Passwords are utilized to restrict access to information located in software or stored on computer equipment throughout the office
o   Files and databases with confidential information are stored on servers accessible only by employees with a legitimate business need and the type of access limited
o   Information Systems:
o   Located in secure, limited access areas
o   Anti-virus software is installed and automatically updated
o   Firewalls are in place to stop outside intervention
o   Backups performed on daily basis
o   Information transmitted is encrypted
o   Hardware Disposal:
o   Company identifiers removed from equipment
o   Hard drives re-formatted to prevent dissemination of confidential information
  • Employees are instructed to lock their computer by typing “Control, Alt, Delete” then “Lock Computer” before leaving their workstation
  • Employees are not permitted to share login or password information with other employees
  • Employees will be required to change passwords every ninety (90) days or as directed by management.
  • Employees who share password information or SPI will be subjected to disciplinary action or possible termination.
  • Terminated employees’ access to the premises and all systems are immediately discontinued or disabled upon or before termination.
  • Central Texas Title Company will purge residential closing files of non-public personal financial information that are not a part of the title agent function such as:
o   Credit reports and Loan Applications (1003)
o   IRS Forms and Reports
o   W-9
o   4506
o   Other IRS Forms containing SS Numbers and Sensitive Personal Information
  • In addition, Central Texas Title Company will destroy other documents that contain potentially sensitive information such as:
o   Phone Messages with a cell phone number or unpublished phone number
o   Messages with unlisted email address information
o   Lender documents that are being replaced with new documents (pertinent information should be removed and shredded)
o   Old HUD-1 or closing statements which disclose sales price or other non-public information