If you are a mortgage broker or mortgage originator to do business in Massachusetts you need to understand how MGL93H and Regulation 201.CMR.17 affects how you need to handle personal information and manage your business in the future. Value March 1, responsible for the safety and security of the residents of Massachusetts personal information is collected, handled or stored by you or staff in 2010 Licensed mortgage brokers. Mortgage company must have a written plan, known as blob “Written Information Security Plan” in place and followed, not only to protect the safety and security of the personal information of customers, but also to protect your business. Below is a checklist to help you plan and develop a plan that you need to go.
The Commonwealth of Massachusetts put MGL 93H that identifies security breaches and regulations in possession of personal data of each of the Commonwealth of Massachusetts residents. Regulation 201 CMR 17:00 implements the provisions of the Act and describes what you need in order to achieve compliance.
What does 201 CMR 17 mean for Mortgage my business?
201 CMR 17:00 sets minimum requirements for the protection of personal data in the Massachusetts party. It does not matter if this personal information is stored in a file cabinet, desk drawer or on a database network, you are responsible for safety and security as set forth in 201 CMR 17, Massachusetts, as many countries in response to the growth of identity theft and the put the responsibility on the companies (for example, mortgage brokers) to follow a set of requirements to effectively protect the identity of those who might use it improperly or illegally. As a mortgage broker, these rules affect how you do business and who you do business with. If authors phone, processing staff or even others may be part of a loan transaction, such as a lawyer, real estate agent or credit bureau has access or store personal information about borrowers or your prospects (who live in Massachusetts), such as their name along with
- Social Security number
- Credit card
- Licensing driver
- Other state issued identification information
then these policies will affect them too and you are responsible for taking steps to meet and manage the collection, treatment, storage and distribution of this personal information. This means you need to protect yourself and your company and only share personal information with companies that you confirm in accordance with 201 CMR 17
This rule is not just about customers and clients. If you are located in the Commonwealth of Massachusetts and workers who live in Massachusetts and you keep your job application, copy of driver’s license, employee interviews, record or payroll information that the 201 CMR 17 to you and you will go.
So What steps should I take to be in compliance?
key 201 CMR 17:00, the development, implementation, maintenance and monitoring of a comprehensive written information security program (Wisp). This Wisp is intended to address the treatment and storage of all documents containing personal information. In addition to creating and maintaining Wisp, you need to identify the part of the program. This includes :.
- designate one or more employees to maintain Wisp
- Identify and assess foreseeable internal and external risks to the security and confidentiality of any personal information that you can handle the store
- Limit the amount of personal information collected what is necessary to carry out the transaction.
- Identify all areas, and storage devices used to store personal information and develop a plan for their safety.
201 CMR 17:00 goes further to address Computer System safety. The Commonwealth of Massachusetts has claims technology to be compatible. These requirements should be discussed with IT professionals. They affect not only servers, but desktop computers, laptops, scanners and copiers network. Things to discuss include:
- Secure authentication protocol
- Ensure access control measures such as restricting access to data and manage passwords and user.
- encrypt data transmission along with all data on mobile devices such as laptops and PDAs.
- Ensure that there are current versions of security software such as anti-virus system.
- Training employees about information security
A lot of discussion about the theft of personal information have been associated with laptops in the media. Personal information can be compromised and stolen while being stored on computers or transmitted electronically, but this critical data can also be stolen while sitting on your desk or in an unlocked file cabinet pm on paper too. Even how to dispose of this information is important to keep in mind, as you are responsible for even that you throw in the dumpster. Shredding and disposal services a key part of any successful Mortgage Company Wisp. The goal MA MGL 93H and 201 CMR 17:00 is changing the way business looks personal information and important steps that must be taken for their proper collection, use, storage, transportation and destruction.
Securing personal information not only protects your customers but also your company against fines and lawsuits and make sure you’re in compliance with 201 CMR 17 and develop and implement Mortgage Company Wisp now.