Minor Johnston Douglas, PLLC (the Firm) takes the privacy if our clients very seriously. At all times federal and state laws shall be adhered to in the sharing of Non-Public Personal Information. Access to Non-Public Personal Information is limited to authorized employees only who have undergone Background Checks at hiring (“Cleared Employees”). Background checks will be performed on all Cleared Employees every three years thereafter
A security risk assessment shall be performed by a third party in order to minimize the Firm’s risk of a security breach. The report should include an assessment of the locations, methods for storing, processing, transmitting and storing of client information as well as assessing the risk of potential internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of non-public personal information or client information systems. The report should additionally include an assessment of the likelihood of potential damage to the firm and its clients from potential internal or external threats. Remote desk-topping capabilities shall be included in the assessment. The assessment shall be performed at regular intervals to maintain the security of our client’s information. Security of client information will be assessed prior to the implementation of any new software updates.
Client files shall not be removed from the office by anyone other than a Cleared Employee and then only to complete tasks relating to the file from home. In the event that a cleared employee does remove a file from the office, that file shall be returned the next business day. Computers with access to the Firm’s Network shall be logged off when the employee is not present. The Office Manager will be in charge of assigning all user accounts and user names. Passwords shall be changed every 90 days. Passwords shall be changed immediately when an employee leaves or is otherwise terminated. All passwords shall contain at least 8 characters of which there must be at least one capital letter and one number.
Removable media containing non-public personal information shall only be used by the express permission of a Partner of the Firm and shall be treated with the utmost care. Removable media shall be deleted as soon as practically possible. From time to time the Firm will need to buy new equipment and dispose of old equipment. In the event any equipment is to be disposed of, the hard drive of any equipment shall either be destroyed or entirely wiped clean of all data prior to the equipment leaving the premises.
Emails containing non-public personal information shall be encrypted.
Employees shall only share Non-Public Personal Information with persons and/or companies that have been authorized by the client. In the closing process we are often required to share such information with other service providers (Lender’s, Insurance Companies, . . ) in order to facilitate the closing transaction. When possible, the Firm shall obtain a written statement from the client authorizing those actions.
Client files shall be kept for at least 10 years. After a file is 3 years old, the file shall be reviewed and non-essential information shall be removed and destroyed. The file shall then be moved to an offsite storage facility. After the 10 year period has elapsed, the entire file shall be destroyed.
In the event a breach in a client’s privacy is detected, the client shall be notified of such breach as well as any lender involved in that client’s transaction and local law enforcement.
The work performed by the firm is subject to audits by its title underwriters, CFPB compliance companies and security risk assessment specialists. Each third party provider with access to non-public personal client information shall be monitored and the firm shall have access to the results of all audits, security tests, intrusion logs or other evaluations.
Locks shall be placed on the doors of all rooms within the office which may contain files with Non-public Personal information. The Office Server shall also be maintained behind locked doors.
Employees are only allowed to use company equipment for personal purposes before and after work and during their lunch break.