Evabalilk.com

The Perfect Tech Experience

    • Tours Travel

    201 CMR 17 Compliance Checklist for Mortgage Brokers! He is serving?

    admin Posted on

    If you are a Mortgage Broker or Mortgage Originator operating in Massachusetts, you need to understand how MGL93H and Regulation 201.CMR.17 affect how you should handle personal information and run your business going forward. As of March 1, 2010, licensed mortgage brokers are responsible for the security of the personal information of any Massachusetts resident that you or your staff collect, handle, or store. Your mortgage business must have a written plan, known as WISP’s “Written Information Security Plan,” that must be followed, not only to protect the security of your clients’ personal information, but also to protect your business. Below is a checklist to help you get organized and develop the plan you will need to stick to.

    The Commonwealth of Massachusetts enacted MGL 93H which defines security breaches and regulations for the protection of personal information of any Commonwealth of Massachusetts resident. Regulation 201 CMR 17.00 implements the provisions of the law and describes what you must have to achieve compliance.

    What does 201 CMR 17 mean for my mortgage business?

    201 CMR 17.00 establishes the minimum standards for the protection of the personal information of any Massachusetts resident. It doesn’t matter if this personal information is stored in a filing cabinet, desk drawer, or in your network database, you are responsible for its security as set out in 201 CMR 17. Massachusetts, like many states, is responding to growth. identity theft and you are holding those companies (such as a mortgage broker) accountable for following a set of requirements to effectively protect personal data from those who might use it inappropriately or illegally. As a mortgage broker, these regulations affect how you do business and who you do business with. If its originators, processing personnel, or even others who may be involved in a loan transaction, such as an attorney, a real estate agent, or a credit bureau, have access to or store personal information about their borrowers or prospective clients ( residing in Massachusetts), such as their first name, along with:

    • Direction
    • Social Security number
    • Credit card number
    • Driver’s license information
    • Other identifying information issued by the state

    then these regulations will also affect them and you are responsible for taking the necessary measures to comply with and control the collection, handling, storage and distribution of this personal information. This means that you should protect yourself and your company and only share personal data with companies that verify compliance with 201 CMR 17.

    This regulation is not just about customers and clients. If you are in the Commonwealth of Massachusetts and have Massachusetts-based employees and retain job applications, a copy of a 201 CMR 17 driver’s license, personnel file, or payroll information applies to you and must comply.

    So what steps do I need to take to comply?

    The key to CMR 201 17.00 is the development, implementation, maintenance and monitoring of a comprehensive written information security plan (WISP). This WISP is intended to address the handling and storage of any record that contains personal information. In addition to creating and maintaining a WISP, you will need to identify the components of the program. This includes:

    • Appointment of one or more employees to maintain the WISP.
    • Identify and evaluate reasonably foreseeable internal and external risks to the security and confidentiality of any personal information that you handle or store.
    • Develop security policies and procedures for employees and the handling of personal information.
    • Limit the amount of personal information collected to what is necessary to complete the transaction.
    • Identify all areas, storage and devices used to store personal information and develop a plan for its security.

    201 CMR 17.00 goes above and beyond to address computer system security requirements. The Commonwealth of Massachusetts has outlined the technology requirements to meet the requirements. These requirements should be discussed with an IT professional. They not only affect your server, but also desktop computers, laptops, network scanners, and copiers. Things to discuss include:

    • Protection of user authentication protocols
    • Ensuring access control measures that restrict access to records and manage passwords and users.
    • Encrypt data during transmission, as well as any data on mobile devices such as laptops and PDAs.
    • Make sure there are current versions of security software, such as antivirus, on systems.
    • Train employees on information security

    The media has linked a lot of publicity regarding the theft of personal information to laptops. Personal information can be compromised and stolen while stored on computers or transmitted electronically, but this critical data can also be stolen while sitting at a desk or in a keyless paper-type filing cabinet. It is even important to consider how you dispose of this information, as you are even responsible for what you throw into the garbage container. Shredding and disposal service are key components of any effective Mortgage Company WISP. The goal of MA MGL 93H and 201 CMR 17.00 is to change the way a business views personal information and the important steps that must be taken for its proper collection, use, storage, transportation, and destruction.

    Securing personal information not only protects your clients, but also your business against fines and lawsuits, and be sure to comply with 201 CMR 17 and develop and implement a Mortgage Company WISP now.

    LEAVE A RESPONSE

    Your email address will not be published. Required fields are marked *

    admin
    View all posts

    You Might Also Like

    TOGEL ONLINE
    Slot gacor hari ini