|A document management vendor spills files onto the street|
Who's Touching Your Clients' Data?
In the image above, it's clear that the driver could have taken the opportunity to capture some information from those loan files. Why weren't the boxes sealed? These are some of the elements that a site inspection of a vendor can reveal. Always review your vendor's procedures.
Today most of our files are transmitted electronically. One client used this as a rationale for not having locked file cabinets in a shared office space. But the reality, upon inspection, revealed "relics" all over her office. Copies of documents she scanned were in shadow files. Other printed material was left in folders on desktops. We overlook that our landlords and cleaning crews have access to the physical space. Always lock your cabinets and leave a clean desk.
Nevada, New York, Pennsylvania and Other Picky RegulatorsA slew of requests from Nevada and New York reveal that these regulators have identified the information security weaknesses in our offices. They demand companies have an information security plan, which includes a vendor approval process.
For brokers, particularly, this may seem like overkill, since they don't even have a chance to approve attorneys, appraisers and credit bureaus. They can only use companies previously approved by the investor or wholesaler. However, it makes sense in the context of the level of diligence the lender or broker uses in having the protection of customers' non-public information top-of-mind. Don't send customer information to anyone unless you have ascertained they have received screening from another regulated entity. Better yet, screen them yourself.