Coldwell Banker "Housetrology" Quiz uncovers intangible homebuying influences – NMP Skip to main content

Coldwell Banker "Housetrology" Quiz uncovers intangible homebuying influences

National Mortgage Professional
Aug 13, 2008

November deadline set for FACTA identity theft rule: Will your business be ready?Jim DeGeronimo Sr.FACTA, FTC, identity theft, red flag rule Identity theft has become the number one crime in America! It is growing so quickly, primarily due to data breaches. The Federal Trade Commission (FTC) has determined that most of the information stolen is taken from the workplace. In an effort to stop or at least curtail these mounting occurrences, old laws have been revised and new ones created. They compel businesses who handle non-public information to be much more responsible. The new identity theft red flag rule puts the mortgage industry directly in the line of fire! No less than seven federal government agencies collaborated to draft and pass this new legislation. Think about it: How many customer records do you have in your office? Hundreds? Thousands? Think about every file cabinet, storage box, laptop or hard drive in your office. If you lost even a fraction of those records, would you have $1,000 per record on-hand to pay in fines? The numbers are terrifying, and the fines are real. Saturday, Nov. 1, 2008 is the compliance deadline for this Fair and Accurate Credit Transaction Act (FACTA) red flag rule. The red flag rule targets all businesses with credit-based customer relationships, and specifically calls out the mortgage industry. If this is the first time you've heard of the red flag rule, time is short to become compliant. "The red flag rule is an indicator of a larger trend that we've seen in both legislation and in court decisions," said Bryan Thornton, the director of information security planning for idBusiness. "Businesses and business owners are being held to a higher standard. They are entrusted with safeguarding customer data, and if they are negligent in that regard, they will face some pretty serious consequences." There are seven main stipulations of the red flag rule that your plan must meet to be considered compliant: 1. You must have a formal, written identity theft prevention program Putting your plan in writing shows that your organization has undertaken a formal process to address information security, and that you have done more than just think about the problem. 2. Controls must mitigate and prevent the risks associated with identity theft What does this mean? Basically, in order to address the entire organization and all of its vulnerabilities, your plan must be cross-disciplinary. It cannot just be the information technology department's problem to solve, but must include operational and administrative controls as well. 3. The plan must be administered by a board of directors or by senior management The key success factor in any information security program is senior management's involvement. Senior management is, ultimately, legally and financially responsible in the event of a data breach. 4. A compliance report must be generated on at least an annual basis This stipulation encourages accountabilityit makes sure that a final policy does more than sit on a shelf. Fortunately, the law does allow an organization to seek external advice for the best way to maintain an ongoing program. 5. The plan must be updated periodically Criminals evolve in their tactics, and your organization must evolve as well. As new threats emerge and new means to protect your company become available, it makes sense to revisit your policy and update it to reflect the changing times. The technical nature of many information crimes means that the people who perpetrate these crimes are smart, savvy and ahead of the curve when it comes to finding new ways to hack a system. Its up to you to try and stay ahead of those criminals. Training your employees about the acceptable use of your network and information resources is vital to maintaining a secure environment. Its good practice that pays off in the long run. 6. The plan must include an incident response capability, should you experience an internal breach of information The difference between the best programs and the rest of the programs is that the best expect incidents to occur and are prepared to respond. Being prepared reduces response time, financial losses, and damages to brand integrity and your reputation. Incidents happen! 7. The plan must also account for the risks associated with vendors, suppliers and third parties Many data breaches have been the result of poor third-party controls. Ultimately, under this law, you will be held responsible for your vendors, and as such, your vendors must also be held accountable for the information you give them. The red flag rule became law on Jan. 1, 2008. FACTA extended a grace period to businesses, giving them a deadline of Saturday, Nov. 1, 2008 to become compliant. If your business does not have a red flag-compliant information security program in effect before Saturday, Nov. 1, you will be in violation of FACTA. Jim DeGeronimo Sr. is president of Majestic Security LLC. He may be reached at (888) 331-2332 or e-mail [email protected]
Published
Aug 13, 2008
Hometown Lenders Adds 9 Branches in 4 States

Adds locations in Oregon, Washington, Alaska, and North Carolina.

Industry News
May 23, 2022
Mortgage Industry Will Soon Be ARMed To The Teeth

ARM loans might be a saving grace to borrowers who recently purchased a home, but it comes with risks.

Industry News
May 20, 2022
Battle Between Loan Originators Gets Sparkly and Dirty

Flowers is suing both Durosko and Peevey for these pranks, demanding compensation for their harmful acts, but that doesn’t tell the whole story. 

Industry News
May 18, 2022
FirstClose Receives $35M Investment From Lateral

Fintech says it will use the investment to expand its growing financial services footprint.

Industry News
May 18, 2022
Mortgage News Network Launches Podcast On Helping Underserved Borrowers

'Gated Communities' looks at why homeownership gap is increasing, and what lenders are doing to reverse the trend.

Industry News
May 17, 2022
Class Valuation Appoints EVP Of Valuation Modernization

Cristy Conolly will focus on removing bias from the equation in appraisals.

Industry News
May 17, 2022