Posted by ReneeK_MI on 2/19/12 3:40pm
Msg #412325
Data privacy - how it really is on the inside
I thought I'd share some of the extremes to which lenders and title agents go to in order to hold buyer/borrower data secure. Much of this is in accordance with various Federal regulation, all of it is with the intent of staying out of the courtroom. I thought it might put our position as receivers and handlers of this same data in better light. I know I've posted this *stuff* a few times, but it just seemed pertinent to conversations of late.
There must be a secure barrier between the public area and all borrower information - a locked or guarded or pass-carded door. The reception desk computers in all the places I've ever worked were on separate networks, and did not have access to the internal network (i.e. software used that held private information).
To enter into the work-area where private information is being used, you are either an employee (BGC, drug-screened, even your car scoped out while you're interviewing for the job), an escorted service-provider (shredding, copy machine servicer, supply deliver - all must be escorted), or some government inspector/regulator/auditor.
You can never leave an open file on your desk - not even to run to the copier, the bathroom, a co-worker's desk. Does it happen? Of course. Can you be fired? Yep, in a heartbeat. Screen-savers are set to engage at 30-seconds of down-time (what a PITA) and 'loan' or 'title' software is set to log you out at 60 sec of non-activity (bigger PITA).
ALL discarded documents are placed in locked receptacles for shredding. The shredding service is to be escorted on/off/in/out and the shredding is done on-premises while supervised at all times. Seriously, the BP of the division of HSBC that I worked for had to sit IN THE TRUCK while our trash was being shredded in the parking lot.
At HSBC, I worked for the wholesale lending Midwest branch - a wholesale lender has NO client-relationship with a buyer/borrower, their relationship is with the mtg broker UNTIL the loan docs are signed. Due to that - the phones were blocked from displaying Caller ID. There is ZERO risk assumed in lending, and if you were to call a borrower's phone (which you wouldn't do, but ... if you did), and his phone displayed our name - and we have no bona-fide relationship - that is a breach of privacy.
Have any kind of judgment lien filed against you - fired. Of course, it goes w/out saying that any felony criminal charges would result in the same thing. The large corporations watch for this, and I NEARLY had a lien filed against me (divorced, it was for medical care for a child that I was NOT liable for by divorce decree) - no matter, I paid. That, or lose my job.
Loan documents were uploaded to a secure, encrypted site run by a "document management" company, who was paid gobs of money to secure them. Title agents could download with a per-signing passcode, and are held liable beyond that point, per closing contract. In order for a title agent to even get that far (to be able to receive docs), they had to be "approved". To be approved, they and their u/w had to meet a stringent protocol, and we had to have a valid & verifiable CPL for each/every file.
Now and in the past few years I have been working 'inside' local title agencies - I can attest that most of the above protocols are being followed. I have been put through screening (including BGC), issued a pass-key to gain access to the internal offices but NEVER access to internal software.
I have one little story to tell to reiterate the extent of this security - I was working a frantic EOM Friday inside a large agency, and all the closing rooms were taken. An employee led me and my entourage to an 'inner office' - the office of a person who happened to be off that day, a private office w/a door, but this room was in an 'employee only' section. I did the closing, and left to make copy-pkgs, leaving the entourage there (RE Agent, buyers). When I returned, I see the RE Agent standing outside that office room, surrounded by 1/2 a dozen people in suits. Apparently, he'd thought he might use the rest-room while I was gone - NOT! They converged upon him as if he were the Unabomber the second he left that room.
If you work in a place like this, and you are terminated OR you make it known that you're leaving - a few people will walk up to you while you're at your desk, tell you your sorry story and you will immediately be escorted from the building, never to return. You will not be warned, you will not come back another day for your personal belongings - this is all to ensure that nothing you have access to is sabotaged.
And then, there's us.... hence, the perspective I've tried to illuminate.
|
Reply by JanetK_CA on 2/19/12 4:36pm
Msg #412333
Both very interesting points - and great food for thought.
I had occasion to get a glimpse of that level of security last year when I was asked to deliver a set of docs to a lender (and paid extra to do so). I thought I was approaching Fort Knox or something - even to where to park. I was never allowed inside the building (not even into the lobby). All communication was with a guard (who was very pleasant and polite, but wasn't messing around). As I recall, I still had to show ID and sign something, which included the name of the person the documents were to go to. (You can be sure the docs were in a sealed envelope!)
I've done some occasional notary work for people at their jobs at defense industry contractors and I've never seen anything quite that stringent, although I did once have to surrender my cell phone at the front desk. (I was NOT happy about that one, especially since they didn't tell me in advance, so I had no option to suggest another venue.)
|
