3. Information & Data Privacy
Adopt
and maintain a written information security plan (“WISP”) to protect NPI as
required by local, state and federal law.
Purpose: Federal and state laws (including the Gramm-Leach-Bliley Act) require title companies to develop a written information security program (“WISP”) that describes the procedures they employ to protect NPI. The program must be appropriate to the Company’s size and complexity, the nature and scope of the Company’s activities, and the sensitivity of the Consumer information the Company handles. A Company evaluates and adjusts its program considering relevant circumstances, including changes in the Company’s business or operations, or the results of security testing and monitoring.