Urgent Announcement
All mortgage brokers & lenders must have a Massachusetts Electronic Security Plan in place by March 1st, 2010
Pursuant to the authority granted under M.G.L. c 93H, the Massachusetts Office of Consumer Affairs and Business Regulation retroactively promulgated 201 CMR 17:00, a law requiring all financial organizations to have a written plan to protect personal consumer information.
Our office has developed a 24-chapter editable template which may be used by any size institution to serve as a comprehensive plan. This plan is available for purchase upon request. Please e-mail our Staff Attorney Rachel Horman at rachel@bankersadvisory.com with your questions or for more information about our policy guides.
Anna DeSimone
anna@bankersadvisory.com
Key Points to implementing your Electronic Security Program
1. 201 CMR 17 is a regulation that implements the provisions of Massachusetts General Law 93H which established standards for the protection of personal information about the residents of the Commonwealth.
2. All required businesses must have a comprehensive program in place by March 1, 2010 that defines security standards for computers and handling of consumer information.
3. Required Businesses include banks, thrifts, credit unions, mortgage companies, mortgage brokers and entities that own, license, store or maintain certain personal information.
4. Personal Information consists of a Massachusetts resident’s first name and last name (or) first initial and last name in combination with any of the following:
– Social Security Number
– Driver’s License Number / State-issued Identification Card Number
– Financial Account Number
– Debit or Credit Card Number (with or without security/access codes/passwords/pins)
5. Not Applicable Personal Information includes government records or information that is lawfully obtained and made available to the general public.
6. Electronic Security Program is a written plan that must reflect the creditor’s size, structure and business model. The program requires a designated employee to oversee the program, complete audits, monitor compliance and report to management.
Please email rachel@bankersadvisory.com for more information.
Bankers Advisory’s Massachusetts Electronic Security Plan
Table of Contents
1. Provisions & Requirements of MGL 93H
2. Designation of Compliance Officer
3. Program Development & Implementation
4. Employee Training
5. Definitions
6. Personal Identifying Information
7. Computer System Security Requirements
8. Safeguarding Confidential Information
9. Service Providers
10. E-mail Policy & Procedures
11. Network & Internet Policy
12. Electronic Access
13. Prohibited Activities
14. Authorized Use of Software
15. Administrative Access Control
16. Firewall Procedures
17. Data Center Security
18. Incident Response & Preparedness
19. Vendor Risk Assessment
20. Document Destruction
21. Compliance Monitoring
22. Vendor Monitoring
23. Breach of Security
24. Disciplinary Measures
Plans are fully customized with Lender Name. Editable MS Word Template and Instructions. Immediate e-mail delivery on credit card orders. Price: $600
To purchase our Massachusetts Security Plan, please email Anna DeSimone at anna@bankersadvisory.com.
Anna DeSimone founded Bankers Advisory in 1986 and is a nationally recognized authority in residential mortgage lending. She has received numerous industry awards and has authored more than 40 best practices guides and hundreds of articles.
Comments are closed.