Non-public Personal Information or NPI!
Regular readers of Hallmark Abstract Service articles are hopefully aware that along with what we believe to be interesting information, every once in a while we will write an article containing what we believe to be critical information!
This is one of those times for the latter as the sanctity and security of non-public information has moved to the forefront of business in light of both regulatory requirements and the increasing threat of cyber attacks that every company, regardless of industry, is now facing.
What is NPI? ‘NPI includes first name or first initial and last name coupled with any of the following: date of birth, Social Security number, driver’s license number, state-issued ID number, credit card number, debit card number or other financial account numbers.‘ (Source: ALTA)
The Title Insurance Industry
For a title insurance provider, our most critical job is to protect our clients as they prepare to make what may be the largest financial transaction of their lives.
We do this by ensuring that the property they are buying will be 100% theirs once the deed is transferred and that no one can come back afterwards and claim that in fact they are the rightful owners.
But our obligation to protect our clients starts well before a title insurance policy is ever issued which, for the purposes of this discussion, includes the protection of non-public information or NPI!
While much of the information concerning a property comes from the public records on file in a town hall available for all to see and access, some of the information concerning an actual transaction may be relevant to the participants themselves and, as such, NPI.
One of the tools that Hallmark Abstract Service uses to protect this data is our ability to encrypt our email.
What is email encryption and why do you need it?
‘Even if you never email sensitive information–social security numbers, banking info, business secrets, and so on–you should consider using encryption. Aside from capturing your email content and attachments, a miscreant could hijack your entire email account if you failed to secure it properly.
To secure your email effectively, you should encrypt three things: the connection from your email provider; your actual email messages; and your stored, cached, or archived email messages.‘ (Source: PCWorld)
So given the importance of email encryption, what are some of the components that a company should be looking for when choosing a provider?
Fortunately, in this months title industry publication TitleNews, five tips were provided on this very topic!
Five Tips for Selecting Email Encryption
Get into compliance with the third pillar of ALTA’s Best Practices and protect yourself against breaches that can result in non-public personal information (NPI) being exposed through email. Even if email is hacked, if it is encrypted, it is considered protected. Here are five tips for selecting an email encryption solution:
Tip 1: If the Solution Feels Too Complicated, It Probably Is Employees must be able to easily conduct business using the email encryption tool or they’ll turn to less-than-secure methods. And there must not be any additional burdens placed on the recipient. Ease-of-use is of utmost importance—for the user and the recipient.
Tip 2: Look for Policy-based Gateway Filtering NPI can be exposed through the email itself or in associated file attachments. Look for a solution that can filter messages and a wide variety of file attachment formats. The technology should be able to combine pattern matching and exact matching to specific data lists when scanning for NPI that you don’t want leaving the company in an unencrypted state.
Tip 3: Require Easy Handling of File Attachments A solution must let users easily send large files with NPI as email attachments without getting IT involved, while still maintaining compliance and control. Without this capability, workers often use unauthorized file sharing services. Most of these services do not encrypt the data, thus exposing the company to risk.
Tip 4: Make Sure You Can Demonstrate Compliance Eliminate solutions that cannot provide extensive logging and reporting. These tools are necessary to help manage operations, as well as provide details for audits and proof of compliance. Effectiveness cannot be proven if it cannot be measured. This is a must have.
Tip 5: Ensure Secure Inbound Communication Robust email encryption solutions provide a way for customers or business partners to start a secure email exchange without the need to install or use complicated encryption software of their own. Look for a solution that provides a secure portal through which outsiders can initiate secure inbound messaging.Google+