ADM Title Services, LLC, understands and appreciates the significance of confidentiality and the information privacy of our clientele. We take our obligation to protect the information of our clientele very seriously and take all of the appropriate measures to protect all confidential/private information that we hold in-house and through our website. The entirety of the following information is provided so that all guests and clients are aware of what we do to safeguard their information.
ADM Title Services, LLC, executive management and legal representatives are responsible for managing security incidents in accordance with the Information Security and Protection Policy.
ADM Title Services, LLC, welcomes all customer inquiries and complaints and pledges to investigate and respond to such inquiries in a timely and polite manner. Our responses shall be based on a well-considered evaluation of the inquiry and contain complete and accurate information. Inquiries and/or complaints that involve particularly complex or legally based responses shall be escalated immediately to a supervisor for special handling.
ADM Title Services, LLC
Attention: Office Manager
Building 600, Suite B-1
Huntsville, AL 35801
YOUR PRIVACY RIGHTS
CHECKING THE IDENTITY OF OUR CLIENTS & CREDIT REPORTING BUREAUS
Per the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, we are required to confirm the identity of all clients regardless of their role in the transaction. It may also require that we divulge information to FINTRAC in relation to certain large cash transactions.
Also, in order for us to make credit decisions as pertains to our clients, and to prevent possible fraud, with client consent, we may request information about our clients from any/all of the consumer reporting agencies.
ADM Title Services, LLC, is fully committed to full confidentiality as well as protecting the privacy and of our clients, business partners and any/all guests of our website. It is important that you know that we are not unlike other business-based websites and we do monitor how our website is being utilized so we can continually update our content and develop content and service links that are of the highest benefit to our end users. Guests to our website are encouraged to use any/all of the tools provided, to submit suggestions or feedback, or to contact us for additional information and support. Any information you provide to us will be monitored and utilized exclusively by ADM Title Services and will not be provided to any third-party vendors. Any contact information provided to us is captured only so that we may get back to you to assist you with the specific information you are inquiring about. The ADM Title website does contain links to other websites for the convenience of our guests. ADM Title does not monitor the content of these websites or make guarantees as to the accuracy of the content and the privacy and confidentiality of these websites are not regulated or overseen by us and are not subject to the privacy policies of ADM Title Services, LLC.
This policy includes all instances of confidential information processing, including all forms of business proprietary information, customer non-public personal information and employee personal information, by ADM Title Services, LLC, its owners, personnel and agents.
This policy, with its requirements and responsibilities, applies to all individuals processing confidential information for and/or on behalf of ADM Title Services, LLC, including the collection, use, storage, sharing and management of confidential information.
INFORMATION SECURITY & PROTECTION
ADM Title Services, LLC, is committed to protecting the security, confidentiality and integrity of all confidential information under its control, including proprietary and personal information. All employees, contractors and others working on behalf of ADM Title Services, LLC, shall defend against reasonably anticipated threats or hazards to the security or integrity of such information and prevent access or disclosure to or by any unauthorized party. Proprietary information includes business information that is managed to prevent it becoming publicly available. Personal information (PI) includes any data that, alone or linked with other data, can be used to identify, locate or contact an individual person.
A copy of this policy shall be distributed to all employees, independent contractors, third party service providers and vendors who must acknowledge they have received and read the policy.
Responsibility for protecting confidential information lies with every employee, service provider and third-party working directly or indirectly for ADM Title Services, LLC. We use controls and safeguards to protect confidential information from unauthorized collection, use, disclosure, transmission, corruption or loss.
Managers have specific responsibilities for information security functions, including: Evaluate policies and procedures to maintain timeliness, accuracy and sufficiency, given changes in business practices, legal requirements, technology advances and threat landscapes. Oversee compliance with policy requirements in all operating areas of the company. Manage responses to security incidents, regulatory investigations and customer inquiries. Conduct regular information security risk assessments. Develop and provide regular reporting about policy and procedural compliance and assessment findings. Provide education and training instruction about this and other information privacy and security policies at least annually.
Employees are responsible for handling confidential information in ways that prevent unauthorized use, disclosure, storage, transmission, loss or corruption both internally and externally. Employees must: Read and understand this and other policies designed to maintain the privacy and security of confidential information. Report any instance of suspected non-compliance with this and other policies. Participate in regularly scheduled education and training instruction for the protection of confidential information. Comply with all requirements of this and other information privacy and security policies. Ask for guidance from management as appropriate to comply with policy requirements.
AUTHORITY AND POLICY
The Office of the Manager (the Office) is responsible for this policy, including updates, revisions and implementation procedures. The Office shall interpret the application of the policy and answer all inquiries about this policy. The Office shall conduct a review and update of the policy at least annually. The Office shall develop, execute and report on an annual risk assessment of the key controls, systems and procedures of the information security program. The Office shall regularly engage qualified independent staff to review and test the program including documented issue tracking and remediation. The Office will also be responsible for ensuring our website is updated timely, with any revisions made to our policy.
All owners, managers, employees, contractors, service providers and third parties acting on behalf of ADM Title Services, LLC, are responsible for complying with the requirements of this policy.
INFORMATION SECURITY PROCEDURES
This policy shall be implemented through the actions of employees, contractors, service providers and third parties working directly for or on behalf of ADM Title Services, LLC.
INFORMATION CLASSIFICATION AND LABELING
All confidential information must be protected from unauthorized disclosure or use confidential information consists of at least three categories of information: Proprietary Business Information, Customer Non-Public Personal Financial Information, Employee Personal Information
All employees, contractors and others should understand these categories and be able to recognize each type of information. ADM Title Services, LLC provides means to encrypt confidential information, either in storage or during transmission, and may require the use of encryption in certain circumstances. The Manager is responsible for data classification and definitions. All inquiries should be directed to that office.
CLEAN WORK AREAS
All employees and contractors must protect confidential information in their work areas and on their equipment. Documents with confidential information shall be promptly removed from printers, copiers and facsimile machines. Documents and equipment containing confidential information in public areas such as a reception area shall be located and positioned to prevent unauthorized access. When work areas are not attended by authorized employees, confidential information shall be secured in locked offices, cabinets and drawers. Conference rooms and other work areas shall remain clear of files and paperwork not in immediate use. Visitors and non-employees shall not be allowed into non-public areas unless escorted in non-public areas by an authorized employee. Employees and others issued documents or equipment containing confidential information shall be responsible for securing them against theft, loss or unauthorized access. All company facilities where confidential information is processed, stored and otherwise accessed shall be equipped with effective fire detection and suppression mechanisms.
ACCESS TO CONFIDENTIAL INFORMATION
Access to confidential information shall be granted consistent with the principles of need-to-know and least possible privilege to assure that employees and others shall have access limited only to the data resources necessary for job performance and responsibility. The company will issue unique user identifiers to qualified personnel with access to networks, systems and computing equipment containing confidential information. Users are prohibited from allowing anyone else from using their unique user id (User IDs). Management shall review all access privileges associated with each unique user identifier at least annually to ensure that the level of access to confidential information conforms to the need-to-know and least possible privilege standards for job performance. Administrative access rights such as the ability to add and/or modify user account privileges to systems containing confidential information shall not be assigned to individuals performing business transactions within those systems. Access privileges shall be immediately revoked for employees who leave or are terminated. All employees and others with access to confidential information shall be subject to background and reference checks, as deemed appropriate by the Company or required by regulations.
Each authorized network system user shall have a password, known only to that user. Unique User IDs for authorized network system access shall be reviewed and updated at least annually. Passwords for access to confidential information shall be of sufficient complexity to be difficult to guess and shall not be reused in a reasonable period of time or shared with anyone. Passwords that are lost or compromised shall be immediately changed and reported to the Manager. Passwords must not be disclosed, shared or used improperly. Passwords shall not be transmitted in email or over the Internet unless encrypted and shall not be stored in login scripts or other computer programs without appropriate access controls.
REQUESTS FOR ACCESS AND TRANSFERS
Requests for access to or disclosure of confidential information will be granted only upon confirmation of identity and authority of the requester. Confidential information transmissions shall be encrypted whenever the means of transmission is not directly controlled by the company. Transfers of printed copies containing confidential information shall be sealed, addressed accurately and shall use tracking mechanisms to confirm delivery and receipt by the intended, authorized party.
ADM Title Services, LLC reserves the right to restrict the use of removable media such as USB ports, memory card slots and writable CD/DVD drives to prevent copying and distribution of confidential and non-public personal information.
Management shall develop and monitor procedures to detect attempts to attack and/or intrude on secure customer information systems, including an incident response and management procedure. All connections to external networks, including the Internet and non-company systems, shall be protected by firewalls and/or other appropriate mechanisms. All network and computer systems that store, process, route and provide access to Confidential Information shall be fully documented as to function, capacity, connectivity and data classifications. The Manager shall maintain the documentation and conduct an annual system map review and update. Network connections shall be configured to close or lock inactive sessions at scheduled intervals. Unused network access points shall be deactivated immediately. Workplace computing equipment shall be maintained with up-to-date software and protections against viruses, Trojans, and other forms of malware including malware scanning capabilities. Users of computing equipment shall not install unauthorized applications, games, peer-to-peer networks, or other software. Users shall use caution when using the Internet, avoiding sites for which they have no legitimate business purpose. ADM Title Services, LLC, reserves the right to monitor employee and contractor compliance, provided appropriate notice is provided to employees. All facilities and rooms housing computing equipment shall be protected by appropriate mechanisms for air quality, heating/cooling and fire detection and suppression. Regular system and data back-ups shall be performed to enable data recovery as needed, such as in the event of a power loss. The Manager shall maintain an information systems disaster recovery plan and conduct an annual plan review and update.
SYSTEMS AND EQUIPMENT MANAGEMENT
All modifications to networks, systems and equipment, including hardware and software, containing confidential information shall be consistent with the requirements of this Information Security and Protection policy.
All work areas in which confidential information is stored, processed or otherwise worked are to be secured against unauthorized access. Public entries remaining unlocked during business hours shall be staffed during those hours by an employee or contractor trained to prevent unauthorized entry to non-public spaces. Secure entries and exits are required for all areas and facilities in which confidential information is processed, stored and/or otherwise accessed, allowing access only to authorized personnel. Keys and/or identity badges must be secured against loss, theft, misuse and damage at all times and any such instance must be reported immediately. Where video surveillance of working and public areas is deployed, disclosures shall be prominently posted to notify individuals that such surveillance is active. All working and public areas shall be protected by fire detection, alarm and suppression equipment in compliance with all local building codes.
Confidential information serves many purposes, including providing services, supporting transactions and satisfying regulatory requirements for retention. Once all purposes for which confidential information has been collected have been exhausted and there is no further use for the information, it should be destroyed such that it cannot be reconstituted.
Paper-based information Files with confidential information shall be deposited in marked and locked shredding bins. Paper documents shall be destroyed by shredding, using company-supplied equipment or by using an authorized shredding service. All shredding events should be recorded and provable by a receipt.
Data Destruction as Pertains to Computing Equipment: All digital equipment scheduled for destruction shall be deposited with the office of the Manager. All expired equipment, including discs, memory cards, printers, copiers and other equipment shall be cleaned of all confidential information before being deposited with a recycling vendor or donated to any external parties. Memory components of all expired equipment memory shall be wiped of all confidential information by one of two methods: Electronic data destruction using an overwriting method that completely destroys all electronic data residing in memory, or, hard drive or digital media destruction by shattering, melting or similar means
EMPLOYEE EDUCATION & AWARENESS
All employees are required to read and understand this policy and its requirements to protect confidential information. Employees are required to participate in a company-authorized information security training course at least annually.
ADM Title Services, LLC employees must immediately report any suspected breach of this policys requirements, complying with the Security Breach Reporting and Management Policy. Suspected breaches must be reported to the office of the Manager.
ENFORCEMENT & CONSEQUENCES
Applicable Law: Applicable Law means laws and regulations within the operating areas, including affiliates and subsidiaries, governing the handling of confidential and proprietary information.
Authorized User: An Authorized User is an employee who has a legitimate need to process, handle or manage confidential information in order to perform her duties and to whom access rights to systems has been granted.
Customer/Client: A Customer/Client is an individual who has a material and continuing relationship with ADM Title Services, LLC under which he/she obtains financial products or services.
Customer Information: Customer information means any information collected either directly or indirectly that, alone or linked to other information, can identify, locate or contact the individual, including: Information that customers provide to obtain a financial product or service Information about a customer resulting from any transaction involving a financial product or service Information that [Company] obtains about a customer or prospective customer that in connection with providing a financial product or service.
Computing Equipment: Computing Equipment means any workstation, portable computer or mobile computing device used to access, store, process or transmit ADM Title Services, LLC information.
Confidential Information: Confidential Information is any ADM Title Services, LLC, or customer information requiring safeguards to prevent unauthorized access, disclosure, use or loss, including:
Proprietary business information such as sales data, business strategies, employee compensation, marketing plans, and the like. Customer non-public financial information such as account numbers, government identifiers, income, debt and the like. Customer personal information such as name, address, contact information, ethnicity, lifestyle preferences and the like.
Consent: Consent means any freely given specific and informed indication by an individual demonstrating his or her agreement to ADM Title Services, LLC, collection, use, storing, sharing or managing confidential information.
Employee: Employee means any person hired to work for ADM Title Services, LLC, in return for payment, including staff and contract employees. Human Resources Information Human resources information includes data about employee compensation, level, job performance, benefits use, family members and the like.
Information Processing: Information Processing includes any operation, whether manual or automated, performed on confidential information such as collection, storage, recording, alteration, retrieval, use, transmission, erasure or destruction.
Information Security Risk Assessment: An Information Security Risk Assessment is a process of evaluation of all current safeguards and controls for the purpose of identifying reasonably foreseeable threats (internal or external) to the confidentiality, integrity or availability of confidential information. Assessments measure the presence and sufficiency of controls and safeguards, identify shortcomings and identify remediation actions.
Marketing Purposes: Marketing Purposes means the use of confidential information for direct or indirect customer contact, including: Market research Direct mail, telephone solicitation, or other direct-to-customer promotions and marketing efforts Creating and maintaining distribution lists for newsletters and other publications Other activities related to business development and marketing
Marketing purposes does not include the use of confidential information for disclosures necessary to effect, administer or enforce a transaction that a customer has requested or processing or servicing a financial product or account.
Non-Public Personal Information (NPPI): Non-Public Personal Information includes personally identifiable financial information about an individual, as well as lists, descriptions, or other groupings of individuals that are derived using personally identifiable financial information that is not publicly available. NPPI may include information that an entity obtains from an individuals application or information it collects as a result of certain transactions. NPPI also includes information that an entity may obtain from consumer reports or from tracking the identities of individuals who have accessed its Internet site. NPPI may also include information about income, credit, payments, and even certain phone numbers and addresses.
Non-Routine Disclosures: These are disclosures that are unusual and not made in the course of business or to fulfill a business obligation are non-routine.
Personal Information (PI): Personal information (also called personally identifiable information), or PI, includes any data that, alone or linked with other data, can be used to identify, locate or contact an individual. Often, even small discrete data elements, when combined, create personal information.
Proprietary Information: Information that is managed to prevent it becoming publicly available is confidential and requires protection. The release of proprietary information to unauthorized parties could potentially cause harm to the company or entity by loss of business secrets, damage to reputation and/or loss of marketplace trust. Proprietary information can include PII and/or NPPI, as in employee compensation files that include personal identities, salaries, benefits and other data.
Security Breach Incident: Any incident of a non-routine disclosure of confidential information constitutes a security breach. Immediately report all instances of non-routine disclosures, including lost files and equipment, policy violations and transmission errors to your supervisor. Incidents may require investigations, remediation and even legally mandated reporting.
Service Provider: A service provider is any individual or entity or agent of an entity that receives, maintains, processes or otherwise is permitted access to confidential information through its provision of services to ADM Title Services, LLC.
Third Party: Any individual or entity that is unaffiliated with ADM Title Services, LLC, and is permitted to receive, maintain, process or otherwise access confidential information.