Our Commitment to Your Security and Privacy



Similar documents
First American Title Insurance Company COMMITMENT INFORMATION SHEET

First American Title Insurance Company

First American Title Insurance Company COMMITMENT INFORMATION SHEET

ALTA Commitment ( ) Commitment Page 1 Commitment Number: NCSJEF

ISSUED BY. This Commitment shall not be valid or binding until countersigned by an authorized officer of the Company or an agent of the Company.

First American Title Insurance Company COMMITMENT INFORMATION SHEET

Maximum Global Business Online Privacy Statement

SchoolFront.com Privacy & Security

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

The privacy of DataLogic CRM, Inc. s customers and affiliates is important to us. Therefore:

Veson Nautical Website Privacy Policy

SCHEDULE A Commitment No.:

Website Privacy Policy Statement York Rd Lutherville, MD We may be reached via at

PRIVACY POLICY. Last Revised: June 23, About this Privacy Policy.

Website Privacy Policy Statement

BlueYield, Inc. Vehicle Loan Application Disclosures

PRIVACY POLICY. The Policy is incorporated into Terms of Use and is subject to the terms laid down therein.

ChangeIt Privacy Policy - Canada

PRIVACY POLICY. Last updated February 2, 2009 INTRODUCTION

tell you about products and services and provide information to our third party marketing partners, subject to this policy;

PRIVACY POLICY. Effective: January 1, 2014 Revised: March 19, Privacy Policy Page 1 of 7

M&T BANK CANADIAN PRIVACY POLICY

Federal Trade Commission Privacy Impact Assessment for:

Bodywhys Privacy Policy

PRIVACY AND SECURITY POLICY

1. Important Information

Privacy Policy and Notice of Information Practices

Privacy Policy. We have provided answers to the following important questions on our information practices:

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

File: IJNDC-1 WEBSITE PRIVACY POLICY

Information Security Awareness Training Gramm-Leach-Bliley Act (GLB Act)

IBX Business Network Platform Information Security Controls Document Classification [Public]

Security Policy JUNE 1, SalesNOW. Security Policy v v

Federal Trade Commission Privacy Impact Assessment

RezScore SM Privacy Policy

Privacy Policy. PortfolioTrax, LLC v1.0. PortfolioTrax, LLC Privacy Policy 2

SPECIAL REPORT SCHEDULE A

ADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY COLLECTION AND USE OF INFORMATION FROM USERS

SCHEDULE A. Address: 1504 Lake Crystal Drive, Unit G, West Palm Beach, FL 33411(For informational purpose only, no additional coverage is provided)

Nexed s Privacy Policy tells you what information we use, collect or disclose to third parties about our users.

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

White Paper. BD Assurity Linc Software Security. Overview

YOUR PRIVACY IS IMPORTANT TO SANDERSONS ARCHIVING SOLUTIONS LIMITED

Profound Outdoors Privacy Policy

ONLINE PRIVACY POLICY

Paladin Computers Privacy Policy Last Updated on April 26, 2006

HIPAA: The Role of PatientTrak in Supporting Compliance

Privacy Policy Version 1.0, 1 st of May 2016

PREPLY PRIVACY POLICY

Privacy Policy. Effective Date: November 20, 2014

Configuring User Identification via Active Directory

Five keys to a more secure data environment

WHAT INFORMATION IS COLLECTED AT MOTOROLA.COM.VN AND/OR MOTOROLA.VN AND HOW IS IT PROCESSED AND USED?

Overview This Policy discloses the online data collection and usage policies and practices for this Site only, including an explanation of:

Fax

Privacy Policy & Terms of Use Effective: 12/13/2011. Terms and Conditions. Changes in this Privacy Policy. Internet Privacy & Security

HIPAA HANDBOOK. Keeping your backup HIPAA-compliant

The Ariadne Labs Website - A Perfect Home Based Business

Introduction PriorFX LTD Right to Privacy Information

3Degrees Group, Inc. Privacy Policy

TargetingMantra Privacy Policy

Estée Lauder Companies Global Jobs Website Privacy Policy

GlobePartners Limited. Privacy Policy

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )

IDT Financial Services Limited. Prime Card Privacy Policy

CHIS, Inc. Privacy General Guidelines

How To Secure An Rsa Authentication Agent

Norton Mobile Privacy Notice

DentalTek Privacy Statement

PRIVACY POLICY. The effective date of this Privacy Policy is December 15, Last Updated September 29, Overview

Measurabl, Inc. Attn: Measurabl Support 1014 W Washington St, San Diego CA,

RemotelyAnywhere. Security Considerations

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

Federal Trade Commission Privacy Impact Assessment for:

Information About Our Organization and General Data Collection Practices. Lotlinx Website and Dealer Customers Marketing Efforts

e-performance System

Please read this Policy carefully. Your continued use of our sites means that you understand and consent to the terms of this Policy.

Web Sites Covered This policy covers NASBA.org and all other NASBA affiliated sites that link to this policy.

First American Title Insurance Company

BUSINESS ONLINE BANKING AGREEMENT

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Retention & Destruction

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

PRIVACY POLICY. Types of Information Collected

INDEX PRIVACY POLICY...2

QuickBooks Online: Security & Infrastructure

HTTP connections can use transport-layer security (SSL or its successor, TLS) to provide data integrity

Security in the Sauce Labs Cloud. Practices and protocols used in Sauce s infrastructure and Sauce Connect

corporate.ford.com/jobs Privacy Statement

Privacy and Data Policy

Security & Infra-Structure Overview

ONLINE BANKING (ebranch) AGREEMENT AND DISCLOSURE

WHAT DOES CREDIT ONE BANK, N.A. DO WITH YOUR PERSONAL INFORMATION?

Enhanced Security for Online Banking

SUPPLIER SECURITY STANDARD

Abilities Centre collects personal information for the following purposes:

Privacy Policy. The Read Privacy Policy was created on June 11, 2015

Guideline on Access Control

Transcription:

Our Commitment to Your Security and Privacy The First American Corporation, founded in 1889, is the leading provider of real estate-related financial services. First American is committed to offering an online environment that adheres to industry-standard security and privacy practices. We use the latest technologies and partner with third-party security companies to provide our customers the most secure computing environment possible. The measures implemented in our platforms are the most current and the most widely endorsed methods of security in the computer industry today. With these methods in place and with continued monitoring of security issues, our customers can be assured of the privacy, security and integrity of their online transactions within our environments. The following sections outline the approach we use to secure our platforms and maintain the privacy of your data. In summary this involves: Application Security Our approach for ensuring that users access only the transaction data they are authorized to access Access Control Our approach for preventing unauthorized users from accessing our platforms Infrastructure Security Our approach to protecting our computing facilities Privacy Our policies and procedures for maintaining your privacy

Application Security The Transaction Management Platform is based on the concept of role-based security. Access to transaction file contents, access to functions in the system, access to administrative functions, etc. are controlled by a user s roles. Hierarchical Administration The Transaction Management Platform provides multiple levels of administrative control on user, office, and template data. Individual users are granted these administrative levels by granting them the corresponding role. These roles are in addition to the transaction-based roles that they would typically be provided (e.g. Buyers Agent, Broker). User Admin Each user can manage their own personal information and templates Office Admin - Office Admins manage information about the office, manage the users that are contained in the office, and can access files that involve one of the members of their office. In addition, office structures can be hierarchical, meaning that the topmost office of a company has control over child offices. Cobrand Admin The Cobrand admin has control over the business rules governing the operation of the cobrand, including Data Forms, Role Rights, To-do templates, role based security, etc. System Admin This is a specialized account only available to a limited number of personnel. This account is used for maintaining system-wide options and settings, and for setting up new cobrands. Transaction Level Security Transaction level security ensures that only participants to a transaction have access to that transaction. In addition, the specific data in the transaction that a valid participant can see is based on their role in the transaction. The following rules govern access to transaction data: Only authorized roles can create transactions Users can only access transactions they are participants in, and it is always under the context of a role Even if a user has multiple roles assigned to them, security is governed by the role they play in a particular transaction Users can have multiple roles in a transaction Each field of the Data Forms can be secured by role at the Read and Modify level All participants can create documents, but access to documents is controlled by the roles specified by the document owner The ability to add, view, or delete participants governed by role The ability to order products and services is governed by role The ability to complete or view tasks is governed by role Users can only have roles that their office has Users can set up proxies for themselves that allow teams of users to share file access automatically without sharing passwords

Access Control Access Control makes sure that only authorized users have access to the platform, and that information is not exposed as it is transferred between First American s hosting facilities and the end user s computer. The primary measures of security employed are the use of SSL (Secure Socket Layer) encryption and thirdparty firewall filtering technologies. In addition, every session requires a unique user name and password before access to the system is permitted. Secure Socket Layer (SSL) is the standard technology for secure, Web-based communications. Traffic between customers and the Web server is encrypted with a unique "session key." SSL is built into server hardware, and requires a "digital ID" in order to be functional. These layers of protection virtually guarantee that unauthorized parties cannot view information. With SSL and this digital ID in place, the communications between the Web server and an end user are protected. Password Protection allows only users with authorized credentials from accessing the site. User credentials consist of a userid and password. The logon page is processed using an SSL Connection. This ensures that the user's credentials cannot be retrieved by parties scanning traffic over the Internet. Page Level Authentication is used to ensure unauthorized access to web site pages. After a user s session is established after successful logon, a unique Session Cookie established. This cookie is validated each time a user moves to a new page in the site. If the cookie is missing or corrupted, the user will be redirected to the logon page. In normal circumstances a user would never have this happen to them. But, if a user attempts to access any part of the site without properly logging on, the session cookie validation will fail, and the user will be redirected to the logon page. Firewall Filtering is a set of related programs that protect the resources of a private network from users from other networks. The firewall acts as a defense barrier between the platform and the Internet, granting access and information only to those who are authorized to do so.

Infrastructure Security These are policies and procedures taken to protect the health and welfare of equipment, data, and information located in the Internet Operations Center, First American s hosting facility. In most cases, they apply to the network, servers, applications, and other equipment used to process and/or transmit information. Access to First American s Internet Operations Center The Operations Center is located in a multi-story structure in a semi-secure enclosure. The following measures are in place to provide security to the facility: Parking lot gates are opened daily and closed during off hours Facility and parking lot access require a security device to enter and/or exit outside normal working hours A receptionist and digital camera provide interior security and visitor identification Visitors must log into the Internet Operations Center security log The address of the operations center is not easily obtained using Internet or common search tools Two doors with manual cipher locks provide access to the server room Only Internet Operations Center personnel know the cipher lock combinations Access to platforms and systems Site access limits personnel who may use and change various types of data and/or modify an application. The following actions have been taken to provide effective yet secure access to the site: Defined User Groups Defined Users with individual user accounts requiring a password composed of numbers and letters Passwords must be changed every 60 days or as needed Server access passwords are stored in an encrypted virtual safe with access limited to key personnel Logs are used to monitor and track user activity and actions Policies regarding authorized computer use are reviewed and signed by all First American employees Servers are built to prevent security holes and have the latest security patches installed Operating Systems and configurations are designed to minimize intrusion and compromise Multiple firewalls are used to prevent unauthorized access

Privacy The following section outlines First American s Corporate Privacy Policy. This can be found on our corporate web site at http://www.firstam.com/faf/company/privacystmt.html. We Are Committed to Safeguarding Customer Information In order to better serve your needs now and in the future, we may ask you to provide us with certain information. We understand that you may be concerned about what we will do with such information - particularly any personal or financial information. We agree that you have a right to know how we will utilize the personal information you provide to us. Therefore, together with our subsidiaries we have adopted this Privacy Policy to govern the use and handling of your personal information. Applicability This Privacy Policy governs our use of the information that you provide to us. It does not govern the manner in which we may use information we have obtained from any other source, such as information obtained from a public record or from another person or entity. First American has also adopted broader guidelines that govern our use of personal information regardless of its source. First American calls these guidelines its Fair Information Values. Types of Information Depending upon which of our services you are utilizing, the types of nonpublic personal information that we may collect include: Information we receive from you on applications, forms and in other communications to us, whether in writing, in person, by telephone or any other means Information about your transactions with us, our affiliated companies, or others; and Information we receive from a consumer-reporting agency. Use of Information We request information from you for our own legitimate business purposes and not for the benefit of any nonaffiliated party. Therefore, we will not release your information to nonaffiliated parties except: (1) as necessary for us to provide the product or service you have requested of us, or (2) as permitted by law. We may, however, store such information indefinitely, including the period after which any customer relationship has ceased. Such information may be used for any internal purpose, such as quality control efforts or customer analysis. We may also provide all of the types of nonpublic personal information listed above to one or more of our affiliated companies. Such affiliated companies include financial service providers, such as title insurers, property and casualty insurers, and trust and investment advisory companies, or companies involved in real estate services, such as appraisal companies, home warranty companies and escrow companies. Furthermore, we may also provide all the information we collect, as described above, to companies that perform marketing services on our behalf, on behalf of our affiliated companies or to other financial institutions with whom we or our affiliated companies have joint marketing agreements. Former Customers Even if you are no longer our customer, our Privacy Policy will continue to apply to you.

Confidentiality and Security We will use our best efforts to ensure that no unauthorized parties have access to any of your information. We restrict access to nonpublic personal information about you to those individuals and entities that need to know that information to provide products or services to you. We will use our best efforts to train and oversee our employees and agents to ensure that your information will be handled responsibly and in accordance with this Privacy Policy and First American's Fair Information Values. We currently maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your nonpublic personal information. Information Obtained Through Our Web Site The First American Corporation is sensitive to privacy issues on the Internet. We believe it is important you know how we treat the information about you we receive on the Internet. In general, you can visit First American or its affiliates Web sites on the World Wide Web without telling us who you are or revealing any information about yourself. Our Web servers collect the domain names, not the e- mail addresses, of visitors. This information is aggregated to measure the number of visits, average time spent on the site, pages viewed and similar information. First American uses this information to measure the use of our site and to develop ideas to improve the content of our site. There are times, however, when we may need information from you, such as your name and email address. When information is needed, we will use our best efforts to let you know at the time of collection how we will use the personal information. Usually, the personal information we collect is used only by us to respond to your inquiry, process an order or allow you to access specific account/profile information. If you choose to share any personal information with us, we will only use it in accordance with the policies outlined above. Business Relationships The First American Corporation's site and its affiliates' sites may contain links to other Web sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Cookies Some of First American's Web sites may make use of "cookie" technology to measure site activity and to customize information to your personal tastes. A cookie is an element of data that a Web site can send to your browser, which may then store the cookie on your hard drive. www.firstam.com uses stored cookies only if you choose the 'Remember Me' option available in the My FirstAm.com feature. If you do choose the Remember Me option, an encrypted token is stored on your hard drive to correlate you with the options you've selected. This feature can be turned on or off at any time in your My FirstAm.com profile. The goal of this technology is to better serve you when visiting our site, save you time when you are here and to provide you with a more meaningful and productive Web site experience. Fair Information Values Fairness We consider consumer expectations about their privacy in all our businesses. We only offer products and services that assure a favorable balance between consumer benefits and consumer privacy.

Public Record We believe that an open public record creates significant value for society, enhances consumer choice and creates consumer opportunity. We actively support an open public record and emphasize its importance and contribution to our economy. Use We believe we should behave responsibly when we use information about a consumer in our business. We will obey the laws governing the collection, use and dissemination of data. Accuracy We will take reasonable steps to help assure the accuracy of the data we collect, use and disseminate. Where possible, we will take reasonable steps to correct inaccurate information. When, as with the public record, we cannot correct inaccurate information, we will take all reasonable steps to assist consumers in identifying the source of the erroneous data so that the consumer can secure the required corrections. Education We endeavor to educate the users of our products and services, our employees and others in our industry about the importance of consumer privacy. We will instruct our employees on our fair information values and on the responsible collection and use of data. We will encourage others in our industry to collect and use information in a responsible manner. Security We will maintain appropriate facilities and systems to protect against unauthorized access to and corruption of the data we maintain.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information