ALTA Best Practices
Privacy and Protection of Non-public Personal Information
Best Practices #3: Adopt and maintain a written privacy and information security program to protect non-public personal inforation as required by local, state and federal laws.
Purpose: Federal and state laws (including the Gramm-Leach-Billey Act) require certain companies to develop a written information security program that describes the procedures they employ to protect non-public personal information. The program must be appropriate to teh Company’s size and complexity, the nature and scope of the Company’s activities, and the sensitivity of the Consumer information the Company handles. A Company evaluates and adjusts its program in light of relevant circumstances, including changes in teh Company’s business or operations, or the results of security testing and monitoring.
Zdenek Law Firm’s Policies and Procedures for
Implementation and Adherence to Best Practice #3
1. Physical security of Non-public Personal Information
The Company:
2. Network security of Non-public Personal Information
3. Disposal of Non-public Personal Information
4. The Company has an established Disaster Recover Plan
5. The Company exercises appropriate management and training of employees to ensure compliance with the Company’s information and security program
The Company:
6. The Company has oversight of service providers to help ensure compliance with the Company’s information security program
The Company:
7. Audit and oversight procedures are in place to ensure compliance with the Company’s information security program
The Company:
8. Notification of security breaches to customers and law enforcement
The Company:
This policy was adopted by the Zdenek Law Firm on the 1st day of March, 2014.