Written comprehensive information security program (“WISP”)
4 Buyers Real Estate. Effective March 1, 2010
4 Buyers Real Estate and its agents have made efforts to limit the amount of personal information to the bare minimum necessary to do the business of real estate. We do not collect personal information regarding social security numbers, bank account or credit account numbers, or Driver’s license/State ID numbers with the exception of these items:
- Checking account numbers on retainer and transaction binder checks.
- Last 4 digits of account numbers for verification of deposit or purchase funds.
Handling of private information will be done as follows:
- Checks and account numbers:
- Copies of checks will be made with account numbers covered. Clients are responsible to not transmit any checks or documents that show their social security or account numbers. These redacted copies of checks may be sent as part of an email, as necessary during a transaction. These check copies will be sent only to other licensed agents, attorneys or lender personnel for the purpose of transacting business. Encrypted email will be used whenever possible.
- All physical checks will be held in our personal possession or locked in the office until transferred to the seller or seller’s agent. Only Rona Fischman, Dianne Schaefer, Dave Twombly, Anna Matveyckuk, Pearl Emmons, and Barbi Harrison will have access to this cabinet. If held in our personal possession, due diligence will be used.
- Social security numbers:
- We do not collect Social Security numbers. Clients must redact their social security number from any materials you send to our office.
- We encourage our clients not to put their social security number on their Purchase and Sales Agreement if there is a line created in the document for this information.
- Email and phone information:
4 Buyers Real Estate will use email, phone, or text/message for communication regarding real estate transactions, related house care communication. Occasional notice of events or promotions done by our company will use email or US Post. 4 Buyers Real Estate does not share any email or phone information about our clients to any third parties.
- Definition of personal information:
For purposes of this WISP, “personal information” means a Massachusetts resident’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident:
(a) Social Security number;
(b) driver’s license number or state-issued identification card number; or
(c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
This WISP policy is enforced by Rona Fischman, Broker owner. In the following ways:
All agents will be trained in the policy annually.
Agents may be asked to present their mobile written files at any time. If copies of checks or social security numbers are in these files, a written warning will be issued. Agents who fail to secure their copies of checks three times in a calendar year will be dismissed.
In the event of a breach, the client will be notified by phone or email, followed up by a written apology. Any banking fees due because of stopped checks or reprinting checks with a new number will be paid for by 4 Buyers Real Estate.
DATA SECURITY COORDINATOR:
We have designated Rona Fischman to implement, supervise and maintain the WISP. That designated employee (the “Data Security Coordinator”) will be responsible for: a. Initial implementation of the WISP; b. Training employees; c. Regular testing of the WISP’s safeguards; d. Evaluating the ability of each of our third party service providers to implement and maintain appropriate security measures for the personal information to which we have permitted them access, consistent with 201 CMR 17.00; and requiring such third party service providers by contract to implement and maintain appropriate security measures. e. Reviewing the scope of the security measures in the WISP at least annually, or whenever there is a material change in our business practices that may implicate the security or integrity of records containing personal information. f. Conducting an annual training session for all owners, managers, employees and independent contractors.