Welcome to BP Boot Camp!
Christopher J. Gulotta, Esq.
Founder & CEO
Real Estate Data Shield, Inc.
271 Madison Avenue Suite 700
New York, NY 10016
212-951-7302
cgulotta@redatashield.com
Non-public Personal Information (“NPPI”):
– Personally identifiable data such as information provided by a
customer on a form or application, information about a customer’s
transactions, or any other information about a customer which is
otherwise unavailable to the general public.
– NPPI includes first name or first initial and last name coupled with
any of the following:
• Social Security Number
• Driver’s license number
• State-issued ID number
• Credit or debit card number
• Other financial account numbers
1. Gramm-Leach Bliley Act (GLBA)
2. Federal Trade Commission (FTC)
– Privacy Rule (1999)
– Safeguard Rule (2003)
– Disposal Rule (2005)
3. Consumer Financial Protection Bureau (CFPB)
– April 2012 Bulletin
– Supervisory Highlights (2012)
4. Office of the Comptroller of the Currency (OCC)
– Interagency Guidelines Establishing Standards for Safeguarding Customer Information
(2001)
– Third Party Relationship Bulletin (Oct. 2013)
5. Federal Reserve System
– December 5, 2013 “Managing Outsourcing Risk” Bulletin
6. American Land Title Association (ALTA)
–“Best Practices” for Title Insurance and Settlement Companies Version 2.0 (Jan 2013)
7. State Agencies & Regulators (State Attorney General, Department of Insurance, Attorney
Professional Codes of Conduct)
8. Lender mandates
Gramm-Leach Bliley Act (GLBA)
Enacted date: November 12th, 1999
• Effective date: November 18th, 2000
• Compliance date: July 1st, 2001
• Tasks the FTC and other agencies that regulate Financial
Institutes to implement regulations to carry out GLB’s
financial privacy provisions.
•
• Covers “financial institutions”
• Real Estate Settlement Service Providers (e.g., Title and
Settlement companies) included in definition of “financial institutions”
as they are “significantly engaged” in financial activities.
• 1999 – FTC Privacy Rule (16 C.F.R. § 313)
•
Financial Institutions are required to provide “a clear and conspicuous notice” (i.e.
a “Privacy Notice”) to customers/consumers that accurately states the company’s
privacy policies and practices
• 2002 – FTC Safeguards Rule (16 C.F.R. § 314)
•
Financial Institutions are required to develop a written information security plan that
describes
their program to protect customer/consumer information
•
Preamble to Rule identifies “employee training and management” as one of the
three areas essential to ensuring information security within a business
•
• 2005 – FTC Disposal Rule (16 C.F.R. § 682)
•
Financial Institutions are required to properly dispose of all customer/consumer
information by taking “reasonable measures” to protect against unauthorized
access to/use of the information
• Reasonable measures = burning/pulverizing/shredding papers so that the information
cannot be read or reconstructed; destroying or erasing electronic media
FTC Safeguards Rule
16 CFR Part 314 (May 2003)




The FTC is tasked with enforcement of the GLBA and the Security of
Customer Information
“Financial institutions” includes any businesses, “regardless of size, that
are significantly engaged in providing financial products or services”
(Real Estate Settlement Services Companies are included in FTC
examples of such companies).
Requires companies to develop a written information security plan that
describes their program to protect customer information.
Plan must be appropriate to size and complexity of company, nature
and scope of activities, and sensitivity of customer information handled.
FTC Safeguards Rule
16 CFR Part 314 (cont.)
Must:





Designate employee to coordinate information security program
Identify and assess risks to customer information and evaluate
effectiveness of current safeguards
Design and implement a safeguards program and regularly
monitor/test it
Select service providers to maintain safeguards and oversee
handling of customer information
Evaluate and adjust the program in light of relevant circumstances
FTC Safeguards Rule, 16 CFR Part
314 (cont.)
FTC recommendations include:
 Employee management and training for information handling;
 “Regular” Risk assessment of systems, networks, and software
designs;
 “Periodic” monitoring and testing of safeguards (e.g. penetration
testing of network access);
 Upgrade information security program when necessary;
 Checking references or conducting background checks before
hiring new employees;
 Require employee to read and sign company privacy policies
FTC recommends continued:
• Using strong password practices, screen savers and
“appropriate use” policies for laptops, smart phones, tablets,
etc.;
• Email encryption;
• Locking offices and file cabinets;
• Regular training of staff;
• Disciplinary measure for staff who security polices;
• Preventing terminated employees from accessory networks
and data bases.




In 2004 a hacker used a common website attack to obtain
unauthorized access to Nations Title’s computer network.
In 2005, a Kansas City television station found documents
containing NPPI in an unsecured dumpster.
Title company disposed of confidential customer information
in a unsecured dumpster and hackers exploited security
flaws in the company‘s network
FTC reinforces its position that Title companies are
“Financial institutions” and fall under the GLB Act and are
thus subject to GLB & FTC consumer privacy obligations.
OCC Bulletin OCC 2013-29
October 30, 2013
“Third Party Relationships” Bulletin
•
In the new 2013 OCC Third Party Relationship Bulletin, the OCC
speaks of “lessons learned” over the 12 years since the publication
of their 2001 OCC Third Party Relationship Bulletin.
•
Those “lessons” include:
(i) The increased use of outsourced service providers;
(ii) The increased complexity of the vendor relationship; and
(iii) The increased use of technology and the increased interconnectedness of third-party providers and banks.
•
These factors have combined to create a higher level of “safety &
soundness” risk and the OCC has concern that banks may have
generally failed to:
•
Properly assess the risks associated with the use of such third party
providers;
Perform adequate due diligence and on-going monitoring of these
relationships; and
Appropriately enter into agreements with Service Providers after
properly assessing the third party’s internal risk management
capabilities.
•
•
• Critical Activities: The OCC now expects “more
comprehensive and rigorous oversight of relationships that
involve critical activities-significant bank functions (e.g.,
payments, clearing, settlements, custody) or shared services
(e.g., information technology)” or other activities that could “have
significant customer impacts.”
– That the OCC has effectively created a new category of
higher-risk services or activities, which include “settlements”
is significant to our industry and puts lender banks on notice
that their management of our industry practices is subject to
the highest level of regulator scrutiny.
• Information and Physical Security: As in their 2001 Interagency Guidelines
Establishing Standards for Safeguarding Customer Information (the “2001
Interagency Guidelines”), this Bulletin specifically addresses the need to assess
a providers’ information security program (including vulnerability and
penetration testing).
• Safeguarding Customer Information, Non-Public Personally Identifiable
Information (“NPPI”) and Compliance with the Gramm-Leach-Bliley Act
(“GLBA”): Again, the OCC reinforces its expectations that banks ensure that
their Third Party relationships take all measures required by the 2001
Interagency Guidelines and as set forth in the GLBA to protect and safeguard
customer information and consumer non-public personally identifiable
information and that the banks themselves should monitor and audit for privacy
compliance, including business resilience and continuity planning, procedures
and systems.
This Bulletin represents the third regulator bulletin in less than two years cautioning lenders
about the risk and responsibilities associated with using “Service Providers”
• Risk From Use of Service Providers:
–If not managed effectively, the use of Service Providers may expose financial institutions to risks that can result in
regulatory action, financial loss, litigation, and loss of reputation.
• Service Providers Risk Management Programs:
–A financial institution's Service Provider risk management program should be risk-focused and provide oversight and
controls commensurate with the level of risk presented by the outsourcing arrangements in which the financial institution
is engaged.
• Risk Assessment:
–A financial institution should conduct an evaluation of and perform the necessary due diligence for a prospective Service
Provider prior to engaging the Service Provider.
• Operations and Internal Controls:
– Financial institutions are responsible for ensuring that services provided by Service Providers comply with applicable
laws and regulations and are consistent with safe-and-sound banking practices.
• Confidentiality and Security of Information:
– Service Providers should ensure the security and confidentiality of both the financial institution's confidential
information and the financial institution's customer information.
– Information security measures for outsourced functions should be viewed as if the activity were being performed by the
financial institution and afforded the same protections.
– Service agreements should also address service provider use of financial institution information and its customer
information.
• Business Resumption and Contingency Plan of Service Provider
o Agreements should address Service Provider responsibility for backing up
information and maintaining disaster recovery and contingency plans.
o Agreements may include a Service Provider's responsibility for testing of plans
and providing testing results to financial institutions.
o Oversight and Monitoring of Service Providers
o Financial institutions should tailor and implement risk mitigation plans for higher
risk service providers that may include processes such as additional reporting
by the service provider or heightened monitoring by the financial institution.
• Business Continuity and Contingency Plans
o Financial institution contingency plans should focus on critical services
provided by Service Providers and consider alternative arrangements in the
event that a Service Provider is unable to perform.
o Ensure that a disaster recovery and business continuity plan exists with regard
to the contracted services and products.
o Assess the adequacy and effectiveness of a Service Provider's disaster
recovery and business continuity plan and its alignment to their own plan.
o Test the Service Provider's business continuity and contingency plans on a
periodic basis to ensure adequacy and effectiveness.
• Mission Statement
– ALTA seeks to guide its membership on best practices to
protect consumers, promote quality service, provide
for ongoing employee training, and meet legal and
market requirements.
– These practices are designed to ensure a positive and
compliant real estate settlement experience.
– ALTA is publishing these best practices as a benchmark
for the mortgage lending and real estate settlement
industry.
1. Establish and maintain current license(s) as required to conduct the business of title insurance and
settlement services.
2. Adopt and maintain appropriate written procedures and controls for Escrow Trust Accounts allowing for
electronic verification of reconciliation.
3.Adopt and maintain a written privacy and information
security program to protect Non-public Personal Information
as required by local, state and federal law.
4. Adopt standard real estate settlement procedures and policies that ensure compliance with Federal and
State Consumer Financial Laws as applicable.
5. Adopt and maintain written procedures related to title policy production, delivery, reporting and premium
remittance.
6. Maintain appropriate professional liability insurance and fidelity coverage.
7. Adopt and maintain procedures for resolving consumer complaints.
• Physical Security of NPPI
– Restrict access to NPPI to authorized employees who have undergone
background checks and credit reports at hiring
– Prohibit or control the use of removable media
– Use only secure delivery methods when transmitting NPPI
• Network Security of NPPI
– Maintain and secure access to company information technology
– Develop guidelines for the appropriate use of company information
technology
– Ensure secure collection and transmission of NPPI
• Disposal of NPPI
– Both federal and state law, including the FTC Disposal Rule, require all
NPPI to be disposed in a manner that protects against unauthorized access
to or use of the information
• Establish a Disaster Management/Recovery Plan
• Notification of Security Breaches to Customers and Law Enforcement
– 46 states have a data breach notification law; know the requirements
particular to your state so that you are prepared in the event of a breach
– Post your company’s privacy and information security program on your
website or provide program information directly to customers in another
useable form
– When a breach is detected, your company should have a program to
inform customers and law enforcement as required by law
• Written privacy and security plan to protect non-public
personal information (NPPI) as required by local, state and
federal law
– Physical Security
– Network Security
– Disposal of NPPI
– Disaster Management
– Employee Management & Training
– Service Provider Oversight
– Compliance through Audit and Oversight
– Security Breach Incident Management
ALTA – Seventeen Assessment
Procedures







Written Plan
Trained Employees
Risk Assessment
Independent Testing of Key
Controls
Acceptable Use
Acknowledgements
Access Controls for NPPI
Network Access Controls
w/Background Checks







Removable Media Controls
NPPI encryption in motion and at rest
Monitor, detect & respond to attacks
Physical controls to protect premises
& NPPI
Change/Modification & Back-up
controls
Privacy Disclosures
Records Retention & Destruction
• Wells supports customer choice provided such third party providers
“consistently meets all applicable requirements”
• Wells is expanding and enhancing third party oversight…in order to
monitor and measure performance
• Prepare for “Top Performer” status
• Wells “supports” ALTA Best Practices, which should already be in
place for “businesses providing title and closing services”
• Wells recognizes some may need “transition time”
• If not currently following ALTA Best Practices, do you have a plan in
place for adoption?
• Can you document and demonstrate inspection processes to validate
your adoption of ALTA’s Best Practices?
The Key Recommendation
– “The most effective data security plans deal with
four key elements: physical security, electronic
security, employee training, and the security
practices of contractors and service providers.”
– Federal Trade Commission
– Employee education and training is one of
the “best practices to thwart a cyber attack.” –
Symantec
– Security training for all data users is the “best
strategy for ensuring that a major threat to data
security … is proactively addressed before more
breaches
occur.”
–
Privacy
Technical
Assistance Center
Practical Steps to Take:
 Develop all required privacy and data security
policies, procedures, and plans
o
o
o
o
o





Information Security Plan
Incident Response Plan
Disaster Recovery Plan
Secure Password Policy
Electronic Communications and Internet Use Policy
Assess your company’s risk profile
Educate and train your work force
Secure your work flows
Ensure compliance of all service providers
Implement a sound document destruction policy
A. Administrative
B. Physical
C. Network
1.
2.
3.
4.
5.
6.
7.
8.
Staff Training
Manual of Policies and Procedures
Privacy Notice
Shred-All Policy
Vendor Non-Disclosure Agreements (NDA’s)
Background checks on employees handling NPPI
Clean Desk, Office and Screen Policy
Authorized Devices
1. Staff Training
– Training is an essential element of creating and maintaining a Privacy
Smart culture and environment and is essential to regulators.
– “The most effective data security plans deal with four key elements:
physical security, electronic security, employee training, and the security
practices of contractors and service providers.” (Federal Trade
Commission, Protecting Personal Information: A Guide for Business)
– An effective information security plan requires, “training employees to
take basic steps to maintain the security, confidentiality, and integrity of
customer information,” (April 2006: FTC, Complying with the Safeguards
Rule)
– The CFPB “Supervisory Highlights” Bulletin, states that companies “must
provide for an effective training an compliance management program for
all employees and service providers.”
– 39% of all data breaches are caused by employee or contractor
negligence (Ponemon Institute, “2011 Cost of Data Breach Study”).
– Beware of Malicious Insiders and former employees.
2. Manual of Policies and Procedures

ALTA, the CFPB and the FTC require clearly defined written policies
and procedures to be in place.
3. Privacy Notice
 FTC Privacy Rule States that financial institutions
are required to provide “a clear and conspicuous
notice” (i.e. a “Privacy Notice”) to customers and
consumers that accurately states the Institution’s
privacy policies and practices.
 Client

Initially and annually
 Consumer

Initially and at closing
4. Shred-All Policy
– Have a Shred-All Policy for your office. This
eliminates employee discretion and concern
that a document with NPPI could be discarded
improperly.
– These should include, all paper and digital
media (USB, disks, hard drives, etc.)
5. Vendor Non-Disclosure Agreements (NDAs)
–
–
–
Just as lenders are responsible for our actions, title
and settlement 3rd Party Service Providers are also
responsible for our sub-vendors.
To protect your company, your third party vendors
should be made to sign an NDA to demonstrate that
they to comply with State and Federal privacy laws.
This can include, for example: IT consultants, search
companies, storage facilities, accountant, etc.
6. Background Checks on Employees Handling NPPI
– “Checking references or doing background
checks before hiring employees who will have
access to customer information.” (April 2006:
FTC, Complying with the Safeguards Rule)
– Be sure to comply with State and Federal Laws
relating to how to use and handle any “adverse”
information in these searches.
7. Clean Desk, Screen and Office Policy
–
–
–
–
All employees should keep files off of their desk except for
the file they are currently working on so onlookers don’t see
information they shouldn’t.
Staff’s desk should be cleared of all work and files at days
end.
When stepping away or even when at their desk, staff
shouldn’t keep unnecessary sensitive information up on their
screen unless they are currently using said information.
Common areas that outside closers, etc. use should be
“clean” as well.
8. Authorized Devices
•
You need to keep track of what devices are
connected to the office network.
–
–
•
This list needs to be kept up-to-date and old devices should
be restricted immediately upon removal.
This includes smart phones, tablets, computers, etc.
Companies need to also keep track of unauthorized
devices. Letting staff know if they aren't allowed to
use personal devices for work.
–
This also includes that work devices should only be used for
official work use.
1.
2.
3.
4.
5.
6.
7.
8.
9.
Entryway Security & Sign-in Log
Clean Desk Policy
Clean Office
Locked Filing Cabinets
Security Cameras
Privacy Screens
Locked Offices
Shredding of Paper and Digital Media
Locks on Computers
1.
2.
3.
4.
5.
6.
7.
8.
Password Protection
Computer Screen Timed Lockout
Using Various Brands of Firewalls (Defensive Depth)
Port Lockdown
Network Printers/Scanners
Restrictive Access to Programs, files etc.
Updates and Patches
Email Encryption
CEO and founder of Real Estate Data
Shield and The Gulotta Law Group,
Chris has represented institutional
lenders in mortgage finance transactions
for over 25 years. He has developed
compliance management platforms and
Data Security Compliance tools for
mortgage lenders, title underwriters,
independent title and settlement agents,
notaries and attorneys.
An international expert on information
privacy law, Professor Schwartz
assists corporations and law firms with
regulatory, policy, and governance
issues. As professor of law at UC
Berkeley and Director of the Berkeley
Center for Law and Technology, he has
published widely on privacy and data
security topics.
A leading voice in consumer
privacy and data protection
challenges, Mr. Purcell is an
award-winning developer of Webbased education and training
courses. As Microsoft's original
Privacy Officer, he designed and
implemented one of the world's
largest and most advanced
privacy programs.
• This webinar, supporting materials and the information
contained therein does not constitute legal advice nor an
attorney client relationship and is provided for information
purposes only. Because laws, rules and regulations
change frequently and because local laws may apply, you
should consult an attorney for any specific compliance or
related inquiries.
For Marketing & Sales Inquiry:
Victoria Hatin
Director of Marketing & Sales
212-951-7302
vhatin@redatashield.com
Regulatory Requirements
Lender Requirements
ALTA Best Practices
September
2014 !
Lenders Already Requiring Compliance
Today’s
Environment
ALTA Best Practices
Escrow Best Practices
Adopt and maintain appropriate written procedures and controls
for Escrow Trust Accounts allowing for electronic verification of
reconciliation. These controls help meet client and legal
requirements for safeguarding client funds.



Daily Reconciliation Requirement
Positive Pay
File Balance Documentation
ALTA Best Practices
Electronic Verification Systems (EVS)
EVS compare items through electronic means to
ensure the validity of the item/ document being
submitted for review or analysis. Does the underlying
data held by the bank and accounting system support
the reconciliation results?
An electronic copy of a reconciliation statement is simply
another form of paper that cannot be analyzed for accuracy
Daily 3-Way Reconciliation
o #1 Defense Against Fraud
o Match Bank Balances to Book Balances
o 3rd way: Individual Settlement Files
 Each Settlement File = Sub Escrow Account
 Can’t take from Jones to pay for Smith
o Businesses Banking Regs Different
 “Online Posting - 24 hour rule”
 Transaction Notification
Written Procedures
Pre-Closing
File Balance
Check Endorsement
Good Funds v. Collected Funds
Deposit (In Transit = RESPA Violation)
Dealing with IRS Liens
Pacer Search – Patriot Search
FIRPTA
Training & Records
Written Procedures
Post Closing
Pacer Search
Ledger Card-File Balance-HUD
Check Payees
Check Signing & Wiring
Check Reissue
Stop Payment
Training & Records
Written Procedures
Settlement Software Controls
Permissions
Freeze Files
Logins
Industry Standard Software
Training & Records
Written Procedures
Unclaimed Property
Stale Dated Check Follow-up
Undisbursed funds
Escrow Agreements
Interpleading Funds
Escheatment
Training & Records
o What are the 3-4 greatest risks from
the outside?
o What are the greatest risks from
insiders?
 (Closers, Wi-Fi, computers, etc.)
o Verification and Validation
 Expect what you Inspect!
o What are the 3-4 greatest risks from
the outside?
o What are the greatest risks from
insiders?

(Closers, Wi-Fi, computers, etc.)
o Verification and Validation
 Expect what you Inspect!
Positive Pay
o Defense Against Check Fraud
Banking Software that matches:
Check #
Check Date
Dollar amount
Positive Pay
o Defense Against Check Fraud
Banking Software that matches:
Check #
Check Date
Dollar amount
Payee
Follow the Money
Follow-up after 3-4 days for:
Payoffs & Recordings
Follow-up after 10 days for:
Government entities (taxes)
Service providers (hazard and flood).
Follow up after 30 days for:
Disbursements greater than $1000.
Follow up after 45 days for all other disbursements.
Disburse Collected Funds
o Good
Funds ≠ Collected Funds
 Good Funds – Settlement
 Banking Regulation CC



Definition Only
Available Funds or Collected Funds
Expedited Funds Availability Act 1987
Collected Funds Irrevocably Credited
 Statute Definition v. Bank Definition
 Underwriter Guidelines
o Limit
Good Funds
 Illinois and North Dakota $50,000
 Indiana and Utah $10,000
 Your State ???
Settlement Funding Legislation Needed
Escrow Security
o Industry Software
o Administrative Controls
Ability to Limit Functions
Freeze Files
Written Procedures
o Segregation of Duties
o Daily Reconciliation
o Strong Passwords
o Dual Authentication
Cyber Security
o Secure Email Service
o Biometric Access Device
o Strong Passwords
 Master Passwords
o Internet Controls
o Firewalls
o Browser’s
o Training, Training, Training
CYBER ALERT - A New Variant
Zeus Botnet and Zero Access Rootkit
o Attack on Settlement Software




No Administrative Controls
Created Files
Transferred Funds
Posted Checks
o Daily Reconciliation Prevented
 Escrow Analysis
 Careful Review
 Potential Loss ~$2,000,000
CYBER ALERT - A New Variant
Zeus Botnet and Zero Access Rootkit
o NPPI Aspects
 >10,000 Settlement Files
 SSN’s
 Bank Account Numbers
 Investment Account Info
 Credit Card Numbers
o FTC Reporting Requirements?
Online Banking Requirements
NACHA & FBI Guidelines







Dedicated Stand Alone Computer
Banking Only Use
No Java – No Adobe – No Flash
Malware Protection
Automatic Updates
Strong Authentication
Dual Controls
Control Web Access
• Browser Selection





Avoid Internet Explorer (Personal Choice)
Speed - Security - Functionality
Active X for Closing Packages
Eliminate Advertising (Adblockplus.org)
Keep Plugins up to date
o
Java-Flash Player-Adobe Reader
• Firewalls & Routers
• Lockdown Computer Internet Access
Secure Email
o Encrypted Email




Protects NPPI
Sarbanes-Oxley Requirement
Lender Requirement
“Best Practices”
o Easy Affordable First Step
Who else is reading your email?
These pictures were taken in 1975, and kept in a folder in my attic for 38 years.
In April 2013, I scanned the pictures and emailed them to a friend in Florida
They were “on the web 5 days later”!
Latest Scam – “Revised wire instructions”
Nothing to be Learned
There is nothing to be learned
from the second kick of the mule!
Document Security:
Secure email delivery of
Non-Public Personal Information (NPPI)
About DataMotion
•
Founded in 1999
•
Headquarters – Florham Park, NJ
•
Industries served
•
•
•
Healthcare, Insurance, Financial Services, Legal Services,
State/Local Government, Manufacturing
Software and Service Solutions:
•
Secure Email, File Transfers, Workflows
•
Patented Solutions
•
Healthcare Direct Secure Messaging
Multiple deployment options:
•
Cloud, On-premise, and Hybrid
•
Over 5 million users
ALTA Best Practices
•
Pillar #3 specifies the use of “secure delivery methods when
transmitting Non-Public Personal Information.”
•
•
Non-Public Personal Information
•
social security number
•
driver’s license number
•
credit card number
•
other financial account number
Secure Electronic Delivery Solutions
•
Selective Email Encryption
•
Automatic Email Encryption
Unencrypted Email Content is Visible!
•
Travels the open internet on its way to
the recipient inbox
•
Many server to server ‘hops’ along
route
•
Content is viewable and can be stolen without your knowledge
•
Like sending private information on a
postcard
Headline: Thieves Steal Money Through
Email Fraud Scheme
Title Agents be Alert!
Hackers are targeting consumers and
stealing earnest money for upcoming
transactions……..
In this scheme, the fraudsters
intercept emails from title agencies
providing wire transfer information
for borrowers to transmit earnest
money for an upcoming
transaction.
Source:
https://www.alta.org/advocacy/news.cfm?newsID=24582
Selective Email Encryption from
Desktop and Mobile
•
•
•

$
Cut costs of faxes, printing,
postage, and courier services
Intuitive “Send Secure” Outlook button
Patented auto-provisioning of recipient inboxes
•
Minimize exposure to
regulatory violations, litigation
and penalties
Little to no end-user training
Detailed reporting for auditing purposes
Secure Data
Exchange
Automatic, Policy-Based Email &
File Encryption
• Monitor & filter all in/outbound email
• Increases compliance & reduces risk
• Scans 300+ attachment file types
• Pre-defined compliance rule sets

Minimize exposure to
regulatory violations,
litigation and penalties
$
Prevent data loss
Email Server
Secure Data
Exchange
Universal Access to SecureMail
From Mobile Devices
• Mobile-optimized web portal
• No app required
• Bring Your Own Device (BYOD) support
• Native mobile integration through
POP3/SMTP settings

Secure mobile access

Ease of use

Peace of mind
ALTA Best Practice #3. Done EZ!
•
DataMotion SecureMail delivers!
•
Exceptional ease of use for senders and
recipients
•
Encryption that works within your existing
email
•
•
Fully optimized mobile experience
•
•
no app required
Reduced costs
•
•
Outlook, Office 365, Google Apps
“I was very surprised with the ease of
the install and then the simplicity of
using the product. I was able to
demonstrate the process of secure
emailing to everyone in the office
within minutes and had no
problems. Thank you again for
making it simple.”
lower overnight delivery, fax, and printing
charges
Reduced need for IT support
Glendal E. McMullin, President, Independence
County Abstract Company, Inc.
Professional Title and Abstract services in the
Independence County / Batesville area for over
40 years.
“Can you afford Not to start now?”
The tables below illustrate approximate pricing
No. of Employees Real Estate Data Shield DataMotion ~Total Per Year
5 Employees
$500
$495
$1,375
10 Employees
$750
$990
$2,190
25 Employees
$1,500
$2,475
$3,975
50 Employees
$2,125
$4,950
$7,075
RynohLive
Closings per Month Cost per Closed File Max Cost per Month
Up to 25
$7.50
$187.50
26 - 50
$4.00
$287.50
51 - 75
$3.00
$362.50
76 - 100
$1.50
$400.00
100 +
$1.00
Note: There is a $75 minimum cost per month per agent
Check with your Title Insurance Underwriter to see if you are eligible for eligible for any promotional or preferred pricing opportunities.
Real Estate Data Shield pricing based on number of employees/ licensees
DataMotion pricing is an annual subscription based upon the number of employees/ licenses
CALL FOR A CUSTOMIZED PROPOSALBASED UN YOUR ACTUAL NEEDS