Navigation
Contact
Copyright © 2024 The Corcoran Law Group, LLC. All Rights Reserved.
SAFEGUARDS/ PRIVACY POLICIES AND INFORMATION SECURITY STANDARDS
We have appointed Kevin T. Corcoran, Esq. as the Program Coordinator of our Law Firm’s Information Security Program. The Program Coordinator is the Managing Partner of the Law Firm. In the event the Program Coordinator ceases to be employed by the Law Firm or is unable to perform his/her responsibilities, Donna Haraka, Office Manager shall take over the Responsibilities of the Program Coordinator until a new permanent Program Coordinator is appointed.
It is the Program Coordinator’s responsibility to design, implement and maintain privacy policies and information safeguard standards as he/she determines to be necessary from time to time. Specific responsibilities that have been delegated to the Program Coordinator include:
Identifying and assessing the risks to client/client’s-customer information in each relevant area of the Law Firm’s operation, and evaluating the effectiveness of current safeguards that have been implemented to control these risks. Designing and implementing privacy policies and information security standards that are appropriate for the size and complexity of our Law Firm and its operations, the nature and scope of our activities and the sensitivity of a client’s or the client/client’s-customer of a client’s information we are exposed to or collect, and store and share with others.
Regularly monitoring and testing the privacy policies and information security standards. Assisting with the selection of appropriate service providers that are capable of maintaining safeguards to protect the relevant client/client’s-customer information and reviewing service provider contracts to ensure that each contracts contain appropriate obligations with respect to the use of client/client’s-customer information and the implementation of safeguards.
Evaluating and adjusting the Law Firm’s Privacy Policies and Information Security Standards in light of relevant circumstances, including changes to the Law Firm’s operations, business relationships, technological developments and/or other matters that may impact the security or integrity of the Law Firm’s client/ client-client/client’s-customer information.
Pursuant to the USA Patriot Act and the Rules adopted by the Financial Crimes Enforcement Network (FinCEN), a Bureau under the Department of Treasury, the Program Coordinator will also be the contact person for Law Enforcement Agencies to communicate the names of suspected terrorists and money launders in an effort to locate and secure accounts and transactions involving those suspects. Upon receiving a request for information from FinCEN, the Program Coordinator will:
Provide FinCEN with his/her name, title, and appropriate contact information, such as a mailing address, email address, telephone number and facsimile number, and notify FinCEN promptly of any modifications with respect to contact information.
All new employees, as well as new independent contractors who perform services on behalf of the Law Firm, will: Be subject to satisfactory investigations, where appropriate. Only have access to client/client’s customer information if they have a business reason for seeing it. Participate in the Law Firm’s privacy policies and information security standards training instructions and maintain standard ethical law firm rules of Confidentiality. No file information, other than public record information may be disclosed without specific instruction to do so by the Attorney handling the file.
The following procedures will be implemented with respect to obtaining client/client’s client/client’s-customer information and verifying client/client’s-customer identities:
Forms utilized by the Law Firm and its clients request client/client’s-customer information, such as names, addresses, telephone numbers, birth dates, social security numbers, tax identification numbers, and driver’s license and insurance information, to enable the Law Firm to verify the identification of Client/Client’s client/client’s-customers. If the identification does not match, the transaction shall not continue.
Any copies of said identification or any private personal information and/or any such records will be disposed of by shredding with a licensed company
The following information security standards will be implemented in order to protect client/client’s-customer information collected and maintained by our Law Firm: Employees will have access only to that client/client’s-customer information which is necessary to complete their designated responsibilities. Employees shall not access or provide any other unauthorized person access to client/client’s-customer information that is obtained during the course of employment. Requests for client/client’s-customer information that are outside the scope of the Law Firm’s ordinary business or the scope of an employee’s authorization must be directed to the Program Coordinator or designated individuals.
All paper and electronic records will be stored in secure locations to which only authorized employees will have access. Any paper records containing client/client’s-customer information must be stored in a file or folder.
Paper records must be stored in an office, desk, or file cabinet that is locked when unattended. Electronic records will be stored on a secure server that is located in a locked room and is accessible only with a password. Where appropriate, records will be maintained in a fireproof file cabinet and/or at a secure offsite location. Client/client’s-customers, vendors and service providers shall not be left in an area with client/client’s-customer records.
Backups of the computers and/or server will be made at least once each day, or at more frequent intervals as deemed necessary. Backup disks will be removed each evening and remain in the possession of the Program Director/ Office Manager until the next business day when it will be returned to the Computer Room. An extra CPU/Server is maintained for disaster recovery.
Virus protection software has been installed on the computers and new virus updates will be checked at regular intervals. This is monitored by IT service provider offsite daily. Firewalls and security patches from software vendors will be downloaded on a regular basis.
All data will be erased from computers, disks, hard drives or any other electronic media that contain client/client’s-customer information before disposing of them and, where appropriate, hard drives will be removed and destroyed. Any paper records will be shredded and stored in a secure area until an authorized disposal/recycling service picks it up.
Employees will be instructed to log off of all Internet, E-mail and other accounts when they are not being used. Employees will not be permitted to download any software or applications to Law Firm computers or open e-mail attachments from unknown sources. Electronic records may not be downloaded to a disk or individual computer without explicit authorization from the Program Coordinator.
Electronic records will not be stored online and are not accessible from the Internet. If client/client’s-customer information is transmitted electronically over external networks, employees will be instructed to encrypt the information at the time of transmittal using CITRIX ShareFile.
Neither current nor former employees will be permitted to remove any client/client’s-customer information from the Law Firm, whether contained in paper records or electronic records, or to disclose our information security standards to any person without authorization from the Program Coordinator.
In order to protect the client/client’s-customer information our Law Firm encounters/collects, we will take steps to evaluate and oversee our service providers. The following evaluation criteria will be utilized in selecting service providers:
Compatibility and willingness to comply with the Law Firm’s privacy policies and information security standards and the adequacy of the service provider’s own privacy policies and information security standards.
Records to be maintained by the service provider and whether the Law Firm will have access to information maintained by the service provider.
The service provider’s knowledge of regulations that are relevant to the services being provided, including privacy and other consumer protection regulations.
Experience and ability to provide the necessary services and supporting technology for current and anticipated needs.
Functionality of any service or system proposed and policies concerning maintaining secure systems, intrusion detection and reporting systems, client/client’s-customer authentication, verification, and authorization, and ability to respond to service disruptions.
Service and support that will be provided in terms of maintenance, security, and other service levels. Financial stability of the service provider and reputation with industry groups, trade associations and other Law Firms.
Contractual obligations and requirements, such as the term of the contract; prices; software support and maintenance; training of employees; client/client’s-customer service; rights to modify existing services performed under the contract; warranty, confidentiality, indemnification, limitation of liability and exit clauses; guidelines for adding new or different services and for contract re-negotiation; compliance with applicable regulatory requirements; records to be maintained by the service provider; notification of material changes to services, systems, controls and new service locations; insurance coverage to be maintained by the service provider; and use of the Law Firm’s data, equipment, and system and application software.
The right of the Law Firm to audit the service provider’s records, to obtain documentation regarding the resolution of disclosed deficiencies, and to inspect the service provider’s facilities.
Service Providers will be required to agree contractually to be responsible for securing and maintaining the confidentiality of client/client’s-customer information, including agreement to refrain from using or disclosing the Law Firm’s information, except as necessary to or consistent with providing the contracted services, to protect against unauthorized use or disclosure of client/client’s-customer and Law Firm information, to comply with applicable privacy regulations, and to fully disclose breaches in security resulting in unauthorized access to information that may materially affect the Law Firm or its client/client’scustomers and to notify the Law Firm of the services provider’s corrective action.
Service providers will be subject to ongoing assessment to evaluate their consistency with selection criteria, performance and financial conditions, and contract compliance.
The Program Coordinator will implement audit and oversight procedures as he/she deems necessary to detect the improper disclosure or theft of client/client’s-customer information and to ensure that employees, independent contractors and service providers are complying with our Law Firm’s Privacy Policies and Information Security Standards.
If the Law Firm’s Privacy Policies and Information Security Standards are breached, the The Program Coordinator and Office Manager will take appropriate steps to notify service providers and client/client’s-customers of any breach, damage or loss of information and the risks associated with the same and will immediately take measures to limit the effect of the breach, identify the reason for the breach and implement procedures to prevent further breaches.
In the event of a breach, or at any other time as the Program Coordinator deems appropriate, the Program Coordinator may modify or supplement our Law Firm’s Privacy Policies and Information Security Standards.
Effective July 1, 2001, the Financial Services Modernization Act of 1999, more commonly know as the “Gramm-Leach-Bliley Act”, requires “financial institutions” that collect nonpublic personal information about client/client’s-customers who obtain a “financial product or service” to: (1) Implement privacy policies and procedures to protect the information they collect; and (2) Provide their client/client’s-customers with certain notices, including an Initial Privacy Policy Notice and, if applicable, an Annual Notice. In addition, as of May 23, 2003, any financial institution that collects personal information from their client/client’s-customers must comply with the Federal Trade Commission’s Safeguards Rule, which requires financial institutions to develop a written information security plan that describes their program to protect client/client’scustomer information. Although The Corcoran Law Group, LLC is NOT a Financial Institution, we do represent Financial Institutions and therefore we choose to comply with the required rules for purposes of the Gramm-Leach-Bliley Act and the Federal Trade Commission’s Implementing Rules. As a condition of each person’s employment with the Law Firm, each person must agree:
1. They have read the “Statement of Privacy Policies and Information Security Standards” and familiarized themselves with the information contained therein.
2. They agree to follow our procedures for providing a copy of our Privacy Policy to each client/client’s-customer.
3. They will follow our procedures for safeguarding and protecting client/client’s-customer information in accordance with our “Statement of Privacy Policies and Information Security Standards”.
24 Newark Pompton Turnpike, Suite 205
Little Falls, NJ 07424
ktc@corcoranlawgroup.com
Dear Valued Client or Customer of our Bank/Mortgage Lender/Broker Client:
Congress enacted the Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act, which brought a number of changes to the financial services industry. Among other things, law firms, like The Corcoran Law Group, LLC, that provide review/settlement/escrow agent services for real estate refinances/purchases are required to periodically communicate information concerning their privacy policies to customers of the lenders we represent. Accordingly, the following sets forth information about The Corcoran Law Group, LLC and our privacy policy.
The Corcoran Law Group, LLC strongly believes in protecting the confidentiality and security of information we received about you. This notice refers to The Corcoran Law Group, LLC by using the terms Aus@, Awe@, and Aour@. This notice describes our privacy policy and describes how we treat the information we receive (Ainformation@) about you.
We receive and use information in order to carry out our legal/settlement/escrow agent duties for your financing transaction in connection with your purchase or refinance of real estate or other transaction regarding our real property.
In instances where we represent you as a client and do not represent the Lender, we handle that relationship as attorney-client and observe all confidentiality duties regarding all information received as governed by the Rules of Ethics for the States where we are providing legal services.
In instances where we represent the Lender as their attorney or act as Settlement Agent/Escrow Agent, we collect personally identifiable information about you from the following sources:
We do not disclose any personally identifiable information about our clients/customers or former clients/customers to anyone, except as required or permitted by law.
We restrict access to personally identifiable information about you to those employees who need to know that information in order for us to provide services to you. We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your personally identifiable information.