One of the biggest nightmares a Financial Institution faces today is with respect to unvetted personnel moving highly confidential information to and fro within insecure and unencrypted networks. In fact, this is occurring today with respect to some of the largest Mortgage Field Services Industry Order Mills. In fact, this is the main reason why they inevitably issue out guidance on how to address these issues. The dirty little secret, though, is that many Virtual Order Mills will gladly sell out the Rule of Law to capitalize on a quick dollar. How the process works is like this: A National Order Mill contracts with a Regional Order Mill to deliver work orders downstream which eventually will reach Labor whom will perform services upon federal properties. Both the Recruitment of Labor and the streaming of the work orders back up the pike is currently being carried out by Remote Contractors of what we generally refer to as a Virtual Order Mill.
How a VOM differs from a Brick and Mortar Order Mill is that they have no formal office. All of their tasks are carried out through an ad hoc network of Google Chat, Skype, Hotmail and Instant Messaging on Facebook, in some cases. The Virtual Order Mill thus gains an unfair and unjust economic advantage over their Brick and Mortar competitors in that they have absolutely no expenses directly related to things such as security compliance, security auditing, software licensing and in most cases there is absolutely zero technical writing to guide oversight and compliance with a myriad of local, county, state and federal laws such as the Privacy Act of 1974; the Bank Secrecy Act; and other laws, rules and regulations we will discuss over this Series.
The normal compliance thrust upon a Brick and Mortar Order Mill is not adopted by nor followed by any Virtual Order Mill Foreclosurepedia was able to identify. The fact of the matter is that the correspondence alone tallied up by simply the instant messaging systems running under Google are virtually impossible to store for a period of seven (07) years which is required by law. Add to this the simple fact that Remote Contractors are generally onboarded without the person ever being seen let alone being able to ensure such items as: The Operating System (OS) and whether or not the OS is regularly updated and has a bona fide license; whether anti virus software is implemented; the guarantee that the computer is being only used for Industry work; and in many cases whether or not the Remote Contractor even has a permanent residence.
Many financial companies maintain their own data centers but outsource backup to third party providers. Best practices call for this data to be synchronously (or regularly) backed up to secondary data centers and disaster recovery sites with high throughputs.
When financial networks connect to regional offices, partners, third party agents, or telecommuters, data security must be maintained. In some cases, data flows must be cryptographically segmented from each other and from other parts of the business for SEC compliance.
National Mortgage News touched on the topic with respect to mortgage servicers,
An employer would likely need to set up a secure VPN, encrypt data, provide its own terminal (with no internal storage, drives, printing capacity), institute a high level password, computer time-out and security measures, and initiate and constantly maintain other protections to ensure no files could be taken to, or in any fashion maintained, at the underwriters home. It would not be enough to merely issue a written security policy and expect an employee to follow it-the bank must protect against hackers, snoopy and dishonest spouses, repair-men in the underwriter's house, and people looking in the underwriter's trash can. Indeed, if an employer took a passive approach it could face significant fines even if no security breach occurred. If a security breach were to take place...well, let's just say we don't want to go there.
So, either the National Association of Mortgage Field Services (NAMFS) is correct in saying that Dodd - Frank as they choose to implement Background Checks or they are not. If they are and if we follow the train of thought that the Privacy Act of 1974 is alive and well with respect to keeping confidential the information pertaining to the home owner, then we must question the validity of allowing Remote Contractors to process any portion of the work order life cycle unless and until they submit to the same stringent guidelines which Brick and Mortar Order Mills must adhere to.
Nearly every U.S. and most European and Asian governments have their own data protection requirements, which include audit and fine structures. For financial companies, this means that companies that fail to protect their customers’ data will find a long line of auditors, regulators, and bureaucrats waiting to levy fines. Even in the absence of a breach, companies that fail to take steps to secure data are viewed as less desirable as business partners/vendors.
Foreclosurepedia recently submitted a Freedom of Information Act (FOIA) Request pertaining to the aforementioned,
Editor in Chief
PO Box 13
Blaine, TN 37709
May 12, 2015
Department of Housing and Urban Development
40 Marietta Street
Atlanta, GA 30303-2806
Fee benefit requested
Fee waiver requested
Dear FOIA Officer:
Pursuant to the federal Freedom of Information Act, 5 U.S.C. § 552, I request access to and copies of Laws, rules and regulations pertaining to the use of Remote Contractors (RC) whom process work orders on behalf of the US Department of Housing and Urban Development with specification to the Mortgage Field Services Industry. Specifically, requirements for encryption of information pertaining to the work order life cycle; the storage of samesaid and the period of time required; the transmission of aforementioned information over insecure wi fi in public areas; the use of computers which process aforementioned information while simultaneously engaging Google, Facebook, YouTube and other non Industry related material; the requirement for scheduled updating of the Operating System (OS) and whether anti virus software is required for the OS in Windows format; and whether the RC must have a permanent residence.
I would like to receive the information in email format.
As a representative of the news media I am only required to pay for the direct cost of duplication after the
first 100 pages. Through this request, I am gathering information on the protection of homeowner's
information within the Mortgage Field Services Industry that is of current interest to the public because there currently are no mechanisms implemented to do such with respect to the Virtual Order Mills I investigated over the past three (03) months. This information is being sought on behalf of Foreclosurepedia for dissemination to the general public. Foreclosurepedia is the Premiere Mortgage Field Services Industry Newswire. HUD is aware of whom we are.
Please waive any applicable fees. Release of the information is in the public interest because it will
contribute significantly to public understanding of government operations and activities. Currently, there is no publicly accessible guidance with respect to how Virtual Order Mills, as opposed to Brick and Mortar Order Mills, handle the processing of the entire work order cycle. Specifically, there is no ability for audit nor a system of checks and balances to protect, at minimum, the sanctity of the Privacy Act of 1974 with respect to homeowners.
If my request is denied in whole or part, I ask that you justify all deletions by reference to specific
exemptions of the act. I will also expect you to release all segregable portions of otherwise exempt material. I, of course, reserve the right to appeal your decision to withhold any information or to deny a waiver of fees. I would appreciate your communicating with me by email or telephone, rather than by mail.
Please provide expedited processing of this request which concerns a matter of urgency. As a Editor in
Chief, I am primarily engaged in disseminating information. The public has an urgent need for information about the lack of safety protocols to protect homeowner's information of foreclosed properties because currently there is no publicly identifiable information with respect to protocols nor the laws, rules and regulations pertaining to the protection of data within the work order cycle. I witnessed a plethora of violations, first hand, during my three (03) month investigation. This potential breach of information could likely impact the sanctity of Safe Houses used in Witness Protection; Debriefing of Defectors; and ultimately pose a clear and present danger to the National Security of the United States should personal and financial information be culled which could establish bona fide credentials such as passports. I certify that my statements concerning the need for expedited processing are true and correct to the best of my knowledge and belief.
I look forward to your determination regarding my request for expedited processing within 10 calendar days, as the statute requires.
Thank you for your assistance.
We additionally submitted this to several prominent foreclosure defense attorneys in both Florida and Pennsylvania. The responses will be available in the continuation of this Series. We further submitted, as a courtesy FYI, the subject matter to the Prime Vendors whom ...
The information you wish to view is restricted to Industry Insiders. Please consider Registering Here, and selecting Industry Insider, to gain access.