The Acquirer Fall Edition 2018

Continued on page 3 2 | The Acquirer With increases in cyber-attacks, identity theft, and threats to personal information and security around the world, we wish to provide you with information about how ORC is working to safeguard the personal information of our clients, property owners and others who trust us with their personal information. Generally, Personally Identifiable Information (PII) is any data that could potentially identify a specific individual. Non-public PII includes a first name, or initial, and last name plus one of the following: (i) social security number, (ii) driver’s license number or state identification card number, (iii) financial account information (bank account number, credit card, etc.), or (iv) medical history. Companies that are trusted with any combination of this information are at risk for cyber-attacks, phishing, ransomware schemes, or more. This risk is multiplied when storing or transmitting any of this information over the internet. To protect all those we serve, we strive to implement best practices and policies to protect our PII. Specific requirements vary from state-to-state and are sometimes industry-specific. ORC has compiled a list of best practices from federal legislation and regulations, state statutes, federal handbooks, and other guidelines. We recommend that all companies consider the following best practices for PII protection: • Implement a written security plan for PII for employees to follow which should include at a minimum the following: • Collect PII only when necessary and authorized to accomplish the business mission. PROTECTING PERSONALLY IDENTIFIABLE INFORMATION (PII) by Chris Castellano, VP of Information Technology