1. Mortgage Acts and Practices—Privacy and Safeguard Policy and Procedures

1.1. Purpose

US Mortgage Lenders maintains this policy in order to comply with all state and federal privacy laws and regulations. At a minimum, US Mortgage Lenders complies with the following privacy laws in accordance to the Gramm-Leach Bliley Act. US Mortgage Lenders is committed to ensuring all customers private and sensitive information is handled, stored, and destroyed in compliance with GLB privacy rule and will provide training to its employees on these requirements on a frequent and regular basis. Customer information is defined as any information about a customer, whether publicly available or not.

1.2. Scope of Policy

This policy applies to any employee of US Mortgage Lenders. Failure to comply may result in immediate termination. Thomas Martin, Compliance Officer, is designated to oversee the implementation of this policy and will work closely with the employees of US Mortgage Lenders to see that it is followed.

1.3. Privacy and Safeguard Practices

US Mortgage Lenders takes the following privacy actions:

• Perform reference or background checks before hiring employees who will have access to customer information.
• Ask new employees to sign a confidentiality and security standards for handling customer information agreement. Limit access to customer information to employees who have a business reason to see it.
• Store laptops, PDAs, cell phones, or other mobile devices that are used for company use in a secure place when not in use and ensure they are password protected in order to obtain access.
• Use “strong” passwords on any device that may contain Customer Information and password changes on a regular basis.
• Depositing any documents with Customer Information into shredding bins only.
• Trained employees to take basic steps to maintain the security, confidentiality, and integrity of customer information, including:
  • Locking rooms and file cabinets where records are kept; o Locking any device (computer, laptop, cellphone, etc) that is used for business purposes in the event of stepping away from it;
  • Not sharing or openly posting employee passwords in work areas; o Encrypting sensitive customer information when it is transmitted electronically via public networks;
  • Referring calls or other requests for customer information to designated individuals who have been trained in the safeguards of personal data; and o Reporting suspicious attempts to obtain customer information to a manger or to Thomas Martin.
  • Terminated employees will have their access to customer information immediately deactivated by changing their passwords and user names to all company US Mortgage Lenders Privacy 4 information systems, programs and email accounts, as well as taking other appropriate measures.

US Mortgage Lenders abides by the following practices to protect their consumers:

• US Mortgage Lenders does not sell Customer Information.
• US Mortgage Lenders does not share Customer Information with affiliates or nonaffiliates.
• US Mortgage Lenders does not keep Customer Information that is not necessary to accomplish its business goals.
• Any request from a borrower to any US Mortgage Lenders employee, who requests to have their information removed from a call or email list, is immediately removed from said list.

In accordance with US Mortgage Lenders’s Privacy Statement, Customer Information is only shared:

• For our everyday business purposes, such as to process transactions, maintain accounts, respond to court orders and legal investigations, or to report to credit bureaus.
• For our marketing purposes to offer products and services to our Customers.

1.4. Information Systems

In accordance with the Gramm-Leach Bliley Act (16 CFR Part 14), US Mortgage Lenders provides security and safeguarding throughout the life cycle of customer information, from data entry to data disposal by:

Securing transmission of customer information:

• When transmitting credit card information or other sensitive financial data, a secure connection is used, so that the information is protected in transit.
• Customers are cautioned against transmitting sensitive data, such as account numbers, via email or in response to an unsolicited email or pop-up message.
• If sensitive data is sent via email over the Internet, the data is encrypted.

In accordance with Federal Trade Commission Rule on Privacy of Consumer Financial Information (16 CFR Part 682), proper disposal of all sensitive data , including but not limited to, consumer information, credit reports, account numbers, etc., US Mortgage Lenders:

• Conducts destruction of data/documents monthly, on-site at US Mortgage Lenders and is done so by using a mechanical shedding device.
• Electronics and computers are destroyed on-site by an IT Contractor. In the event of breach of customer information, US Mortgage Lenders will: US Mortgage Lenders Privacy 5
  • notify affected customers if their personal information was subject to the breach;
  • notify law enforcement if the breach could involve criminal activity or there is evidence that the breach has resulted in identity theft or related harm;
  • notify the credit bureaus and other businesses that may be affected by the breach.