Data Privacy Day 2012: Not Necessarily a Cause for Celebration

Carriers, agents reminded of the threats to their data privacy

Businesses and consumers around the globe will observe Data Privacy Day on Saturday, Jan. 28, and at least one security expert is urging businesses to assess risk management practices that relate to data security and where they are able to make improvements.

Kevin Kalinich, global practice leader for cyber liability, Aon Risk Solutions, points out that new risks are being discovered constantly. He pointed to recent security breaches at Zappos, Sony, and the Carrier IQ mobile-device privacy controversy.

“What’s the balance you want for your insurance company between offering access to social media and interactive telecommunications vs. protection,” says Kalinich. “You can lock down devices so no one can get into the network, but are you losing sales or some potential new business? How do you balance these against the technology revolution with social media, mobile communications, cloud computing, and converged technology? If youdon’t enable [mobile devices] you are going to fall behind the competition.”

Aon Risk Solutions lists five important steps that companies should consider to safeguard data:

  1. Understand your obligations under law and applicable standards—Keep educated and aware of local, state, federal, and foreign regulations, as they are constantly evolving.
  2. Assemble a data security team and assess your data—In addition to determining the type and amount of personal data maintained, it is important to identify how data is collected, stored, used, and transmitted as well as understand potential threats to the company’s security (e.g. third-party vendors, such as cloud computing service providers).
  3. Develop data protection, privacy policies and procedures—The data security team should review existing policies and make them consistent with industry best practices. Social networking sites and related blogs pose new threats that must be considered.
  4. Control hardware and software—Laptops, PDAs, and other mobile devices present additional challenges. A data breach prevention program must assess and control exposures related to hardware and software used by company personnel.
  5. Review contracts—Update and negotiate services agreements to ensure privacy and security protections are embedded within the company’s relationships.

Kalinich believes insurers who have chief privacy officers, privacy offices, and IT security offices completely understand these issues and are well on their way to putting these or similar recommendations into their plans.

The issue, as he sees it, is implementation.

“You just can’t say here are our five steps and everybody needs to follow them,” says Kalinich. “How do you roll them out? How do you train and educate your people? Once you train them, how do you monitor them?”

Insurance carriers and brokers—particularly the bigger ones—have grown through M&A activity and with such growth inevitably comes the issue of legacy systems.

“There are legacy protocols and guidelines that are different [within a company],” says Kalinich. “[Aon Risk representatives] go in to do the due diligence for network risk insurance and most of the companies we visit can’t answer whether 100 percent of their laptops are encrypted.”

There are no magic software solutions to make the issue of data security go away, explains Kalinich.

“Most of these STEPS are in the way of policies and procedures,” he says. “Education and communication are important steps. You need to facilitate the discussion.”

Data Privacy Day began in January 2008 as an extension of Data Protection Day, observed in Europe. Among its many goals, Data Privacy Day promotes privacy awareness and education among businesses and consumers, focusing on privacy issues raised by the use of social networking sites, cloud computing, smartphones and other mobile devices as well as encouraging users to comply with existing privacy laws and regulations. It is sponsored by the National Cyber Security Alliance.

 

 

Page 1 of 2
Comments

Resource Center

View All »

Complimentary Case Study: Helping achieve your financial goals By:...

Find out how a Special Investigation Union used TLOxp to save the company money and...

Do Your Clients Hold The Right CDL License?

Learn about the various classes of CDL Licenses and the industries that are impacted by...

Integrated Content & Communications: A Key Business Issue For Insurers

Insurers are renewing their focus on top line growth, and many are learning that growth...

High Risk Insurance Coverage in the E&S Market

Experts discuss market conditions, trends and projected growth in a rapidly changing niche.

Top E-Signature Security Requirements

This white paper covers the most important security features to look for when evaluating e-signatures...

EPLI Programs Crafted Just For Your Clients

Bring us your restaurant clients, associations and other groups and we’ll help you win more...

Is It Time To Step Up And Own An Agency?

Download this eBook for insight on how to determine if owning an agency is right...

Claims - The Good The Bad And The Ugly

Fraudulent claims cost the industry and the public thousands of dollars in losses. This article...

Leveraging BI for Improved Claims Performance and Results

If claims organizations do not avail themselves of the latest business intelligence (BI) tools, they...

Top 10 Legal Requirements for E-Signatures in Insurance

Want to make sure you’ve covered all your bases when adopting e-signatures? Learn how to...

Tech Digest eNewsletter

Technology related insights for insurance professionals including key developments, solution providers and news briefs from the carrier front – FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.