Data Privacy Day 2012: Not Necessarily a Cause for Celebration

Carriers, agents reminded of the threats to their data privacy

Businesses and consumers around the globe will observe Data Privacy Day on Saturday, Jan. 28, and at least one security expert is urging businesses to assess risk management practices that relate to data security and where they are able to make improvements.

Kevin Kalinich, global practice leader for cyber liability, Aon Risk Solutions, points out that new risks are being discovered constantly. He pointed to recent security breaches at Zappos, Sony, and the Carrier IQ mobile-device privacy controversy.

“What’s the balance you want for your insurance company between offering access to social media and interactive telecommunications vs. protection,” says Kalinich. “You can lock down devices so no one can get into the network, but are you losing sales or some potential new business? How do you balance these against the technology revolution with social media, mobile communications, cloud computing, and converged technology? If youdon’t enable [mobile devices] you are going to fall behind the competition.”

Aon Risk Solutions lists five important steps that companies should consider to safeguard data:

  1. Understand your obligations under law and applicable standards—Keep educated and aware of local, state, federal, and foreign regulations, as they are constantly evolving.
  2. Assemble a data security team and assess your data—In addition to determining the type and amount of personal data maintained, it is important to identify how data is collected, stored, used, and transmitted as well as understand potential threats to the company’s security (e.g. third-party vendors, such as cloud computing service providers).
  3. Develop data protection, privacy policies and procedures—The data security team should review existing policies and make them consistent with industry best practices. Social networking sites and related blogs pose new threats that must be considered.
  4. Control hardware and software—Laptops, PDAs, and other mobile devices present additional challenges. A data breach prevention program must assess and control exposures related to hardware and software used by company personnel.
  5. Review contracts—Update and negotiate services agreements to ensure privacy and security protections are embedded within the company’s relationships.

Kalinich believes insurers who have chief privacy officers, privacy offices, and IT security offices completely understand these issues and are well on their way to putting these or similar recommendations into their plans.

The issue, as he sees it, is implementation.

“You just can’t say here are our five steps and everybody needs to follow them,” says Kalinich. “How do you roll them out? How do you train and educate your people? Once you train them, how do you monitor them?”

Insurance carriers and brokers—particularly the bigger ones—have grown through M&A activity and with such growth inevitably comes the issue of legacy systems.

“There are legacy protocols and guidelines that are different [within a company],” says Kalinich. “[Aon Risk representatives] go in to do the due diligence for network risk insurance and most of the companies we visit can’t answer whether 100 percent of their laptops are encrypted.”

There are no magic software solutions to make the issue of data security go away, explains Kalinich.

“Most of these STEPS are in the way of policies and procedures,” he says. “Education and communication are important steps. You need to facilitate the discussion.”

Data Privacy Day began in January 2008 as an extension of Data Protection Day, observed in Europe. Among its many goals, Data Privacy Day promotes privacy awareness and education among businesses and consumers, focusing on privacy issues raised by the use of social networking sites, cloud computing, smartphones and other mobile devices as well as encouraging users to comply with existing privacy laws and regulations. It is sponsored by the National Cyber Security Alliance.

 

 

Page 1 of 2
Comments

Resource Center

View All »

Get $100 in leads with $0 down!

NetQuote's detailed, real-time leads have boosted sales for thousands of successful local agents across the...

The Growing Role of Excess & Surplus Lines in Today’s...

The excess and surplus market (E&S) provides coverage when standard insurance carriers cannot or will...

Increase Sales Conversion with this Complimentary White Paper

This whitepaper will share proven techniques - used by many of the industry's top producers...

D&O Policy Definitions: Don't Overlook These Critical Terms

Unlike other forms of insurance where standard policy language prevails, with D&O policies, even seemingly...

Environmental Risk: Lessons Learned from Willy Wonka and the Chocolate...

Whether it’s a chocolate factory or an industrial wastewater treatment facility, cleanup and impacts to...

More Data, Earlier: The Value of Incorporating Data and Analytics...

Incorporating more data earlier in claims lifecycles can help you reduce severity payments by 25%*...

How Many Of Your Clients Are At Risk Of Flood?

Every home is vulnerable to flooding. Learn four compelling reasons why discussing flood insurance with...

Gauging your Business Intelligence Analytics Capabilities and the Impact of...

Big Data, Data Lakes and Data Swamps, How to gauge your company's Big Data readiness....

Extending Contact Center Capabilities Across the Insurance Enterprise

Today advancements in technology are making a big impact on business and society. To yield...

Drug and Alcohol Testing Requirements

In this two-part series, NBIS Risk Management team will break down the requirements to assist...

Tech Digest eNewsletter

Technology related insights for insurance professionals including key developments, solution providers and news briefs from the carrier front – FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.