e o risk management meeting the challenge of change
Skip this Video
Download Presentation
E&O Risk Management: Meeting the Challenge of Change

Loading in 2 Seconds...

play fullscreen
1 / 11

E&O Risk Management: Meeting the Challenge of Change - PowerPoint PPT Presentation

  • Uploaded on

E&O Risk Management: Meeting the Challenge of Change. Limiting Exposures to Data Breaches. INTRODUCTION. Insurance agents collect, use, and store personally identifiable information on a daily basis

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'E&O Risk Management: Meeting the Challenge of Change' - ave

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
e o risk management meeting the challenge of change

E&O Risk Management: Meeting the Challenge of Change

Limiting Exposures to Data Breaches


Insurance agents collect, use, and store personally identifiable information on a daily basis

Agents face exposure to both regulatory penalties and potential first and third party liability for breaches of data.

Liability from cyber-attacks is on the rise and the media is constantly reporting on companies being hacked, exposing protected personal information.


Risks include physical risks, such as:

  • Discarding protected personal information without it being properly shredded
  • Computers, fax machines and printers being discarded without thoroughly removing stored personal information;
  • Physical agency break-ins where the entire agency server is stolen.

Perhaps the largest security risk arises from employee mistakes that often result from the failure to properly train them on agency procedures to protect the privacy of protected personal information.

good business the law

Agencies have an obligation to secure protected personal information whether it is in electronic or paper form and to dispose of it appropriately

data breach exposures legal responsibilities
Data Breach ExposuresLegal Responsibilities

Fair Credit Reporting Act (FCRA)

Gramm-Leach-Bliley Act (GLBA)

Health Insurance Portability and Accountability Act (HIPAA)

Various state laws (at least 29 states) require reporting of security breaches…“Security Breach Notification Chart”:http://www.perkinscoie.com/statebreachchart/

These laws effectively require agencies to implement security plans, conduct training, and do security audits

data breach exposures data breach costs
Data Breach ExposuresData Breach Costs

Average cost estimated to be $214 per record, or about $250K for the average agency

  • Direct Costs
    • Cost to handle breach…legal fees, consultants, implementing new technology and training
    • Cost to notify and remediate affected parties
  • Indirect Costs
    • Loss of trust of customers
    • Damage to reputation in the community
data breach exposures identify data at risk
Data Breach ExposuresIdentify Data at Risk

Paper files in cabinets and on desks in premises

Archived files (paper and electronic) outside premises

Computer hard drives, laptops, cell phones, CDs, USB drives, agency management system providers, carriers, call centers, etc.

data breach exposures identify physical threats
Data Breach ExposuresIdentify Physical Threats

Majority of breaches occur from stolen or lost devices

Secure the building, server room, and file cabinets

Screen cleaning crews

Immediately prevent access to data when employees leave

Practice sound password security

Limit personal information on mobile devices

data breach exposures identify virtual threats
Data Breach ExposuresIdentify Virtual Threats


Secure WiFi connections

Virus and malware protection

Secure data backups and archived files

Connect remotely via SSL/VPN connections

Use secure SSL connections (https) to collect data

Secure email with Transport Layer Security (TLS)

limit your risk

Only keep the data you need and for only the length of time that you need it

Have written guidelines and training regarding employee use of all protected consumer information

Have written mandatory procedures in place for the proper disposal of sensitive information.