Client Data Security

NASHVILLE, Tenn. (January 6, 2010)—“Information is the most radioactive element in today’s businesses,” says Steve Anderson of The Anderson Agency Report in his most recent business guide for independent insurance agencies, called Client Information Security.

Anderson’s report highlights that more than 88% of client data breach cases last year involved employee negligence and that 84% of cases involved organizations with more than one incident. The average, total, per-incident cost of a breach was nearly $6.7 million, including civil and regulatory penalties, administrative expenses and legal defense costs.

Insurance agencies of all sizes are treasure troves of personal client data, and they need to establish effective protective barriers and appropriate responses in case there is a breach. Client Information Security provides agency leaders with the information they need to identify and prioritize their vulnerabilities.

The report provides a walk through the agency’s “weak links,” including employee malpractices and negligence, theft of equipment, and external attacks, such as hacking. It aids the agency in categorizing what data to protect and gives more than 20 detailed steps on how to get a data-breach security plan up and running. Anderson provides a convenient, at-a-glance method for classifying risks and incidents in a graphic depiction that can be used to track, analyze and document compliance with a security plan.

Anderson gives insights into surprising areas of vulnerability, such as the problem of “reverse shredding” of documents, and how to foil hardcopy data thieves. He also goes into substantial detail on dealing with an incident from original, internal discovery to notification of authorities, gathering of evidence, damage control and corrective action.

Client Information Security goes beyond treatment of personal data, addressing corporate data held at agencies as well. It not only helps the agency with its data but makes agency members smarter about risk management and insurance resources for their own clients. Security breach laws are covered in their own section, and a state-by-state summary and “further resources” section round out the comprehensive report. To find out more or order a copy, visit http://www.ClientInformationSecurity.com/.

The report can be purchased at www.ClientDataSecurity.com.

About Anderson: Based in Nashville, Tenn., Steve Anderson (www.SteveAnderson.com) is one of the insurance industry’s top consultants and speakers. He delivers keynote addresses, lectures, seminars and conference programs, in addition to individual agency consultations, helping clients maximize productivity and profits by smart use of technology. He is executive editor of The Anderson Agency Report (TAAR), a monthly newsletter dedicated to providing independent agents with the technology information they need to more effectively manage and grow their agencies. In addition to being a licensed independent agent for more than 30 years, Steve has a master’s in Insurance Law.

According to 2008 claim data compiled by Travelers, burglary and theft of wallets, purses, and personal computers provide thieves the best opportunity to gain access to personal information. In instances where the victim knew their identity had been stolen, it was the result of personal property being stolen nearly 78% of the time. Travelers identifies the following as the top known causes of identity fraud:

• 78%—burglary and theft of wallet/purse/personal identification/computer
• 14%—online or data breach
• >5%—change of address/postal fraud
• 3%—lost credit card and other miscellaneous causes

More than 75% of the time, criminals use stolen information to open new credit card accounts or use the existing credit cards to make charges. Twenty percent of identity thieves will withdraw money from existing checking, savings, and online accounts and 16% open utility accounts in the victim’s name.

Steps you can take to protect your identity include guarding Social Security numbers and financial information and shredding documents such as receipts, credit/insurance applications, and bank statements.

Travelers Identity Fraud Expense Coverage is available as an endorsement on their homeowner’s policy for $25 annually and offers protection up to $25,000 with no deductible. Check with the companies you represent to see what coverage is available. This coverage is a great opportunity to educate your clients and offer them broader coverage for a small premium.

According to the order, “On or before April 28, 2009, Spruill discarded over 1,000 insurance business records and/or other documents related to insurance transactions of Brooke Auto and Brooke Corporation into an unlocked garbage dumpster.”

“At the time he discarded the documents, Spruill had not developed reasonable safeguards to protect the security, confidentiality, and integrity of the personal information or data collected or acquired in the course of conducting his business, including disposal of that data.”

In his defense Spruill said that when he inquired of local police and the state of Oregon insurance division back in the fall of 2008, no one told him that discarding these records was wrong. Spruill was hit with an $11,000 fine. Fortunately for Spruill, $8,500 of that fine was suspended as long as he complied with the requirement of creating and implementing a client security policy for his agency.

It may seem obvious that you should never discard unshredded documents into an open and unlocked dumpster at the back of your office. Still, don’t be too smug. Do your producers have unencrypted laptops that are left in locked cars that could be stolen? Could employees take home files with sensitive client information in them even though doing so is against company policy?

Sensitive client information is the most radioactive element in today’s agencies. If leaked, it can cause serious repercussions to an agency’s reputation and brand, loss of revenues, loss of customers, regulatory or legal action, and damage to employee relationships. In the last 10 years, the need for client information security to be integrated into the overall risk management of every organization across the globe has increased tremendously.

The insurance industry deals with sensitive and personal client information. Client records contain data that include financial information, medical histories, birth dates, driver’s license numbers, and Social Security numbers. Such confidential data has to be protected at all times—during storage, access, transmission, and destruction—or the organization risks serious losses.

More than 88% of all data breach cases involve employee negligence. In 2008, data breach and information breach incidents cost U.S. companies $202 per compromised customer record. These costs include civil and regulatory penalties, administrative expenses, legal liability, defense costs, and cost of future business due to loss of customer confidence. Not only that, according to Factiva, a Dow Jones company, media coverage of companies that suffered an information security breach accounted for more than half the stories written about those companies.

Seventy percent of customers state they would consider moving their business if they became victims of a data breach. Clients today expect strong security practices from all companies they do business with. The way a business copes with these expectations decides whether the company survives or not.

Client information security should be a concern for every agency, regardless of size. Check out The Anderson Report on Client Data Security for some tools to help you start or enhance your security process.

Here's just one example, in one state. On September 22, 2009, an insurance agency in Oregon was fined $11,000 by the State of Oregon Insurance Division for not properly disposing of private client data.

In How to Protect Your Agency from the Consequences of a Client Information Security Breach, I share the foundational information and specific steps you need to know in order to protect your agency. I show you exactly what it takes — step by step — to make sure you properly protect your client information.

Specifically, I reveal how to:

• Understand exactly what will happen if client data is compromised in your agency. Determine what data needs protection.
• Use the C-I-A criteria to classify information based on its confidentiality value.
• Create a data security plan.
• Take the 7 simple but essential steps to protect client data.
• Create scaled-down information storage so you only keep what you really need.
• Complete an information risk assessment to find out where your agency stands.
• Formulate policies and procedures that can be relied upon immediately if a breach should occur.
• Take the appropriate but often overlooked steps to physically secure your premises.
• Properly dispose of sensitive data after your need to use it expires.
• Conform to the reporting requirements mandated by state law if a data breach occurs.
• Evaluate the responsibility of third-party providers who use private client information.
• Examine insurance policies to determine what is covered and what is not covered in the event of a data security breach (in this case, not knowing could be your greatest nightmare).

In addition, How to Protect Your Agency from the Consequences of a Client Information Security Breach contains an executive summary of the 45 state laws along with a link to the actual state statute. A separate section contains application and sample policy information from many of the insurance companies that currently provide an insurance policy that provides coverage for a client data security breach. These two sections alone will save you hours of time spent researching these details.

Some colleagues suggested that I should charge $400-500 for How to Protect Your Agency from the Consequences of a Client Information Security Breach — not based on the page count (even though it is over 80 pages long) — but on the specialized information it contains and how much time and money it will save your agency in setting up an effective Client Data Security Program. "It's a minuscule investment," they argued, "compared to the results it produces."

However, I decided to offer this one of a kind special report for just $199. I may raise the price later, but for right now, I would rather make this timely and critical information available to as many agencies as possible at an affordable price.

My Money-Back Guarantee: If you don't find How to Protect Your Agency from the Consequences of a Data Security Breach helpful and worth every penny you paid for it, I will promptly refund your money. No questions asked.

Could you find similar information for free on the Internet? Yes, possibly. You could likely distill it from multiple sources on the topic after spending innumerable hours researching for trustworthy information. But why wade through all of that? What's your time worth? I have already done the heavy lifting for you. Your time is better spent doing those things that only you can provide for your agency.

I have done the research and come up with solutions that you can implement immediately. If my experience is worth $199 to you, then Click on the button below and let's get started!