Client Information Security Helping Organizations Protect Private Client Data

Protect Client Information

On September 1, 2009, Portland insurance agent Robert Spruill of Brooke Auto Insurance consented to a Cease and Desist order from the Oregon Department of Insurance. Spruill had not properly disposed of business records that contained sensitive client information.

According to the order, “On or before April 28, 2009, Spruill discarded over 1,000 insurance business records and/or other documents related to insurance transactions of Brooke Auto and Brooke Corporation into an unlocked garbage dumpster.”

“At the time he discarded the documents, Spruill had not developed reasonable safeguards to protect the security, confidentiality, and integrity of the personal information or data collected or acquired in the course of conducting his business, including disposal of that data.”

In his defense Spruill said that when he inquired of local police and the state of Oregon insurance division back in the fall of 2008, no one told him that discarding these records was wrong. Spruill was hit with an $11,000 fine. Fortunately for Spruill, $8,500 of that fine was suspended as long as he complied with the requirement of creating and implementing a client security policy for his agency.

It may seem obvious that you should never discard unshredded documents into an open and unlocked dumpster at the back of your office. Still, don’t be too smug. Do your producers have unencrypted laptops that are left in locked cars that could be stolen? Could employees take home files with sensitive client information in them even though doing so is against company policy?

Sensitive client information is the most radioactive element in today’s agencies. If leaked, it can cause serious repercussions to an agency’s reputation and brand, loss of revenues, loss of customers, regulatory or legal action, and damage to employee relationships. In the last 10 years, the need for client information security to be integrated into the overall risk management of every organization across the globe has increased tremendously.

The insurance industry deals with sensitive and personal client information. Client records contain data that include financial information, medical histories, birth dates, driver’s license numbers, and Social Security numbers. Such confidential data has to be protected at all times—during storage, access, transmission, and destruction—or the organization risks serious losses.

More than 88% of all data breach cases involve employee negligence. In 2008, data breach and information breach incidents cost U.S. companies $202 per compromised customer record. These costs include civil and regulatory penalties, administrative expenses, legal liability, defense costs, and cost of future business due to loss of customer confidence. Not only that, according to Factiva, a Dow Jones company, media coverage of companies that suffered an information security breach accounted for more than half the stories written about those companies.

Seventy percent of customers state they would consider moving their business if they became victims of a data breach. Clients today expect strong security practices from all companies they do business with. The way a business copes with these expectations decides whether the company survives or not.

Client information security should be a concern for every agency, regardless of size. Check out The Anderson Report on Client Data Security for some tools to help you start or enhance your security process.