Companies and agents may face increase of security breaches.
Christenson said about 40% of his Arizona-based firm's business is handling security breaches for companies--a problem that is increasingly common.
"One of the things we're seeing is a spate of breaches in agent offices," Christenson said.
During these breaches, policyholder files are all that's being stolen, he said. This points to one thing--identity theft. "There's no reason to take policyholder files unless you're stealing identities," Christenson said. "We're seeing a lot of that. Agents need to be careful and need to learn to protect their files."
If policyholder files are taken from an agent, the insurance company the agent works for is likely to be held responsible for the lost data, Christenson said. "It is starting to cost a lot," he said. "Companies could be impacted by lawsuits in case of a breach."
One thing companies can do to protect themselves from this exposure is to ensure they are compliant with the most stringent state statutes that govern security breaches and file theft, Christenson said. "That's really what has become the national guideline," he said, even though breach notification laws differ from state to state.
There are 31 state security breach notification laws, with California's being mimicked most often around the country. The California law says the data owner or licensor is responsible for notifying individuals when there has been a compromise. Another provision says any person or business that maintains computerized data that has been subject to unauthorized acquisition needs to notify the data owner or licensor.
Earlier this year, a file server containing the personal information of 930,000 people was stolen from American International Group Inc., raising questions about data-breach liability. Experts said liability issues depend on a number of factors, including who held the data and for how long; what type of information was contained in the application; the terms of agreement between the prospective customer and intermediary; the source of the application; and the technology contract, if any, between the carrier and the intermediary.
Certain federal laws designed to safeguard customers' nonpublic, personal information already apply to insurance. Confidential medical information, for example, is governed by the Health Insurance Portability and Accountability Act, while the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act protect the use and dissemination of other nonpublic, personal information.
Technology Notes is compiled by Senior Associate Editor Lori Chordas.
|Printer friendly Cite/link Email Feedback|
|Date:||Dec 1, 2006|
|Previous Article:||Selective Insurance receives Productivity Management Award.|
|Next Article:||BlueCross BlueShield of Tennessee and Caremark Rx Inc. recently announced enhancements to the Caremark iScribe electronic prescribing program in an...|