Risk managers' role grows along with theft threats.
Over the past year and a half, risk managers have been taking a larger role in companies as they choose potential partners to outsource business to, said Brad Gow, vice president of Ace USA Professional Risk.
"They are creating the awareness that this is the risk managers' problem. The ultimate job of the risk manager is to look at threats to the company's balance sheet, to find ways to manage the risk, and when appropriate, to transfer the risk," Gow said. "In the past, everyone pointed to the [information technology department] and said it's their responsibility to make sure it's done right."
Both state and federal lawmakers are continuing to strengthen regulations on organizations that collect, store and process sensitive consumer and business data. Five states have passed data breach disclosure laws similar to the first legislation adopted by California in 2003. At the state level, at least 50 consumer notification bills have been introduced and support is building for federal legislation, Gow said.
Companies are responsible for protecting their data, even when it is in the hands of a third-party vendor, Gow said.
"These data breaches and loss of control over the company and customer information is really and truly hurting companies," Gow said. "It's harming their balance sheet. Making sure the risk manager has a scat at the table is step one. Step two is making sure the company has a records and information management program documented, in place and being followed."
Ace suggests companies use the following tactics for ensuring data integrity and minimizing loss and liability:
* Ask bow frequently a vendor's security procedures and processes undergo an independent assessment and how quickly action is taken to correct any deficiencies.
* Demand that vendor candidates prove themselves capable of protecting sensitive consumer data.
* Encrypt data at the front end, before it is exported, which has been proven to deter fraudulent data use.
* Make sure the vendor complies with legal and regulatory standards.
* Make sure the vendor runs criminal background checks on its employees.
* Ask potential shipping vendors to detail the technologies they use to monitor access to data and track its location.
* Make sure the vendor carries an adequate amount of professional and cyber-liability insurance.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||consumer data security management|
|Comment:||Risk managers' role grows along with theft threats.(consumer data security management)|
|Date:||Sep 1, 2005|
|Previous Article:||Join the game: 'My Ex-Broker' offers risk managers a tongue-in-cheek way to kiss their worries good-bye.|
|Next Article:||Traffic safety study: speeders are higher risks.|