Printer Friendly

Risk managers' role grows along with theft threats.

A string of high-profile, highly publicized thefts of consumer data this year has put more pressure on risk managers to protect their companies' data and reputation.

Over the past year and a half, risk managers have been taking a larger role in companies as they choose potential partners to outsource business to, said Brad Gow, vice president of Ace USA Professional Risk.

"They are creating the awareness that this is the risk managers' problem. The ultimate job of the risk manager is to look at threats to the company's balance sheet, to find ways to manage the risk, and when appropriate, to transfer the risk," Gow said. "In the past, everyone pointed to the [information technology department] and said it's their responsibility to make sure it's done right."

Both state and federal lawmakers are continuing to strengthen regulations on organizations that collect, store and process sensitive consumer and business data. Five states have passed data breach disclosure laws similar to the first legislation adopted by California in 2003. At the state level, at least 50 consumer notification bills have been introduced and support is building for federal legislation, Gow said.

Companies are responsible for protecting their data, even when it is in the hands of a third-party vendor, Gow said.

"These data breaches and loss of control over the company and customer information is really and truly hurting companies," Gow said. "It's harming their balance sheet. Making sure the risk manager has a scat at the table is step one. Step two is making sure the company has a records and information management program documented, in place and being followed."

Ace suggests companies use the following tactics for ensuring data integrity and minimizing loss and liability:

* Ask bow frequently a vendor's security procedures and processes undergo an independent assessment and how quickly action is taken to correct any deficiencies.

* Demand that vendor candidates prove themselves capable of protecting sensitive consumer data.

* Encrypt data at the front end, before it is exported, which has been proven to deter fraudulent data use.

* Make sure the vendor complies with legal and regulatory standards.

* Make sure the vendor runs criminal background checks on its employees.

* Ask potential shipping vendors to detail the technologies they use to monitor access to data and track its location.

* Make sure the vendor carries an adequate amount of professional and cyber-liability insurance.
COPYRIGHT 2005 A.M. Best Company, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:consumer data security management
Comment:Risk managers' role grows along with theft threats.(consumer data security management)
Author:Green, Meg
Publication:Best's Review
Geographic Code:1USA
Date:Sep 1, 2005
Previous Article:Join the game: 'My Ex-Broker' offers risk managers a tongue-in-cheek way to kiss their worries good-bye.
Next Article:Traffic safety study: speeders are higher risks.

Related Articles
Protecting your identity; private information theft has become a plague on modern society, but you can protect your business and yourself with the...
The damaged data dilemma worms, viruses, spyware and spam are the culprits.
Managing e-business risk to mitigate loss: along with the speed and convenience of e-business come new risks, such as identity theft and...
Identity theft: new era of info storage and disposal.
Sound IT governance requires breadth & depth: to be effective, IT governance must be constructed on the foundations of law, security practices, risk...
How much is your customer's trust worth?
Security news and products; avanquest UK launches PC-Cillin from Trend-Micro.
IBM Internet Security Systems predicts security trends for 2007.
Security news and products; IBM internet security systems X-Force research team predicts security trends for 2007.
Pointsec expands data protection portfolio.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters