Steve Anderson presents three recent events that demonstrate clearly that protecting the privacy of client information involves significantly more than keeping outsiders from hacking their way into your network and database.
CASE #1
ChoicePoint, a provider of identification and credential verification services for businesses and the government, provided individuals posing as legitimate businesspeople with access to their database. These individuals then set up about 50 fraudulent accounts through which they could view consumer data, including names, addresses, Social Security numbers, and credit reports.
CASE #2
Bank of America Corp. lost computer data tapes containing personal information on up to 1.2 million federal employees, including some members of the U.S. Senate. The lost data included Social Security numbers and account information, leaving customers of a federal government charge card program vulnerable to identity theft.
CASE #3
LexisNexis identified several incidents of potentially fraudulent access to information about individuals at its recently acquired Seisint unit. These incidents arose from third parties misappropriating IDs and passwords from legitimate customers. As a result, information on approximately 32,000 individuals might have been fraudulently accessed, including names, addresses, Social Security, and driver’s license numbers (but not credit history, medical records, or financial information). Again, this breach was caused by supposedly legitimate people who were provided with an account that allowed them to gain access.
NEW LAWS AHEAD?
Vermont’s Patrick Leahy, the top Democrat on the Senate Judiciary Committee, said recently that this slew of data thefts and other leaks requires a “comprehensive rethinking” of the laws regulating companies that compile electronic dossiers that are usually purchased by creditors, employers, or police. Leahy hinted that new laws might extend beyond data brokers to affect a broad range of businesses. The Senator was a Bank of America customer whose personal information was reported lost.
Don’t make the mistake of thinking that these incidents won’t influence how you operate your agency.
Although protecting client information from unauthorized outside access is still extremely important, you also need to protect this information from being stolen by perpetrators of an “inside job.”
Because an insurance agency has more private information than many other types of businesses about its customers, it’s reasonable to assume that any legislation strengthening the privacy of consumer information would include agencies.
It’s wise to review the steps that you’ve already taken to protect client information and consider additional precautions. Protecting the privacy of your clients’ data makes good business sense. No agency wants to the negative publicity that results from a privacy exposure.