Data Security 101 For Independent Agencies
At the same time technology has significantly raised customer expectations about interacting and doing business with companies online, both the threats to customer data and regulations regarding its protection have grown exponentially. Indeed, while technology certainly provides opportunities to improve customer satisfaction and increase business efficiency, it also presents serious challenges for independent insurance agencies.
Because insurance agencies obtain and handle their customers’ important financial and private data, they are prime targets for hackers who want to access this information. Preventing a data breach and safeguarding private data has become an essential part of the insurance industry.
Independent agents and brokers are impacted in several ways. To effectively compete with national carriers, independent agencies have pressure to invest in technology and new user-friendly digital platforms that customers have come to expect. They must ensure they are complying with all federal and state regulations regarding securing the private data that is obtained through these platforms, from credit card payment information to social security numbers and driver’s license numbers.
But protecting the data an independent agent obtains and stores is not the only concern. Because independent agents and brokers work with numerous carriers, the risk of any of the carriers for whom they sell policies being breached also poses a risk to the reputation of the independent agent who sold the policy. Independent agents should be aware of the history of the carriers they represent. If they have experienced a data security breach, find out how they responded to the incident and what they have done to ensure it does not happen again.
Regulations independent insurance agents should comply with may include:
- Payment Card Industry Data Security Standard (PCI DSS)
- HIPAA/HITECH
- Sarbanes-Oxley
- Gramm-Leach-Bliley Act
Many states have additional regulations, as well. For example, in South Carolina, the S.C. Insurance Data Security Act also applies to independent agents and agencies. This is an important state law that requires all data breaches to be reported to the state Department of Insurance and requires most agencies to conduct a risk assessment.
If you have questions about data security, regulations and/or threats, you should seek professional guidance. There are many data security firms that specialize in working with insurance businesses. The Big “I” or your state trade association are also great resources.
The information presented on or through this website is made available solely for general information purposes. We do not warrant the accuracy, completeness, or usefulness of this information. Any reliance you place on such information is strictly at your own risk. We disclaim all liability and responsibility arising from any reliance placed on such materials by you or any other visitor to this website, or by anyone who may be informed of any of its contents.
This website may include content provided by third parties, including materials provided by other users, third-party licensors, syndicators, aggregators, and/or reporting services. All statements and/or opinions expressed in these materials, and all articles and responses to questions and other content, other than the content provided by Correll, are solely the opinions and responsibility of the person or entity providing those materials. These materials do not necessarily reflect the opinions or beliefs of Correll or any of its employees.