Data Security 101 For Independent Agencies
At the same time technology has significantly raised customer expectations about interacting and doing business with companies online, both the threats to customer data and regulations regarding its protection have grown exponentially. Indeed, while technology certainly provides opportunities to improve customer satisfaction and increase business efficiency, it also presents serious challenges for independent insurance agencies.
Because insurance agencies obtain and handle their customers’ important financial and private data, they are prime targets for hackers who want to access this information. Preventing a data breach and safeguarding private data has become an essential part of the insurance industry.
Independent agents and brokers are impacted in several ways. To effectively compete with national carriers, independent agencies have pressure to invest in technology and new user-friendly digital platforms that customers have come to expect. They must ensure they are complying with all federal and state regulations regarding securing the private data that is obtained through these platforms, from credit card payment information to social security numbers and driver’s license numbers.
But protecting the data an independent agent obtains and stores is not the only concern. Because independent agents and brokers work with numerous carriers, the risk of any of the carriers for whom they sell policies being breached also poses a risk to the reputation of the independent agent who sold the policy. Independent agents should be aware of the history of the carriers they represent. If they have experienced a data security breach, find out how they responded to the incident and what they have done to ensure it does not happen again.
Regulations independent insurance agents should comply with may include:
- Payment Card Industry Data Security Standard (PCI DSS)
- HIPAA/HITECH
- Sarbanes-Oxley
- Gramm-Leach-Bliley Act
Many states have additional regulations, as well. For example, in South Carolina, the S.C. Insurance Data Security Act also applies to independent agents and agencies. This is an important state law that requires all data breaches to be reported to the state Department of Insurance and requires most agencies to conduct a risk assessment.
If you have questions about data security, regulations and/or threats, you should seek professional guidance. There are many data security firms that specialize in working with insurance businesses. The Big “I” or your state trade association are also great resources.
Share