Stop putting passwords on sticky notes, require passwords for desktops and encrypt all backups.
For those that haven’t done so already, insurance agents and agencies are going to have to get smart about encryption – especially those in Massachusetts.
That’s because Bay State insurance agencies and other businesses are fast approaching a legal mandate to encrypt any customer information they transmit electronically or store on laptops, flash drives or any other devices. Encryption, for those who’ve never heard of it, refers to a relatively simple process of rendering data so that only persons with a digital code, or, “key,” can understand it. Without this so-called key, any information stored on a computer, tape drive or elsewhere is effectively useless. It’s simple and relatively cheap to do. And given the extent of high-profile data breaches over the last several years, it’s a process that probably should have become routine in any insurance setting years ago.
Last month, Nevada became the first state in the nation to require businesses to encrypt any personal information that gets transmitted electronically. Personal information includes things like names, social security numbers, credit card numbers and any other data that leaves consumers open to identity theft if it were to fall into the wrong hands.
Although the Nevada law is fairly toothless – it doesn’t actually spell out exact fines or penalties for businesses that fail to comply – it shows the direction that state governments are moving with respect to becoming proactive about protecting citizens’ personal information.
Massachusetts enacted its law earlier this year, and it had been set to go into effect on Jan. 1, 2009, although that deadline has been pushed back. Massachusetts goes a step farther than Nevada by requiring businesses to encrypt data that is transmitted or stored. It also mandates that businesses formalize their written computer security procedures for anyone who has access to customers’ personal information. The law carries pretty significant fines – $5,000 and up – for businesses that ignore it.
Luckily for those agents that have been behind the times in readying their businesses, the Bay State has extended the deadline to at least May 1, 2009 for some parts of the law, and until Jan. 1, 2010 for the rest, so there’s still time to investigate encryption methods for your agency. Whether other states will follow, however, is anyone’s guess. But it’s fair to say that – given two states have enacted these laws in the last three months – the momentum appears to be building.
The Independent Insurance Agents & Brokers of America’s ACT Working Group, which is a partnership of independent agents, companies, technology vendors, user groups and associations dedicated to enhancing the use of technology and improved work flows within the independent agency system, maintains an ongoing report about data security in independent agencies. It includes recommendations to minimize risks.
Among the procedures recommended: Stop putting passwords on sticky notes, require passwords for desktops and encrypt all backups. And for agents looking to outsource that responsibility, the report recommends considering an outside data center, some of which even employ armed guards.
Topics Agencies Massachusetts
Was this article valuable?
Here are more articles you may enjoy.
Viewpoint: Deepfake Fraud Is On the Rise. Here’s How Insurers Can Respond 
Beryl’s Remnants Spawned 4 Indiana Tornadoes, Including an EF-3: NWS 
Soccer Officials Arrested After Melee That Damaged Hard Rock Stadium in Miami 
Hard Market Conditions Expected to Ease in 2025 as Claims Inflation Softens: Swiss Re From This Issue
