The prototype plan offers a template for insurance agents and brokers to safeguard personal information of clients and employees, their proprietary information, physical security, and integrity of electronic systems, the association said in a statement.
“Numerous state privacy and security breach notification laws, as well as several federal laws, require agents to have written security plans to protect their operations and the privacy of their clients’ and employees’ private information,” said Steve Aronson, president of Aronson Insurance in Newton and Needham, Mass., and chair of the Agents Council for Technology (ACT) Agency Security Best Practices Work Group that produced the security plan. “Not only could a breach of clients’ private information devastate an agency’s reputation, it is likely to result in the agency’s having to undertake extremely time consuming and costly actions on behalf of the individuals whose private information may have been compromised.”
ACT’s prototype plan provides a sample insurance agency information security plan that covers protection of private information, whether it is voice, electronic, or paper. The plan also contains a series of “notes” designed to point out additional tips agents should keep in mind as they customize the plan, along with links to various laws that may apply and additional resources that are available.
“Putting a written security plan in place is only the first step for the agency, however”, said Jeff Yates, ACT executive director. “It is essential for the agency to then implement the plan by appointing an information security coordinator to oversee it and then establishing the necessary procedures, workflows, training, monitoring, auditing and law and plan reviews to carry it out fully.”