Education is your best defense in guarding against professional liability claims. Sign up for our Email Newsletter and receive Alerts, Articles, and White Papers on protecting and managing your practice.
Protect Client Data from Identity Theft - Best Practices
Personal information can exist in either a physical or electronic form. Regardless of the form in which the information exists, the standard of protection remains, only the implementation of that protection changes.
Physical copies of personal information can be easily protected by simply storing the information in a locked storage area. This area can be anything from a filing cabinet to a safe to a third party storage facility. So long as access to the information is limited to properly trained employees, any of these forms of locked storage should be sufficient.
See more about File Retention Policy
The storage and security of electronic personal information can be more complicated than the storage of physical personal information. The implementation of an electronic storage system can vary widely depending on the size of a company or firm, and the amount of information that must be secured. At a minimum, the WISP (Written Information Security Plan) must cover authentication protocols, including the use of user IDs and passwords and their security; secure and restricted access to the personal information records; the encryption of the electronic records; and the monitoring of the implemented systems.
Many electronic file systems and operating systems have a built-in function for the creation and maintenance of a user ID and password system. For larger firms and companies, a more robust system may be needed and can be found through third-party vendors.
Encrypted storage and transmission of personal electronic information can be implemented in many ways. Many manufacturers now sell USB drives and external hard drives with built-in encryption systems. For the encryption of current drives and file systems there are numerous programs available for purchase and comparable free programs as well.
State Security Breach Notification Laws
It is essential to be familiar with your particular State's Security Breach Notification Law. At this time, 46 States have unique Security Breach Laws in place.
NAPLIA provides you with a summary of each State Security Breach Law identifying:
- Date law was enacted
- Definition of Personal Information by State
- Notification Requirements
- Links to full State Statutes, and Laws
Information Security & Data Privacy Liability Insurance
Implementing the information protection "best practices" will only benefit your firm. However, as technology continues to grow at a rapid pace all around us, the skills of cyber criminals grow as well. There is always the possibility of a security breach no matter what level of security you have. For that reason, the most efficient way to protect your business against the financial and legal burdens, associated with an inevitable breach in your state, is to purchase
Information Security and Privacy Insurance provides a variety of industry-leading coverage for the exposures facing companies today. The following are just a few of the crucial aspects that are covered by this form of insurance:
- Coverage for theft, loss, or unauthorized disclosure of personally identifiable non-public information or third party corporate information (This includes coverage for both Physical and Electronic information) or an independent contractor that is holding, processing or transferring such information on behalf of the insured
- The Insurance carrier would provide you with an Attorney and cover the associated legal expenses for such regulatory proceedings
- Coverage for the costs to provide notification to your clients, consumer reporting agencies, etc. in compliance with the breach notice laws in that state.
- Coverage for the costs to hire a computer security expert to determine the existence and cause of a security breach
- Coverage for failure to comply with state breach notice laws
Take the time to work with a professional insurance agency that understands your business and the industry.
For more information on Information Security and Data Privacy Liability Insurance contact NAPLIA. We will be sure to provide you with the knowledge and information you need to protect your business in the event of a security breach.
This information is intended solely for general educational purposes. It is not intended for the purpose of providing specific legal, accounting, or other professional advice to any particular recipient or with respect to any particular jurisdiction. NAPLIA (1) makes no representations, warranties, or guarantees as to its technical accuracy or compliance with any law ( federal, state, or local) or professional standard; and, (2) assumes no responsibility to any recipient of this document to correct or update its contents for any reason, including changes in any law or professional standard.