Independent insurance agents in a quandary about how to safeguard their private information and overall insurance technology are being given a jumpstart, thanks to
The industry association has released a prototype agency information security plan to assist agencies and brokers in creating their own written security plans to safeguard the private information of a agency’s clients and employees, the agency’s proprietary and confidential information, the physical security of the agency’s premises and the integrity of electronic systems so that they function smoothly without interruption.
“Numerous state privacy and security breach notification laws, as well as several federal laws, require agents to have written security plans to protect their operations and the privacy of their clients’ and employees’ private information,” says Steve Aronson, president of Aronson Insurance in Newton & Needham, Mass. and chair of the ACT Agency Security Best Practices Work Group that produced the security plan for ACT. “Not only could a breach of clients’ private information devastate an agency’s reputation; it is likely to result in the agency’s having to undertake extremely time consuming and costly actions on behalf of the individuals whose private information may have been compromised.”
Jeff Yates, ACT executive director, stresses the importance of having a sound written information security plan. “It’s an essential risk management tool for every independent agency,” he says. “We wanted to provide agencies with a free tool they could customize to fit the size and complexity of their own operations.”
ACT’s prototype security plan covers the protection of private information in any form, whether it is voice, electronic or paper and involves much more than just the protection of the agency’s systems. The plan also contains a series of “notes” designed to point out additional tips agents should keep in mind as they customize the plan, along with links to various laws that may apply and additional resources that are available.
“Putting a written security plan in place is only first step for the agency, however,” adds Yates. “It is essential for the agency to then implement the plan by appointing an information security coordinator to oversee it and then establishing the necessary procedures, workflows, training, monitoring, auditing and law and plan reviews to carry it out fully.”
Agents and other industry participants can visit the ACT website to download the free prototype agency information security plan by visiting
