To provide guidance on crafting policies that comply with privacy laws and regulations, the ACT report outlines several key initiatives that independent agents and brokers should consider implementing.They include:
* Develop an overall policy designed to comply with various privacy laws rather than trying to adopt multiple policies based upon the requirements of each law.
* Appoint a privacy officer who would have good knowledge of overall agency operations. Agents could empower such an officer to develop a detailed understanding of the various privacy laws.
* Appoint a security officer to oversee the agency's security policies and procedures. Such an individual would be able to safeguard an agency's information from both external and internal threats-whether the information is in electronic or paper form.
* Limit access to non-public personal information and individually identifiable medical information to only those employees that have a need to see it.
* Audit and document the implementation of privacy policies and procedures as a way to measure a privacy policy's success and to provide an audit trail.
