Insurance Industry Forum on Protecting the

Privacy and Security Of Personal Information

Compliance Strategies and Controls to Minimize Financial and Reputational Risks from Privacy and Data Breaches

Wednesday, June 21, 2006

About

Insurance companies maintain more personal information than nearly any other business . . . do your privacy and data security policies give you the protection you and your customers need?

With the increasing focus on identity theft and data security breaches, regulators and customers alike are increasing pressure on insurance companies to put privacy and data protection on top of their agendas.

Can you offer your customers a higher level of comfort than your competitors when it comes to protecting the privacy of your customer data?

And, with the spread of onerous breach notification laws (23 at last count), careless employee mistakes and minor hacker intrusions can cause considerable financial and reputational damage to your organization. Given the inconsistencies in the breach notification provisions on key definitions, the extent of notification, enforcement and penalties, it is becoming increasingly burdensome for insurance companies to be in compliance and prepared should a data security breach occur, In this environment, you cannot merely rely on yesterday's policies and procedures to protect your customer privacy.

Are you in a position to accommodate and adopt the ever-changing and conflicting regulatory requirements of state law?

As federal law enforcement agencies become increasingly visible entities in the effort to stem the growth of identity theft and protect consumer privacy, the pressure is on Congress to come up with a single law to pre-empt the patchwork of state laws. Currently, there are at least five competing legislative proposals that have been presented to Congress. Any of these proposals could become a law affecting your current practices.

Have you assessed the practical implications on your operations, should any of the proposed federal legislation become law? What else is on the federal privacy radar?

Global insurers must ensure they comply with privacy and data protection regulations across their international operations. This can be a daunting prospect for companies attempting to balance their domestic resources with the different set of international rules and requirements.

Are your policies and procedures equipped to bridge the differences between US and international approaches to data and privacy protection?

Our distinguished faculty of executives from top insurance companies, leading authorities on information security and privacy and our high level insurance industry regulators share their practical knowledge of, and experience with, staying ahead of the technological and regulatory curve in this publication. Included is information on the following:
  • Allocating proper resources to assure consumer privacy and data security through out the life cycle of an insurance contract
  • Identify risks from the regulatory, operational and legal perspectives
  • Upgrade your existing information security program based on your institution's specific needs
  • Shore up your defenses against the latest forms of phishing, spoofing, and pharming
  • Create an effective Incident Response Plan
  • Prepare for the impact of proposed security breach notification laws
  • Mitigate ID theft through data governance and retention practices
  • Adapt your practices to comply with different state privacy laws

Contents & Contributors

About

Insurance companies maintain more personal information than nearly any other business . . . do your privacy and data security policies give you the protection you and your customers need?

With the increasing focus on identity theft and data security breaches, regulators and customers alike are increasing pressure on insurance companies to put privacy and data protection on top of their agendas.

Can you offer your customers a higher level of comfort than your competitors when it comes to protecting the privacy of your customer data?

And, with the spread of onerous breach notification laws (23 at last count), careless employee mistakes and minor hacker intrusions can cause considerable financial and reputational damage to your organization. Given the inconsistencies in the breach notification provisions on key definitions, the extent of notification, enforcement and penalties, it is becoming increasingly burdensome for insurance companies to be in compliance and prepared should a data security breach occur, In this environment, you cannot merely rely on yesterday's policies and procedures to protect your customer privacy.

Are you in a position to accommodate and adopt the ever-changing and conflicting regulatory requirements of state law?

As federal law enforcement agencies become increasingly visible entities in the effort to stem the growth of identity theft and protect consumer privacy, the pressure is on Congress to come up with a single law to pre-empt the patchwork of state laws. Currently, there are at least five competing legislative proposals that have been presented to Congress. Any of these proposals could become a law affecting your current practices.

Have you assessed the practical implications on your operations, should any of the proposed federal legislation become law? What else is on the federal privacy radar?

Global insurers must ensure they comply with privacy and data protection regulations across their international operations. This can be a daunting prospect for companies attempting to balance their domestic resources with the different set of international rules and requirements.

Are your policies and procedures equipped to bridge the differences between US and international approaches to data and privacy protection?

Our distinguished faculty of executives from top insurance companies, leading authorities on information security and privacy and our high level insurance industry regulators share their practical knowledge of, and experience with, staying ahead of the technological and regulatory curve in this publication. Included is information on the following:
  • Allocating proper resources to assure consumer privacy and data security through out the life cycle of an insurance contract
  • Identify risks from the regulatory, operational and legal perspectives
  • Upgrade your existing information security program based on your institution's specific needs
  • Shore up your defenses against the latest forms of phishing, spoofing, and pharming
  • Create an effective Incident Response Plan
  • Prepare for the impact of proposed security breach notification laws
  • Mitigate ID theft through data governance and retention practices
  • Adapt your practices to comply with different state privacy laws

Contents & Contributors

NAVIGATING THE PATCHWORK OF STATE PRIVACY AND SECURITY BREACH NOTIFICATION REQUIREMENTS
Charles H. Kennedy, Morrison & Foerster LLP

PRIVACY AND DATA SECURITY IN THE INSURANCE INDUSTRY-THE STATE PERSPECTIVE
John P. Fielding, The Scott Group PLLC

THE EVOLVING U.S. LEGAL FRAMEWORK FOR INFORMATION SECURITY: FEDERAL AND STATE BREACH NOTIFICATION LEGISLATION
John Kennedy, LeBoeuf, Lamb, Greene & MacRae LLP

GOING BEYOND GLB COMPLIANCE PROCEDURES FOR SAFEGUARDING PROCEDURES AND PRACTICES
Nancy Baran, Prudential Insurance Company of America

ESTABLISHING INTERNAL DATA PROTECTION AND PRIVACY PRACTICES TO PREVENT ID THEFT AND SECURITY BREACHES
Chris Bursch, UnumProvident Corp.

DATA PROTECTION AND PRIVACY PRACTICES TO PREVENT ID THEFT AND SECURITY BREACHES
Nancy Callahan, AIG

PREVENTION IS THE KEY AND THE KEY IS TRAINING
Miriam Wugmeister, Morrison & Foerster LLP

RISK MANAGEMENT AND RISK TRANSFER OF PRIVACY INCIDENTS/CLAIMS
Emily Freeman, JLT Risk Solutions Limited

OUTSOURCING TO INDIA: KEY LEGAL & TAX CONSIDERATIONS FOR U.S. FINANCIAL INSTITUTIONS
Michael Mensik, Baker & McKenzie LLP
Brian Hengesbaugh, Baker & McKenzie LLP

OUTSOURCING, CONTRACTS AND INSURANCE REQUIREMENTS
Emily Freeman, JLT Risk Solutions Limited

MULTI-NATIONAL CORPORATION: APPROACH TO DATA PROTECTON
Christopher Foster, GE Insurance Solutions

DECIPHERING INTERNATIONAL PRIVACY AND DATA PROTECTION
Bridget Treacy, Barlow Lyde & Gilbert

PRIVACY
Tom Stravropoulos, Zurich North American Commercial

AFFILIATE AND PARTNER MARKETING: MANAGING COMPLIANCE WITH STATE AND FEDERAL PRIVACY LAWS
Joan P. Warrington, Morrison & Foerster LLP
Kristina A. K. Hickerson, Morrison & Foerster LLP

TOWARDS MORE PROACTIVE PRIVACY PROGRAM
Carolyn Mitchell, Officer, TIAA CREF

ADVANCED STRATEGIES FOR MINIMIZING DAMAGE FROM A SECURITY BREACH, MANAGING REPORTING OBLIGATIONS, AND RESPONDING TO IDENTITY THEFT COMPLAINTS
Alysa Zeltzer, Collier Shannon Scott PLLC



DOCUMENT TYPES: PRESENTATIONS AVAILABLE: 0