Login

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Business Insurance Webinar: Preventing and preparing for a data breach

Reprints
Tech Insights More + Less -
<i>Business Insurance</i> Webinar: Preventing and preparing for a data breach

An effective data security strategy may take more than just a good information technology employee.

During an Oct. 16 Business Insurance webinar sponsored by OneBeacon Professional Insurance, three experts discussed what companies need to keep in mind when trying to prevent and prepare for a data breach.

“When we review an organization, we look at it as not only an IT problem, not looking at only their network's security issues, but it's really getting into the company itself,” said David J. Molitano, vice president and division manager of content, technology and services division at OneBeacon Professional Insurance.

The other speakers, Ethan Harrington, manager, insurance and risk management at H&R Block, and Nithan Sannappa, attorney for the Federal Trade Commission in the division of privacy and identity protection, also agreed that a company's response to a data breach is more about what happens before any information is compromised.

“There's no stand-alone guide that everyone can adhere to,” Mr. Molitano said.

Mr. Harrington said anyone who could identify potential gaps in security should be involved with the preparation process, including risk managers, chief information officers and legal counsel.

When buying cyber insurance, a company can figure the amount needed by analyzing its risks, comparing itself against competitors, and looking at industry trends, he said.

While businesses may have different needs as far as preparedness goes, the FTC has some guides of its own.

%%BREAK%%

Mr. Sannappa detailed the regulations set in place by the Gramm-Leach-Bliley Act, Fair Credit Reporting Act and Children's Online Privacy Protection Act, among others. He also described several real-world examples of companies violating federal law.

While some of the companies found in violation had suffered a data breach, many others had not. One 2009 example came from CVS Caremark, a pharmacy organization that was throwing out materials with personal information, such as pill bottles with patient names, addresses and prescribing physician's names, in an unsecured dumpster. Not only was it in violation of FTC guidelines, it also violated the Health Insurance Portability and Accountability Act, which led to a $2.25 million fine.

Moderated by Business Insurance Managing Editor Paul Bomberger, the free, 60-minute webinar can be viewed on demand at www.BusinessInsurance.com.

Most Read in Risk Management

Sign up for Daily Briefing, the free email newsletter from Business Insurance.

About

Advertise

Reprints and Licensing

Resources

. Privacy PolicyTerms of Use

COPYRIGHT © 2024 BUSINESS INSURANCE HOLDINGS

Member, Beacon International Group, Ltd.