Big I Virginia E-News
March 2018
 

Information Security Revisited and Food for Thought by Douglas M. Palais

Print this Article | Send to Colleague

§ 38.2-613.2. Information security program.

A. Each insurance institution, agent, and insurance-support organization shall implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of policyholder information. The administrative, technical, and physical safeguards included in the information security program shall be appropriate to the size and complexity of the insurance institution, agent, or insurance-support organization and the nature and scope of its activities.

B. The information security program shall be designed to:

1. Ensure the security and confidentiality of policyholder information;

2. Protect against any anticipated threats or hazards to the security or integrity of the information; and

3. Protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any policyholder.2003, c. 729.

  • When was the last time that you reviewed your information security program? Note that the law has been in effect for fifteen years.
  • When was the last time that your employees discussed the program?
  • As the statute requires the program to be written, has the document been circulated to all agency employees?
  • Do you check the security status of third-party software on your agency’s website or in your agency management system?
  • When an employee leaves the agency, is ALL access to agency records and data terminated immediately?

These and many more questions will continue to arise as we all become progressively vulnerable to cyber intrusions. The best way to avoid E & O claims relating to data security, which are serious claims by their very nature, is to be sure that your security system evolves with the changing times.

Don’t get overwhelmed with the technical jargon of the information required and discard complying with the Information Security Program Code. Contact Linda Loving at the IIAV and ask for a free copy of their Insurance Information Security Policy template. You can be complying quickly after modifying the template to fit with your agency operation. Linda can be reached at 804-747-9300 or lloving@iiav.com.

 
Doug Palais has been the “lawyer of choice” for IIAV’s Professional Liability clients for over 25 years.  Doug recently joined the Vandeventer Black LLP law firm, which is a full service, international business law firm operating for over 100 years.  He is a seasoned trial lawyer and counselor with 35 years of experience and concentrates his practice in Professional Liability; Errors & Omissions Defense of Insurance and Securities Professionals; Directors & Officers Liability Defense; Securities Litigation and Arbitration; Insurance Coverage and Defense; Legal Malpractice Defense and Financial Institutions and Securities.  Doug regularly writes and speaks on issues relating to insurance agents and brokers.  He is also a frequent speaker for IIAV on professional liability and regulatory matters.  Doug also makes himself available to member agents in connection with legal problems.

Douglas M. Palais
VANDEVENTER BLACK, LLP
Riverfront Plaza – West Tower
901 E. Byrd Street
Suite 1600
Richmond VA 23219
804-237-8811
dpalais@vanblk.com

 
Atlantic Specialty Lines, Inc.
Millers Mutual Insurance Company
 

Back to Big I Virginia E-News