SPECIALTY INSURANCE SOLUTIONS
PRIVACY AND SECURITY BREACH
Trisura has partnered with IDT911 to provide you with Privacy & Security Breach Services that will help you prepare your business for the complexities and nuances of data security – without the expense of hiring in-house expertise. These services will help you:
- Reduce the chances of a data breach occurring in the first place
- Be prepared in the event that there is a data breach incident
- Respond appropriately if a breach does occur
To learn more, contact a member of our Specialty Insurance Solutions team or download our services coverage overview:
WHAT IS IT?
Any business that handles or stores private business, customer, patient or employee information is at risk of having a privacy breach.
When a privacy breach happens, most businesses are required by law to take action or they face the possibility of civil litigation or other penalties. Before the unthinkable happens, you need the tools and information to confidently assess the situation and manage the crisis.
Trisura has partnered with IDT911, North America’s premier identity management and data risk management services provider, to deliver privacy & security breach services and tools to ensure that your protection is a step above.
Trisura and IDT911 provide the first line of defence in privacy breach preparation, damage control and resolution. This coverage helps businesses stand up to the risks and cope with the rising costs of a breach, and offers both proactive and reactive assistance to businesses.
- Provides access to a secure breach preparedness website, featuring tips and guidelines to help businesses minimize the risks and impact of a breach.
- Delivers peace of mind breach expense coverage to help businesses deal with rising costs, including public relations, good faith advertising, breach consulting services and potential lawsuits.
- Supplies professional assistance to help businesses confidently handle a breach crisis. Organizations can count on assistance from a team of breach professionals, including help with notifications and access to personalized fraud expert services for any victims of identity theft or fraud.
We underwrite all risks on an account by account basis taking into consideration the unique risk characteristics of each applicant.
We do not have minimum premium thresholds.
FIVE THINGS YOU SHOULD KNOW ABOUT PRIVACY AND SECURITY BREACH
Ensure your employees understand the importance of protecting personal and private information and know the appropriate way to handle and protect that data. Train your staff to report any data breach, lost laptop or missing USB drive immediately, so security experts can help mitigate the impact of the loss.
2. Hackers are just the beginning
While hackers seem to get all the media coverage, non-criminal elements are at play as well. System glitches, where personal data is accidentally shared publically, accounts for more than 42% of all breaches.
3. USB drives are evil
Mini drives are easily lost and are often stolen when thieves target briefcases, purses and laptops. Make it a corporate policy to never copy private and confidential information or important data to a USB drive. If it is absolutely necessary, encrypt the data before copying it to the drive.
4. Don’t discard, destroy
When a desktop computer or laptop is replaced, destroy the hard drives. Data thieves have been known to frequent used computer stores and even dumpsters looking for drives that might contain useful information.
5. Breaches are expensive
It pays to be diligent. In addition to reputational loss, privacy and data breaches hurt the bottom line. In a joint 2013 study, data security company Ponemon and malware leader Symantec estimated that the cost of a breach was $214 per record.
An employee at a small accounting firm took home her office laptop to do some work over the weekend. But an ill-fated stop at the mall left her with a broken car window, a stolen laptop and exposed more than 120,000 people’s personal records. Her firm had been helping several large hospitals with their audits, and their patients’ protected health information (PHI, which includes prescriptions, procedures and diagnostic codes) was now a password away from the thieves. IDT911’s DataRiskStages service, available to the firm through insurance, was able to advise the firm on how to notify each hospital and then each patient. With IDT911 handling the breach, the firm was able to stay in business.
IT Oversight Leads to Breach
When a police department updated its databases, critical information was placed on a standard, non-secure server. The personal information of more than 200,000 officers, prisoners and informants was exposed for eight months due to IT oversight until someone voiced a concern about the personal data appearing on search engines. The police department contacted IDT911 to determine whether it should consider fraud remediation. IDT911’s team took into account several factors, including the large number of individuals exposed and whether the department could be sued. The department decided to respond to specific safety concerns rather than launch a consumer-based protection campaign. Monitoring and fraud resolution were determined impractical.
Employee Data Posted to Company Website
A publicly traded company became a little too public when it unwittingly posted the personal information of several top executives online. Social Insurance Numbers of the company’s top brass were accessible to anyone who visited the company’s website for four to six weeks. The in-house legal department contacted IDT911 about the breach. IDT911 experts made two key recommendations: Investigate the weblogs of online visitors during that time and determine whether search engines had indexed the information. The extent of the breach turned out to be minimal. The search engines had not indexed the data, and it was housed on a part of the site that was seldom visited. Because of the executives’ high-profile, however, several precautions were advised and taken: The company put a fraud alert on all bank accounts; conducted a credit file activity review; and put all individuals on the highest level of credit and fraud monitoring.
Mortgage Applications Go Missing
A credit union reached out to IDT911 for assistance after a third party vendor lost a number of closed mortgage applications. The credit union was legally required to keep the closed mortgage applications. It hired a storage vendor that reported a missing carton containing 14 closed mortgage applications. The vendor searched its facility but nothing turned up. IDT911 worked with the credit union’s general counsel to draft a letter notifying the consumers without causing panic, then helped the recipients enroll in services that would ensure their information wasn’t misused. The storage vendor also came through by covering the costs spent on notification and monitoring.