Articles - Aon and Data Privacy Day 2012

Emerging risks and evolving regulation demand companies pay attention: Aon and Data Privacy Day 2012
Global risk advisor outlines top five steps to safeguard data

 On Jan. 28, companies around the world will recognize Data Privacy Day 2012, an annual international celebration designed to promote awareness about best privacy practices. Aon Risk Solutions, the global risk management business of Aon Corporation (NYSE: AON), encourages companies to use Data Privacy Day as an opportunity to assess network risk practices and identify where improvement may be needed.

 "New risks, illustrated by the Carrier IQ mobile device privacy controversy, Zappos and Amazon's 24 million records breached, Sony's 100 million records breached and recent hacktivist attacks, are emerging faster than most policies and IT departments can keep up," said Kevin Kalinich, global practice leader of cyber insurance for Aon Risk Solutions. "Organizations that think their network could never be a penetrable target need to think again."

 Companies must focus on data privacy risk mitigation practices and become familiar with their cyber risk insurance policy to ensurea financial backstop is in place when - not if - a data breach occurs.
 "It is important to understand that data privacy compliance starts with your data. The organization needs to know where its information is located, transferred and how it is accessed," added Adam Nelson, chief privacy counsel for Aon Corporation.

 In October 2011, the U.S. Securities and Exchange Commission introduced guidelines that call for public organizations to disclose cyber incidents and whether cyber insurance is purchased. While organizations do not legally have to disclose this information, plaintiffs' attorneys are likely to use the SEC guidelines as a threshold liability standard.

 "Additional implications of these guidelines remain an unknown," Kalinich added. "If an organization does not disclose its cyber incidents, it may face fines from the SEC and open the door to increased shareholder lawsuits for not properly disclosing or assessing the risk of an attack. We may also see a time when credit rating agencies take cyber security exposures into account when evaluating a company – just as Standard & Poor's has done with enterprise risk management."

 According to Aon, there are five important steps companies must consider taking to safeguard data:
 1. Understand your obligations under law and applicable standards – Keep educated and aware of local, state, federal and foreign regulations, as they are constantly evolving.

 2. Assemble a data security team and assess your data - In addition to determining the type and amount of personal data maintained, it is important to identify how data is collected, stored, used and transmitted as well as understand potential threats to the company's security (e.g. third-party vendors, such as cloud computing service providers).

 3. Develop data protection, privacy policies and procedures - The data security team should review existing policies and make them consistent with industry best practices. Social networking sites and related blogs pose new threats that must be considered.

 4. Control hardware and software - Laptops, PDAs and other mobile devices present additional challenges. A data breach prevention program must assess and control exposures related to hardware and software used by company personnel.

 5. Review contracts - Update and negotiate services agreements to ensure privacy and security protections are embedded within the company's relationships.

 Data Privacy Day began in January 2008 as an extension of Data Protection Day, celebrated in Europe. Among its many goals, Data Privacy Day promotes privacy awareness and education among businesses and consumers, focusing on privacy issues raised by the use of social networking sites, cloud computing, smartphones and other mobile devices as well as encouraging users to comply with existing privacy laws and regulations.

Back to Index

Similar News to this Story

Murder on the LPI floor
DB schemes, by and large, are in a far healthier position than they have been for over a decade. This is good news, but it also changes the challenges
Pension scheme cyber attacks are you prepared
The cyber threat to pension schemes specifically is increasing. The Capita data breach in 2023 is set to cost the organisation an estimated £107 milli
Is AI the new ESG
Over the past few years, ESG was all the rage. Proponents, opponents, and everyone in between seemed to be talking about this topic on an endless loop

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS


Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.