Articles - Aon and Data Privacy Day 2012


Emerging risks and evolving regulation demand companies pay attention: Aon and Data Privacy Day 2012
Global risk advisor outlines top five steps to safeguard data

 On Jan. 28, companies around the world will recognize Data Privacy Day 2012, an annual international celebration designed to promote awareness about best privacy practices. Aon Risk Solutions, the global risk management business of Aon Corporation (NYSE: AON), encourages companies to use Data Privacy Day as an opportunity to assess network risk practices and identify where improvement may be needed.

 
 "New risks, illustrated by the Carrier IQ mobile device privacy controversy, Zappos and Amazon's 24 million records breached, Sony's 100 million records breached and recent hacktivist attacks, are emerging faster than most policies and IT departments can keep up," said Kevin Kalinich, global practice leader of cyber insurance for Aon Risk Solutions. "Organizations that think their network could never be a penetrable target need to think again."

 
 Companies must focus on data privacy risk mitigation practices and become familiar with their cyber risk insurance policy to ensurea financial backstop is in place when - not if - a data breach occurs.
 "It is important to understand that data privacy compliance starts with your data. The organization needs to know where its information is located, transferred and how it is accessed," added Adam Nelson, chief privacy counsel for Aon Corporation.

 
 In October 2011, the U.S. Securities and Exchange Commission introduced guidelines that call for public organizations to disclose cyber incidents and whether cyber insurance is purchased. While organizations do not legally have to disclose this information, plaintiffs' attorneys are likely to use the SEC guidelines as a threshold liability standard.

 
 "Additional implications of these guidelines remain an unknown," Kalinich added. "If an organization does not disclose its cyber incidents, it may face fines from the SEC and open the door to increased shareholder lawsuits for not properly disclosing or assessing the risk of an attack. We may also see a time when credit rating agencies take cyber security exposures into account when evaluating a company – just as Standard & Poor's has done with enterprise risk management."

 
 According to Aon, there are five important steps companies must consider taking to safeguard data:
 1. Understand your obligations under law and applicable standards – Keep educated and aware of local, state, federal and foreign regulations, as they are constantly evolving.

 
 2. Assemble a data security team and assess your data - In addition to determining the type and amount of personal data maintained, it is important to identify how data is collected, stored, used and transmitted as well as understand potential threats to the company's security (e.g. third-party vendors, such as cloud computing service providers).

 
 3. Develop data protection, privacy policies and procedures - The data security team should review existing policies and make them consistent with industry best practices. Social networking sites and related blogs pose new threats that must be considered.

 
 4. Control hardware and software - Laptops, PDAs and other mobile devices present additional challenges. A data breach prevention program must assess and control exposures related to hardware and software used by company personnel.

 
 5. Review contracts - Update and negotiate services agreements to ensure privacy and security protections are embedded within the company's relationships.

 
 Data Privacy Day began in January 2008 as an extension of Data Protection Day, celebrated in Europe. Among its many goals, Data Privacy Day promotes privacy awareness and education among businesses and consumers, focusing on privacy issues raised by the use of social networking sites, cloud computing, smartphones and other mobile devices as well as encouraging users to comply with existing privacy laws and regulations.
 
  

Back to Index


Similar News to this Story

Actuarial Post Magazine Awards Winners Edition December 2024
Welcome to the Actuarial Post Awards 2024 winner’s edition and we hope you enjoy reading about their responses on having won their award. The awards
Guide to setting expense reserves under the new Funding Code
The new defined benefit (DB) funding code of practice (new Funding Code) requires all schemes to achieve funding levels that ensure low dependency on
Smooth(ing) Operator
Private equity can be a great asset. It’s generally the most significant way to have any real world impact as an investor (eg infrastructure assets li

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.