This article was originally published in the Oct/Nov 2005 edition of The Agent Newsline, a publication of Westfield Insurance.
Based on recent identity theft events, it is clear that U.S. businesses are operating in an increasingly hostile environment. Identity theft remains the fastest growing category of crime in the U.S. Criminals are getting more creative and more technologically adept every day. In this age of rapidly rising threats, every company needs to take serious steps to ensure the security of the private information in their custody.
What does Westfield do to keep your information safe?
Westfield holds private infromation in trust for you and our policy holders. Rest assured, we take our responsibilities seriously. We have never suffered a serious compromise of our data or systems and work hard to keep it that way. Here's how:
- Dedicated security team. In early 2005, Westfield created and filled new roles dedicated specifically to information security. These people are charged with the coordination and continuous improvement of information security. We also formed a corporate security response cabinet with responsibility for all security-related issues. This group was formed in recognition of the increasingly blurry distinction between the physical and the electronic perimeters.
- Password protection. Westfield has password complexity standards and requires our employees to change passwords every 60 days. We continuously upgrade hardware and software in order to make sure our systems are patched for security vulnerabilities.
- External defense. We also commission external vulnerability scans and penetration tests. With your interests in mind, we regularly conduct internal scans of our systems and defenses and use that information to improve our systems.
- Disaster plan. Westfield also has moved aggressively to guarantee our ability to operate even after a potential physical disaster. Mainframe data is mirrored real-time to an off-site facility. In addition, we conduct semi-annual tests of our business continuity plans.
- Mandatory shredding policy. All office paper must be shredded. Even in this electronic age, most identity theft occurs as a result of access to physical copies of the information.
We want you to know that we take precautions to protect the private informaiton you've entrusted to us.
Shredding... It's now the law
The Federal Trade Commission's regulation on the disposal of information went into effect on June 1, 2005. According to the regulation, any information about an individual that is derived from a consumer report or is a compilation of such records must be properly destroyed. Much of the information routinely used in insurance operations has some connection to a consumer report and is covered under this regulation.
Failure to comply with the regulation could result in fines and/or in lawsuits if the information is misused to commit identity theft. This law implements the "disposal provision" of the Fair and Accurate Credit Transaction Act of 2003 (FACTA).
For more information on the FTC regulation, visit www.ftc.gov and search on "disposal".
The regulation includes several examples of ways to comply and to ensure that the consumer's private information remains protected during the disposal process. Westfield requires that all papers be secured until they are ready for disposal and has contracted with an accredited shredding company to make sure that the papers are thoroughly and properly destroyed.