Home > Property & Casualty > Protecting customer and employee data requires C-Suite involvement

Protecting customer and employee data requires C-Suite involvement

databreach“A game changer changes the way that something is done, thought about, made or addressed.” The game changer as it relates to the risk management and risk transfer of Cyber/Data Liability comes in the aftermath of the Target breach that occurred earlier this year.

Data protection is fast becoming the responsibility of an organization’s CEO and Board of Directors; or both private or public companies. Board and Audit Committee oversight should involve:

    • Education and knowledge of data breach exposures and how they should be monitored, managed and addressed in order to protect a company’s assets and reputation.
    • Data security should be part of an organization’s Board member orientation and an on-going agenda item.
    • Understanding of an organization’s risk profile (credit card systems, employee personnel data, customer Personal Identifiable Information (PII), etc.) at the Board level is paramount.
    • Implementation of a complete data security plan.
    • Board level reporting system and disclosure framework.
    • Continual review of risk management and risk transfer mechanisms.

Board members and CEO’s need to be both proactive and data risk intolerant. Total responsibility can no longer be left to the Risk Manager or CIO.

The SEC is fast reviewing its lack of requirements for disclosure of data security risks and incidents. U.S. Senators are speaking out and calling upon the FTC to investigate data breaches. We are well poised for congressional and regulatory actions that hold a company’s leaders to a new level of fiduciary responsibility in the protection of a company’s assets and data whether or not it is in a digital form. Delaware has already enacted legislation that “places an affirmative obligation on fiduciaries and corporate officers.” According to a number of sources, 47 states already have enacted data breach notification laws.

Costly litigation and personal liability is on the horizon for those organizations that are not proactive in their protection of data for both employees and customers.

About the Author

Rick Black is a Senior Vice President at WGA, with a focus on Property and Casualty Insurance. He joined the firm in 2007, bringing with him 30 years of insurance experience in all areas of complex risk and risk financing. 

617.646.0279 | Rick.Black@wgains.com | Connect with Rick on LinkedIn

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s