Skip to main content
Cyber Security

Protecting Policyholder Data During Property Claims

When policyholders experience a loss, whether it be a minor leak or a major flood, the feeling of exposure is common. To file and process an insurance claim, policyholders may have to share personal information with third-party vendors their insurance company hires to handle certain parts of their claim. Data breaches can affect both insurance carriers and the vendors they partner with and are becoming more prevalent in our industry every day. Individuals and insurance carriers have much at stake when it comes to data. Vendors and carriers ought to ensure that their client's information is secure and safe. Companies should also clearly communicate how they protect client’s data to help alleviate the stress of exposure and build client’s confidence in the claim handling process.

Insurance carriers typically store thousands of clients' personal information, and the organizational reputation of a carrier can be greatly damaged if that information is compromised. However, privacy is not just a business concern; individuals are often greatly affected as well. During an insurance claim, the risk of personal identity theft is always present. It is important to keep clients' information private and as secure as possible. Protecting personal data and privacy is a serious issue of trust and risk for organizations. Putting up measures to protect people's data during insurance claims can mitigate the risk of costly reputational harm and regulatory penalties.

 

What is Data Privacy?

Data privacy relates to how data is handled and kept safe based on its importance and sensitivity. The first step vendors should take is to only collect absolutely necessary claim-related data. For example, many apartment communities require background checks on all of their renters. To complete these background checks policyholders are often asked to share their social security numbers. Temporary Accommodations will help facilitate this process, but will never store policyholder social security numbers. When policyholders feel uncomfortable submitting to a background check, Temporary Accommodations is able to use single-family homes and corporate apartments to avoid making policyholders share sensitive information.

stand guard

Data Privacy is a concept that is applied to the privacy of critical information of an individual. Critical information may include their date of birth, social security number, medical records, financial data, credit card numbers, or bank account details. Temporary Accommodations remains PCI compliant, undergoes regular third-party security audits, does not collect any personal financial data, and follows the strict, industry-leading data security training program, STAND GUARD.

 

How Important is Data Privacy?

When confidential data falls into the wrong hands criminals may use the data to steal the identity of a policyholder. A data compromise can also lead to the theft of funds, fraud, or other kinds of impersonation. Criminals can use private data for loans, steal benefits, or even medical identity theft. The consequence of data breaches from the client's end can be devastating. Therefore it is vital for privacy awareness to be a priority in all organizations involved in the claims process. The way data protection relates to the goals of an organization should be emphasized in data privacy training. Carriers and vendors then need to communicate their data privacy policies clearly to policyholders throughout the claims process. When this awareness is clearly communicated to policyholders they may be motivated to take steps to protect their own personal information.

Hacker

 

Steps every organization can take to ensure data privacy:

  • Security: Brick and mortar building security is the basic first step to protecting the equipment sensitive data is stored on
  • Virtual Security: Make sure your organization uses a firewall, that your data is encrypted, and your ISP is reliable
  • Privacy: Organizations must not release their client's personal information unless it is mandated by law
  • Disclosure: Organizations must inform customers on what type of information they collect and how they intended to use it
  • Breach Disclosure: If a data breach occurs, organizations must inform their clients without hesitation  
  • Electronic Marketing: For organization using electronic marketing they must respect all national and state laws that relate to data privacy

 

Evolving Risk in Data Privacy

There have been many emerging data security threats in 2020. Information is stored and transmitted through various devices such as mobile phones, laptops, tablets, and even smart televisions. Public Wi-Fi access has become one of the most dangerous threats to personal data. These hotspots are often unencrypted networks that may reveal personal information to criminals. Some hotspots are actually malicious access points that trick users into connecting to their network and immediately begin collecting their personal data. Other threats that continue to present data security risks to organizations are malware, email spam, and phishing scams. All Temporary Accommodations employees are trained to quickly identify these types of scams during STAND GUARD training and are required to immediately report any potential phishing scams to our IT department.

banking security

 

How Organizations Can Ensure Data Privacy

  • Encrypt data and correspondence: During property insurance claims there is a lot of correspondence between policyholders, carriers, and vendors. It is important for insurance carriers and vendors to encrypt sensitive correspondence. The encrypted data should have a password or secret key access, which makes it very difficult for hackers to gain access and decipher data. Encryption also ensures better security when information is shared via the internet or through email. Some policyholders may use Virtual Private Networks (VPN) as a way of securing sensitive information from potential hackers. A VPN has the capability to hide a user's location, avoid censorship, and protect you from snooping on nefarious public Wi-Fi hotspots.
  • Remember paperwork: Most data breaches happen via the internet these days, so people quickly forget that data breaches can also occur through printed documents. Companies should properly shred documents that are no longer in use, lock up sensitive information in filing cabinets, and handle physical documents with added caution.
  • Adopt the best cybersecurity practices: Ensure your firewall is turned on at all times. A firewall controls what goes in and goes out of your network and can provide a good base level of security. Without a good safeguard system like a firewall, hackers can gain access to private data easily and sell that data to other companies or individuals for criminal purposes.
  • Opt for a reliable Internet Service Provider (ISP): There are a lot of ISP's, and some are more reliable than others. You should put in the necessary efforts to ensure you find a reliable ISP with strong technology.
  • Keep your computers and programs updated: Programs and computers can become vulnerable when they are outdated. Paying attention to regular updates of all systems in an organization can help ensure the safety of client's data.
  • Delete Regularly: Ensure you delete duplicated information from your systems and delete information you no longer need. Cookies should be deleted on a frequent basis. Cookies store fragments of information from a website. 

 

Temporary Accommodations only collects and stores data necessary for the temporary housing portion of an insurance claim, which typically includes a phone number, name and address. We do not collect social security numbers, driver’s license numbers, or bank details. We carry out regular independent security audits to look for weaknesses in our STAND GUARD program and work quickly to develop corrections. Furthermore, as a way of ensuring compliance and data security, we carry out periodic privacy and data security trainings and refresher trainings for all employees. We’re committed to mitigating the risks of data leaks to ensure our customers are protected in every way possible.