Sure, You safeguard your clients’ data. But what if an employee decides to make off with your files?
The possibility hit the news back in March when a laptop containing the records of some 196,000 Fidelity Investments customers was stolen from an offsite work location. Then in early July a disgruntled employee of Fidelity National (unrelated to Fidelity Investments) stole the records of as many as 2.3 million individuals and sold the data to direct marketers.
You know it’s a strange new world when the National Security Institute’s e-newsletter, NewsWatch, distributed to executives and professionals in defense contracting, government, and industrial security, includes an article on cyberinsurance that protects against “data breach catastrophe.” Cyberinsurance. Against (data) assimilation.
So are you covered?
Your files are valuable, with vital personal and financial data on each of your clients. If you execute trades for them or provide family office services, such as bill paying, you have even more data desired by potential hackers or identity thieves. While you make every effort to secure your files, both paper and electronic, what happens if someone in your office decides to steal that information?
Thirty-eight states, according to Larry Harb of IT Risk Managers, now have laws modeled after California’s groundbreaking Personal Information and Privacy Act. Says Harb, “These laws basically say that if you have my personal and private information . . . [and] you lose my information, you have to notify me.” He adds that these laws mandate “that there be some type of victim assistance program provided because of the problems of identity theft.” Harb points out that, for a 20-person firm with a 5,000-client database, “the reality is . . . that probably 19 persons have access [to that data].”