1 / 8

Surviving a Privacy Exam

Surviving a Privacy Exam. Barbara B. Fitch 2 nd VP–Market Conduct & Compliance National Life Insurance Company October 3, 2005. District of Columbia - Privacy Status Review – January 2002. DC was lead department 18 participating states Conducted by PricewaterhouseCoopers

seoras
Télécharger la présentation

Surviving a Privacy Exam

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Surviving a Privacy Exam Barbara B. Fitch 2nd VP–Market Conduct & Compliance National Life Insurance Company October 3, 2005

  2. District of Columbia - Privacy Status Review – January 2002 • DC was lead department • 18 participating states • Conducted by PricewaterhouseCoopers • Over 200 companies involved • Initial billing of $30,000 per company

  3. Scope of Exam • Privacy notice and customer notification • Data handling, due diligence and policies to protect information • Customer option preferences • Safeguarding of customer records and information • Other pertinent privacy regulations as determined by the Department

  4. Rules Examined • NAIC Model 672 – Privacy of Consumer Financial and Health Information Regulation • NAIC Insurance Information and Privacy Protection Act (1982) • Gramm-Leach-Bliley Act – Section 501 • Standards for Safeguarding Customer Information Model Regulation • California 2689 Privacy Regulations

  5. Response Approach • Read all documents carefully • Pull together appropriate parties • Look at IT certification programs your company might already have • Business areas most familiar with the process should write the response • Responses should be reviewed by a non-IT person outside of the unit • Be simple….but detailed!

  6. Helpful Hints • Privacy Notices • Consolidate if possible • Keep a chart to document versions and distribution dates • Automate where possible • Safeguarding Info • Have a good general understanding of your company’s IT structure before an exam actually takes place

  7. Helpful Hints • Allow ample time to develop your response • Expect a long wait for a draft report. Be prepared to respond quickly when it arrives • Check the report carefully for errors or information not acknowledged • Address areas you know may be a potential risk before an exam actually happens • Employee security breaches • E-mail – Is yours encrypted?

  8. QUESTIONS?

More Related