Security - Confidentiality issues

As time passes - we are now entering the fifth year of statutory regulation - there is a growing expectation from the regulator that we all run our businesses in a compliant fashion, not in making sure that the boxes are ticked when we give a quote but in a holistic fashion.

This leads on to the first part of your question; a topic likely to move up our collective agendas this year. The topic is data security in the widest sense, though not just from the perspective of computer passwords and making daily backup copies of your electronic data.

Broking businesses revolve around and depend upon the collection and storage of data, which, by its very nature, is often personal. We live in an age where there is an expectation that data passed by us as consumers to businesses such as brokers will be stored securely, that it will not be accessed by or passed to anyone that may be able to take pecuniary advantage of it or engage in crimes such as identity theft.

To turn the question on its head: let us suppose that a number of your high net worth clients report what appear to have been 'targeted' burglaries, in which the thieves seemed to know exactly what they were looking for, or some of your clients have reported having had their credit cards used fraudulently shortly after supplying details to you for policy renewal. You have not had a physical break-in at the office, yet clearly there is a problem.

What can you demonstrate to prove that you kept client details secure from unwanted attention? The following factors are worth considering:

Are you sure that all your staff members are trustworthy? You could carry out the limited form of Criminal Records Bureau checks on them. Are you sure that your cleaners are to be trusted? Do you know the cleaning firm? Do they change personnel regularly? Do you have a clear-desk policy, or is client information left lying around for prying eyes to see? Do you have a written policy for the safeguarding of credit card information that comes into your possession?

Think about this: what of the old laptop that you disposed of - did you physically destroy the hard drive? Or did you believe the person that claimed wiping all the information from it ensures that it is gone and cannot be accessed - and then sold the computer on eBay? Did you know that Which? Computing magazine recovered 22,000 "deleted" files from eight computers purchased on eBay. Criminals source old computers from internet auction sites, or even rubbish tips, to find users' valuable details. Freely available software can be used to recover files that users think they have deleted permanently.

Do you have a written security policy? What is more, if you do, are your employees adhering to it? What checks do you carry out on new staff? How do you satisfy yourself, in these straightened times, that long-serving staff have not found themselves under financial pressure and possibly prone to temptation? Do you disable computer passwords when people leave the organisation?

Admittedly, there are more questions than answers. These are issues that we are addressing with clients on a daily basis and I would recommend strongly that you take the subject up with your compliance consultant as soon as possible.

- Ian Ritchie, director, RWA Group.