Presentation on theme: "Surviving a Privacy Exam Barbara B. Fitch 2 nd VP–Market Conduct & Compliance National Life Insurance Company October 3, 2005."— Presentation transcript:
Surviving a Privacy Exam Barbara B. Fitch 2 nd VP–Market Conduct & Compliance National Life Insurance Company October 3, 2005
District of Columbia - Privacy Status Review – January 2002 DC was lead department 18 participating states Conducted by PricewaterhouseCoopers Over 200 companies involved Initial billing of $30,000 per company
Scope of Exam Privacy notice and customer notification Data handling, due diligence and policies to protect information Customer option preferences Safeguarding of customer records and information Other pertinent privacy regulations as determined by the Department
Rules Examined NAIC Model 672 – Privacy of Consumer Financial and Health Information Regulation NAIC Insurance Information and Privacy Protection Act (1982) Gramm-Leach-Bliley Act – Section 501 Standards for Safeguarding Customer Information Model Regulation California 2689 Privacy Regulations
Response Approach Read all documents carefully Pull together appropriate parties Look at IT certification programs your company might already have Business areas most familiar with the process should write the response Responses should be reviewed by a non-IT person outside of the unit Be simple….but detailed!
Helpful Hints Privacy Notices – Consolidate if possible – Keep a chart to document versions and distribution dates – Automate where possible Safeguarding Info – Have a good general understanding of your company’s IT structure before an exam actually takes place
Helpful Hints Allow ample time to develop your response Expect a long wait for a draft report. Be prepared to respond quickly when it arrives Check the report carefully for errors or information not acknowledged Address areas you know may be a potential risk before an exam actually happens – Employee security breaches – – Is yours encrypted?