13.05.2022 09:30

What Independent Agents Should Know About Data Security

News image


While technology has improved how businesses interact online, it has also increased the threat to customer data. This is the reason regulations on customer data protection have also risen exponentially over the years. Technology has promoted customer satisfaction while at the same time providing challenges for insurance companies.

This is because cyber criminals target insurance agencies. After all, they deal with customer data. For this reason, preventing a data breach is an essential role of insurance agencies.

Cyber-attacks affect independent insurance agents in different ways. To compete with national carriers, customers require independent insurance agencies to apply technology and modern, user-friendly digital platforms.

These agencies should comply with all state and federal regulations on securing client data that is processed through these online platforms. These regulations are meant to protect information such as social security numbers, credit card payment information, and driver’s license numbers.

Apart from protecting client data, independent agents sell policies to their clients. Therefore, the insurance agent’s reputation is at stake if the policies they sell to their clients are breached.

These agents must beware of the history of the carriers they represent. For example, suppose a carrier suffered from a data security breach. In that case, the independent insurance agent should determine how the carrier reacted to the incident and the measures they took to prevent the incident’s recurrence.

Data Security Regulations

Regulations that independent insurance agents need to comply with include:

  • Payment Card Industry Data Security Standard (PCI DSS)
  • Sarbanes-Oxley
  • Gramm-Leach-Bliley Act

Some states have additional regulations for client data security. For example, in South Carolina, independent agents must comply with the S.C. Insurance Data Security Act. According to this Act, the State Department of Insurance should be notified of all data breaches. The Act also requires independent insurance agencies to perform a risk assessment.

If you are suffering from data security, regulations, and threats, you need professional guidance. Numerous data security organizations work with insurance agents. The Big “I” or your jurisdiction’s trade association are great places to seek guidance on the regulations affecting your company.


The PCI DSS is a requirement meant to ensure all companies that deal with processing, storing, and transmitting credit card data do it in a safe environment.

On September 7, 2006, PCI DSS was established to enforce PCI security standards and ensure the security of credit/debit card transactions. Visa, American Express, MasterCard, JCB, and Discover created an independent body, the PCI Security Standards Council (PCI SSC), to manage the PCI DSS.

Sarbanes-Oxley Act

The SOX Act is a federal law that was endorsed on July 30, 2002, to protect investors by ensuring accurate and reliable corporate disclosures. The Act was motivated by accounting scandals like WorldCom and Enron. These scandals inflated stock prices and lured investors into making investments.

The Act was introduced by Senator Paul Sarbanes and Representative Michael Oxley and signed into law by the then U.S. President, George W. Bush.

Gramm-Leach-Bliley Act

The Gramm-Leach Bliley Act was introduced on 12th November 1999. The Act requires companies that provide financial products and services such as loans, insurance, and financial advice to safeguard client data and explain their information-sharing policies with their customers. The Act also requires companies to explain to clients their right to “opt-out” if they do not wish their data shared with third parties.


HIPAA and HITECH are regulations that secure personal health information from dissemination, exploitation, and unauthorized access. HIPAA stands for Health Insurance Portability and Accountability Act.

The Act came into effect in 1996. HITECH stands for Health Information Technology for Economic and Clinical Health Act. The Act came into effect in 2009. Both regulations set out ways to promote the privacy of medical information.

Since HIPAA was not effective in dealing with organizations or medical service providers who did not comply with its regulations, HITECH came to correct this weakness. HITECH introduced violation tiers that carry harsh fines to ensure companies do not violate the regulations hoping to pay the simple penalties.

The Tiers were increased from $100 to $50,000 for each violation. The Tiers also set the maximum fines to $1.5 million. Healthcare facilities can no longer afford not to comply with the HIPAA and HITECH requirements because of these huge fines.

HITECH’s enactment strengthened HIPAA regulations on a carrier and business administrative liabilities. The omnibus rule that was passed in 2013 further updated the HITECH Act to make businesses directly responsible for their covered entity and any non-compliance issues.

In Conclusion

Independent insurance agencies need to familiarize themselves with the different regulations affecting them. This ensures the companies can protect client data and increase customer satisfaction. Additionally, compliance helps insurance agents to avoid penalties from the authorities that enforce these data security regulations.

Thank you!
Subscribe to our newsletter! Join us on social networks!
See you!