During the 2013 holiday shopping season, I was one of the millions of shoppers affected by the Target data breach. Fortunately, no fraudulent charges were posted to my card(s). I quickly received new debit and credit cards from my bank, but it was an inconvenience to update settings for automatic debits from my accounts and stored credit card numbers on frequently used websites.
The risk of a privacy breach extends far beyond individual consumers like me. Pension and benefit plan sponsors must be aware of the very real threat of a privacy breach as they are entrusted with their members’ highly personal information such as birth dates, medical histories, beneficiaries and more.
Sadly, many of us have been affected by a privacy breach in one way or another. I appreciate the convenience of online banking and shopping, but I’m always a little unsettled when I hear about some retailer or bank being hacked. With the extensive amount of personal information plan sponsors must store, the thought of a breach of that data is even more alarming.
In the May/June issue of Plans & Trusts, author Fazila Nurani points out that most privacy breaches are “caused by inadequate information-handling practices and simple human errors.”
[Related: Steps for Avoiding a Privacy Breach]
She quotes Ann Cavoukian, Ontario’s former information and privacy commissioner: “The incidence of identity theft has skyrocketed largely because of poor information management practices by organizations, especially relating to data storage and retention, coupled with the explosive collection of personal information.”
Nurani suggests five key steps for reducing a plan sponsor’s risk of a privacy breach:
- Create accountability.
- Develop working policies and procedures.
- Establish personal information safeguards.
- Create a privacy training program.
- Monitor compliance.
It’s likely impossible to avoid the risk of a privacy breach completely but, as Nurani points out, it’s vital that plan sponsors minimize their risk as much as possible by developing and strengthening a privacy management program.