Are your clients prepared with a written identity theft prevention program in anticipation of the FTC's Red Flag Rules enforcement date of November 1? Have you discussed with them how Cyber, Security & Privacy insurance policies can not only provide comprehensive protection, but also improve internal risk management?
With breaches up over 50% from the previous year, the threat of a security breach is real. The consequence of data breaches cost today's business owners an average of $6.6 million per incident, and this cost is on the rise, according to a study conducted by the Ponemon Institute earlier this year.+ Agents can take the lead in helping clients understand their potential risks, their responsibilities, and providing valuable insurance solutions.

Provide Your Client With Solutions. The best solution for most clients is to customize an insurance policy that fits the organization's specific needs, combining coverages that historically have only been offered in separate pieces. There are several key insurance coverage components that should be considered by all client types; failure to address these exposures could place your client, and you, at risk. As specialty professionals, we not only know the ins and outs of coverage in the market today, but also how best to craft what suits your clients needs.

Comprehensive Risk Assessment. Not only can we provide solutions for specific clients, our experts can analyze your book of business and identify for you the highest risk scenarios. Then, our detailed Policy Review & Analysis™ will take a closer look at existing coverage gaps and provide advice on insurance coverage solutions. Our cyber professionals can assist you in presenting this risk analysis to your clients, ensuring that you are providing the best possible advice.

S.H. Smith & Company, a nationally recognized expert with regard to the placement of Cyber, Security and Privacy insurance policies, has information and materials to share with your clients. To receive your kit, simply contact:

Charles Bellingrath
Connecticut Office
860.561.3600
800.356.0168
 David Perkins
Massachusetts Office
781.449.2227
800.735.1023
Jeanine Loomis
Minnesota Office
651.647.6254
877.279.8500
 Ed McGuire
Pennsylvania Office
610.644.8433
866.910.8433

Red Flags Rule
The Rules require that 'creditors' with covered accounts implement a written identity theft protection program, defining 'creditors' as any business that defers payments for services.

Enforcement of this Rule has been suspended multiple times over the past year; it is doubtful it will continue to be suspended in totality. However, there may be certain types of businesses that will see delays:

Lawyers: There is a hearing this week on a lawsuit put forth by the ABA claiming that the FTC does not have statutory authority to regulate lawyers.

Under 20 Employees: Legislation has been passed by the House of Representatives to exempt legal, accounting and healthcare practices that employ 20 or less people. This bill is now before the Senate.

Recent Breaches*
Oct. 20, 2009 ChoicePoint (Alpharetta, GA)
ChoicePoint has been fined $275,000 by the U.S. Federal Trade Commission for a data breach that exposed personal information of 13,750 people last year. In April 2008, ChoicePoint turned off a key electronic security tool that it used to monitor access to one of its databases and failed to notice the problem for four months, according to an FTC statement. During that period, unauthorized searches were conducted for 30 days on a ChoicePoint database that contained Social Security numbers and other sensitive information. Click here for FTC statement.

Oct. 15, 2009 Virginia Department of Education (Richmond, VA)
A flash drive containing the personal information of more than 103,000 former adult education students in Virginia was misplaced. The information included names, Social Security numbers and employment and demographic information.

Sept. 5, 2009 Mitsubishi Corp. (New York, NY)
A Mitsubishi Corp. internet shopping unit lost credit card details on 52,000 customers after its servers were hacked from overseas. The company has informed customers and relevant authorities of the leaks and has suspended the website.



+ Ponemon Institute, "Fourth Annual US Cost of Data Breach Study."
*Privacy Rights, A Chronology of Data Breaches

OFFICES: CONNECTICUT, FLORIDA, MARYLAND, MASSACHUSETTS, MINNESOTA, NEW YORK, NEW JERSEY, OHIO, PENNSYLVANIA

WWW.SHSMITH.COM

For general information about S. H. Smith, feel free to call or email anyone at any of our offices. For any state not listed below, please contact , President. S. H. Smith & Co. is a national firm, licensed to write in all 50 states.

Massachusetts office
Michael McIntire
774.238.6806

Connecticut office
Jon Kinder
860-656-1229

Ohio office
Terrence Coughlin
330.656.2525

Ohio/Kentucky/Indiana office
Lori Ault
440.930.0543

   

Minnesota/Upper Midwest office
Mark Mattson
651.647.6254

Pennsylvania office
Ed McGuire
610.644.8433

New York/Vermont office
Les Dalmata
315.826.5244

Maryland Office
Joseph Dvornicky
215.528.4200

S.H. Smith & Company is a national independently-owned specialty insurance broker, managing general agency and program administrator. Our specialists in each of our divisions have a depth of experience which we believe is unmatched in the industry. For more information, please call Scott Smith at 860.561.3600 or email by clicking here.

Our main office is located at 20 Church Street, Suite 1500, Hartford, CT 06103 and can be contacted by phone at (860) 561-3600. This newsletter is subscription based and is not unsolicited email. If you would like to unsubscribe, please e-mail marketsmarts@shsmith.com.