Letter to the Editor
Risk Awareness Key
Dear Editor,
I was pleased to see the article Privacy Breaches Continue: B.C. Insurance Council (January 2010, p.8), because it helps to raise awareness about the importance of complying with Canadian privacy laws. Are you Selling Insurance or Building a Business? (January 2010, p.21) was also interesting because, in addition to offering some great suggestions for building business, it also offered a couple of suggestions which, if implemented, would breach Canadian federal and provincial privacy laws.
Brokers, agents, adjusters, and everyone else in the insurance continuum collect, use, and disclose personal information so that coverage can be quoted, provided, and administered. Using that personal information for any [other] purpose–such as sending birthday wishes–would be a breach of privacy law.
Each person whose personal information is used in a way that violates privacy law is entitled to file a formal complaint with the Privacy Commissioner; this, then, can invite an investigation, a ruling, and a potential court action–all of which could have serious consequences. In addition, the cumulative impact of operational [disruptions], administrative time, and dollar costs of responding to each complaint could be an overwhelming burden.
Avoiding these costly consequences is a simple matter. First, it is necessary to articulate an appropriate data protection policy and procedure. [This ensures] that the people entrusted with clients’ personal information know how to properly handle, protect, and safeguard that information. Secondly, ensuring that personnel are properly educated about what is required and prohibited under privacy laws. Having those protections in place could clear the way for using personal information in ways unrelated to the original purpose, and make it possible to send birthday wishes to clients in a way that does not risk complaint or investigation. More importantly, though, is the fact that having properly constructed data protection policies in place is a fundamental requirement of Canadian privacy law, and the first step for any organization to comply with those laws.
From the B.C. experience (Privacy Breaches Continue: B.C. Insurance Council, Frontlines, January 2010, p.8) and my own years of experience delivering data protection and privacy workshops to insurance professionals and to countless other clients and audiences across Canada, it’s clear that the awareness about data protection and how to comply with Canadian privacy laws remains lacking in many organizations. It’s also clear that each of those organizations has accepted a huge risk–perhaps without even realizing that the risk exists.
Sharon Polsky, President & CEO, AMINA, National Chair, The Canadian Association of Professional Access and Privacy Administrators (CAPAPA)
Print Directory
Order Your Copy of the General Insurance Register Today
The General Insurance Register is the only national sourceguide for all segments of the Canadian P&C industry
Search the Insurance Directory
Sovereign General Insurance Company Category: Insurer
Elliott Special Risks LP Category: Wholesaler, MGA, or Intermediary
Creechurch International Underwriters Category: Wholesaler, MGA, or Intermediary
Trans Canada Insurance Marketing Inc. Category: Wholesaler, MGA, or Intermediary
Morgex Hole in One Category: Wholesaler, MGA, or Intermediary
