Our unrelenting focus on privacy and data security
By Timothy Smith, Chief Privacy Officer
Unum handles tens of millions of data records, from customer addresses that are generally publicly available to very private data about medical conditions related to a claim. In each case, we are acutely aware of the trust that has been placed in us to handle this material with the highest standards for privacy and information security.
Like other companies and organizations, we guard against information security risks every day. And while we wish we could guarantee that we will never have a data breach or privacy incident, the reality is we can’t. In fact, nobody can. Just look at what happened to the NSA. Or Neiman Marcus. Or Target.
What we can guarantee is an unrelenting focus on the issue of privacy and data security. We work tirelessly to safeguard customer data, implement best practices, and promote compliance with privacy and data security laws and regulations. We approach this work along three tracks – technology, processes and people – that are dependent on each other, braided together to create a security safety net.
Our technology program is built to match – and frequently exceed – best practices and requirements that are relevant to the insurance industry. Third party evaluation and accountability to our board of directors ensure that we stay laser-focused on our mission of keeping private data secure.
Technology alone is not the primary solution to privacy protection and information management. We have adopted and implemented internal privacy processes, procedures and controls designed to ensure the confidentiality of our customers’ personal information; and comply with state and federal privacy and security laws and regulations.
Our staff of privacy attorneys and experts is experienced in the full range of privacy requirements—from HIPAA through Gramm-Leach-Bliley (GLB) to the myriad of state privacy rule enactments. This team analyzes and advises the company’s business areas on compliance with various state and federal privacy and security laws.
Our final focus rests on educating our people. New hires and existing employees receive regular formal privacy training, and targeted training is also provided to select departments based on compliance and business needs.
We are careful to discuss in detail how simple actions by employees – keeping a clean desk, shredding materials, flagging suspicious emails – are important steps to our overarching commitment to privacy and data security.
The headlines of late illustrate some of the significant challenges to information security. With every advancement that we see in information management - cloud computing, mobile devices, mobile apps and social media – we also see significant risks to the cyber threat landscape.
We combat these threats by constantly monitoring developments and taking steps to address the risks. The foundation of our business demands this level of attention.