Existing Policies and Procedures
Unum has an integrated privacy and security approach. The privacy team
works closely with the company’s information security, physical security and
records management areas, and meets monthly with a wider, cross-functional
legal team to support the Company’s comprehensive approach to privacy and
Unum has adopted and implemented internal privacy procedures, processes,
and controls designed to: (1) ensure the confidentiality of personal information;
and, (2) comply with state and federal privacy and security laws and regulations.
We have cross-functional frameworks that incorporate policies, procedures,
and business practices, and a fabric of technical and operational controls.
For example, among the measures we have implemented are policies and
procedures in compliance with various states’ laws regarding the treatment
and confidentiality of personal information, its notification requirements in
the event of an electronic data breach, and its requirements for the collection,
use and disclosure of Social Security numbers.
We may share customers’ personal information primarily with…
- People who perform insurance, business and professional
services for us
- Medical providers for insurance and treatment purposes
- Group policyholders for reporting and auditing
- Government or legal authorities when required or permitted by law
Our practices apply to our current, former, and future customers.
The law allows us to share personal information (except health information)
with affiliates to market financial products and services. The law does not allow
customers to restrict these disclosures. When required by law, we ask customers’
permission before sharing personal information for marketing purposes.
We have physical, electronic and procedural safeguards that protect the
confidentiality and security of personal information. We give access only to
employees who need to know personal information to provide insurance
products or services.
Education and Awareness
Privacy and information security training is provided to new hires and existing
employees on an annual basis, as well as through various types of targeted
training based on business and compliance need. Employees are required to
manage personal data responsibly and in compliance with privacy laws and
our company policies. This begins with our Code of Conduct and applies to
- Personal data of our customers, business partners and employees
- Details about the company’s business that are not known publicly
- Non-public information that might be of use to competitors or
harmful to the company if disclosed, such as product development
or new technology
- Information that suppliers, customers and claimants have entrusted to us
Unum has an incident response plan, which is frequently updated to
ensure all steps are clear, concise and accurate. The Incident Response
Team investigates any reported unauthorized release of sensitive personal
information to determine if an information security breach has occurred. If the
Incident Response Team determines that a breach has occurred, we will take
appropriate actions to protect the impacted individuals.
We align to the regulatory and compliance requirements for reporting based
on state data security breach notification laws and, for HIPAA covered products,
to the US Department of Health and Human Services (HHS) federal laws. In
the event of a security breach, we will notify you in the most expedient time
and manner possible, without unreasonable delay, consistent with applicable
federal and state laws.