5. 57% said their employers data protection policies were ineffective
6. 42% indicated there was poor communication and enforcement of data security polices
7.
8. If you are outsourcing to others that have access to your corporate and worksite employee data, as well as your client companies’ data, ensure that your provider has employee security checks in place. Also make sure they agree contractually to assume responsibility on your behalf any consequences for the acts of their employees that compromise privacy.
9. Establish a corporate data security policy that is under constant review to ensure it remains current. The policy should not only be included in your employee manual and procedures, it must be communicated and training provided on an ongoing basis.
10. Be certain your I.T. technicians are constantly updating and testing your data security systems.
11. Engage an outside data security firm review to review your data security and test your I.T. system safeguards on a regular basis. This will not only help prove the security of your system, but provide a professional third party opinion on your security based upon their experience with their corporate clients facing the same issues.Risk Transfer Insurance may provide some peace of mind as a backup to your company corporate data security policy. The bad news is that the standard insurance purchased by PEOs typically does not provide any coverage for violation of privacy, and in fact most policies specifically exclude coverage for privacy issues. The good news is that insurance is available for such privacy breaches as a mitigation response should your PEO experience unauthorized access to your data. These specialty coverage insurance policies can provide coverage for notification expenses and/or to include the mitigation and restoration expenses associated with a privacy breach. Closing Privacy violations can be financially devastating to a PEO for both the immediate costs of an event as well as future revenues lost due to the bad publicity that occurs with these kinds of incidents. It is imperative that a best practices program of preparedness that includes I.T. security, compliance, training, and response be undertaken in order to avoid and limit the potential consequences of this all too often occurring situation.