Effective April 1, 2019, the AmTrust Workplace website for your Employment Practices Liability (EPLI) coverage written with your Package, BOP or Workers' Compensation policies is being updated to a new name, AmTrust Employment Risk Solutions, and a new URL, AmTrust.EmploymentRiskSolutions.com. Your existing user credentials will remain in effect and can be used to log in to the new site. Please contact The McCalmon Group, Inc., platform administrators, 888-712-7667, if you have any trouble with registration.

AmTrust Workplace
print   email   Share

Limit Data Sharing With Third Party Contractors To Lower Breach Risk

The Federal Emergency Management Agency (FEMA) recently announced that it experienced a data breach that exposed the sensitive personal information of 2.3 million disaster survivors. These individuals could be at risk for identity theft and fraud as a result.

The Department of Homeland Security Office of the Inspector General determined that the breach occurred when the agency was transferring

information to a contractor to secure temporary housing for individuals affected by hurricanes Harvey, Irma, and Maria, as well as the 2017 California wildfires.

A watchdog report stated that, although FEMA must share certain personal information, FEMA violated the Privacy Act of 1974 by exposing banking information, including transfer numbers, and personal addresses.

FEMA claims to have taken measures to mitigate the negative effects of the breach: it has stopped sharing unnecessary personal data with the contractor; it conducted a detailed review of the contractor's information system; and it is working with the contractor to remove unnecessary personal information from its databases. FEMA also claims to have updated its contract to require compliance with Department of Homeland Security (DHS) cybersecurity and information-sharing standards and to have instructed its contractors to complete additional privacy training.

A representative for FEMA stated that it has not yet found evidence that personal data has been misused. FEMA represents that it is working to improve personal information transmission by 2020. Juliegrace Brufke "FEMA exposed personal information of 2.3 million disaster survivors" thehill.com (Mar. 22, 2019).

Commentary

When organizations share sensitive personal information with third-parties, including contractors, they should do so only when there is a clear job-related necessity and in a protected, limited manner so that only the specific data that the party needs to perform the job is shared.

Do not send all stored sensitive data when a third party needs access to certain data. Instead, only transmit the specific data the contractor needs for the job. When sharing data with third parties, require them to follow cybersecurity best practices and sign a contract stating that they will do so. Consider requiring contractors to complete training on your required cybersecurity measures.

Finally, your opinion is important to us. Please complete the opinion survey:

Are you a new user?

Register Here

 

Retrieve Password

Recent News

Not All Search Engine Sites Are Safe: The Fallibility Of Blacklisting

Blacklisting helps users avoid malware-infected sites, but there are flaws. We examine. Read More

Ransomware: Still A Risk For All Organizations

Cybercriminals often spread ransomware and other malware through phishing emails. Learn why employee training should not be your only protection. Read More

Cybercriminals Targeting Organizations And Individuals With Email Compromise Scams

Real estate scams and similar cybercrimes can cost organizations thousands of dollars. Learn how to spot the signs and reduce your risk. Read More

Recent Articles

Do Single Mothers Have To Show Coercion To Prove Sexual Harassment?

A single mom sues her long-term former employer. Jack McCalmon examines whether single mothers have more to prove when it comes to sexual harassment charges. Read More

Not All Search Engine Sites Are Safe: The Fallibility Of Blacklisting

Blacklisting helps users avoid malware-infected sites, but there are flaws. We examine. Read More

How You Manage Is More Important Than Labels

How you define your role affects employee satisfaction. Learn what words - and, more importantly, actions - work best. Read More