In consideration of Data Privacy Day, it is the perfect time to take stock of retirement and health plan information.
Whether you work with your employer’s retirement or health plans – or you are an enrollee yourself – chances are you will need to access benefit plan data at some point. Benefit plan data can include more straightforward information, such as name, family members, and address – or more sensitive information, such as birthdate, Social Security Number, salary, and medical claims incurred.
Questions benefit plans should be asking with respect to plan data include:
- Do you collect more information than required or retain information longer than necessary, possibly increasing your risk of a breach?
- Do you know how your data flows internally? Are there safeguards to make sure only those who need to see data can access it?
- With whom do you share data externally? Should you hold vendors to a particular privacy or security standard?
- Should you be using encryption or other security measures with respect to your data?
- What are your procedures in the event of a security breach? Whom should you notify? Should you have cyberinsurance?