Standards of Responsibility

We can start to countdown the implementation deadline of 201CMR17 in hours now – as opposed to months and weeks. It’s easy to become frustrated, as businesses all over Massachusetts, independent agencies included, face changes to a myriad of day to day operating procedures. At times it feels as though the lengths we are taking to protect personal data are sending us 3 steps backward in productivity and ease of doing business. I’ve felt it myself, as I struggle with the fact that some things, perhaps, should not be sent via email. 

At this point I won’t debate the merits of the legislation, its difficulties, or impositions. What I can do is suggest that in the face of feeling frustrated over the changes, it is probably a good time to take a step back and remember the responsibility we have to our customers. 

You have likely read the latest edition of MAIA’s Registry News, in which our editor, Donna McKenna, detailed a story about a recent investigation by the Registry regarding what appears to have been the misuse of ALARS information. This is a perfect illustration and reminder that many agency employees have access to personal data that is maintained in both client files and in these larger databases. In addition, there are also times when agency staff must obtain other personal information about client situations including divorce, DUIs, medical conditions, and family finances in order to get their jobs done properly. While we may not think about confidentiality in the same way that health care professionals do, it is important to remember that our clients expect their personal stories to remain just that. 

Our customers expect us to treat them with respect and they expect that their personal data and situations will be protected. They give up their identifying information (often times reluctantly) so that they may be provided with the insurance policies they need to protect their assets. In light of this, each agency staff person (licensed or not) has a responsibility to utilize that information wisely and within the confines of the law. 

While 201CMR17 looms large in our minds right now, the idea that we have a responsibility to protect our clients’ information is nothing new, and fortunately, most agencies do make this a priority. The next time you feel the urge to groan with annoyance over encrypted email or your agency WISP, I hope that you can find just a bit of consolation in the fact that these measures should be helping to maintain your clients’ integrity and the reputation of your agency. 

*****
The recent Registry News  referenced above, outlines the proper use and authority granted to agents regarding driving records, and is recommended reading for all agency employees. 

MAIA Members may visit the Info Online page of massagent.com® to access 201 CMR 17 compliance information, articles and samples.  In addition, the recently run 3 Part Data Security Webinar is available for purchase on CD.