It seems like each day a new report comes out highlighting another data breach at a hospital, bank or insurance agency. This is largely because breaches involving company computer and record-keeping databases are being compromised more frequently - putting more consumers at risk of falling victim to identity theft.
As a result, regulators in Connecticut have instituted a new policy that will require insurance providers to notify consumers that may be affected by a data breach within a five-day period. According to the Insurance Journal, the new legislation was established shortly after a string of both public agencies and insurance groups lost hard drives and computer files containing sensitive client information. The rules will apply to any and all groups that provide insurance, including healthcare providers and companies that provide property and casualty services. The notification must be provided in writing and include information such as how the breach occurred, the actions being taken to stop it and the type of information lost.
The five-day rule will require consumer notification if any "personal information" is leaked, lost or stolen. Under the state definition, personal information refers to "information capable of being associated with a particular individual through one or more identifiers, including, but not limited to, a Social Security number, a driver's license number, a state identification card number, an account number, a credit or debit card number, a passport number, an alien registration number or a health insurance identification number."
The rule does not include any information that can be found on through public files, media or social networking sites, including a consumer's name, address or date of birth.
Although most organizations offer credit monitoring services to consumers who have been affected by a data breach, this is not always that case and consumers may consider signing up for individual services. Credit monitoring is an effective way to keep tabs on an individual's credit report and any changes that are made to their file. This includes new accounts that may have been opened fraudulently under their name.