Diane Stafford reports:
Assurant Employee Benefits said Monday that 1,007 customers in the Kansas City area have been notified that their personal information inadvertently was made available to another business client administrator.
The insurer said human error caused those customers’ names, addresses, dates of birth, social security numbers and types of coverage to be available to a business client other than the employer of those policy holders.
Bradley Peak, Assurant vice president of products and marketing, said the information never was accessed and that the company human resource officer who incorrectly received access to the information immediately reported it.
Access to the information was terminated as soon as the mistake was discovered, Peak said.
Melonie Jones, Assurant’s chief privacy officer, said the company takes the security of customer information very seriously and “will continue to monitor and improve our accuracy in the customer advocacy area.”
Assurant said it has offered affected customers identity theft protection coverage for one year as a precaution obligated by law.
Peak said the incident occurred during a few minutes in March. Affected people were notified Friday.
Source: Kansas City Star.
So what did that few-minute gaffe cost them, I wonder? And does anyone think identity theft protection coverage was really necessary in this case – other than it being reportedly proscribed by law?
Interesting, there is no section in the Kansas notification law that requires identity theft monitoring. I just read it again. That type of law would hurt many business and probably close mid to small businesses completely. To be clear- there is no protection coverage proscribed by law.
Thanks, golde. I didn’t think there was any such provision, either, but haven’t had time to research it. Just checked and I agree that there’s nothing in the state’s security breach notification law, but I’m wondering if the state insurance commission might have some additional rules for insurance companies.