ACE USA, the U.S.-based retail operating division of the ACE Group, has added five new member firms to its ACE data breach team. This pool of independent, third-party professional service will help organizations and businesses execute data breach response plans. In an ongoing effort to help policyholders mitigate and manage the rising risk and expense of data breaches, ACE has expanded this panel of independent legal, computer forensic, notification, call center, crisis communications, fraud consultation, credit monitoring, and identity restoration firms.
It has become clear that many midsize and smaller companies have the desire but may often lack the resources to develop a sophisticated security risk management program. As a result, they require additional guidance in locating qualified vendors to deal with these events. In contrast, many large organizations have well-developed data breach response plans that include a list of reputable vendors who match their needs. These firms want to select their own vendors and should not have to choose them from a short vendor list,” said Michael Tanenbaum, senior vice president, ACE Professional Risk.
Due to increasing regulations affecting industries like healthcare, consumer finance, and retail trade, a breach response plan and the service providers who will execute the plan should not follow a universal “one-size-fits-all” approach for every company, regardless of industry. As a result, it is important to have a wide range of service providers who have experience — not only with the services they provide – but also within a particular industry that may require a tailored approach, based on legislation.
“An organization in the healthcare field experiencing a breach that compromises medical records has highly specific needs for legal, notification, and identity-monitoring procedures. This is true because, given the nature of Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, electronic health records are increasingly used and, as a result, the potential risk of medical identity theft has grown in response,” said Anthony Dagostino, vice president, ACE Professional Risk. “Meanwhile, a loss of credit card numbers at a retail chain may require a different notification process and different set of monitoring services to be offered by the chain to their affected individuals,”
ACE Professional Risk’s privacy protection and network liability protection policies, ACE DigiTech® and ACE Privacy Protection®, provide privacy, network security, and media liability coverage for all industries, include access to ACE’s data breach team, with discounted loss control service fees for ACE policyholders. The ACE DigiTech® policy also offers technology errors & omissions and miscellaneous professional liability coverage.
ACE Professional Risk’s data breach team, combined with the data breach team endorsement, bridges the gap between risk transfer and purchased loss control, creating a risk management program for privacy, data breach, and network security risk.