Deadline Looms for Citizens Appointment Agreements Addressing Data Security

By | June 16, 2016

Appointed agents and agencies of Florida’s Citizens Property Insurance Corp. have just two weeks left to sign new appointment agreements or have their contract with the state-run insurer terminated.

Agreements designed to ensure all of Citizens’ appointed agents and agencies are in compliance with the insurers recently implemented data security standards were finalized in March with a signing deadline of July 1. The agreements are part of Citizens’ efforts to prevent data security exposures or incidents for the company and its policyholders.

“The protection of our policyholders’ privacy and the integrity of our data system is of paramount important to Citizens. As such, it is important for Citizens to make sure agents are up to date on the quickly evolving issues of cyber security and how they can best help to protect themselves and their customers,” said Michael Peltier, Citizens media relations manager.

The new 13-page appointment agreements add language to address Citizens’ requirements around technology and data security. Key changes in the agreements involve the handling and protection of confidential customer information and the responsibility of agents/agencies in the event of a breach, including their duty to Citizens if a data breach occurs. The agreements also lays out information security measures that must be implemented by those appointed by Citizens, such as virus software, password protection protocols, and encryption of confidential files/personal information.

The final agreements are the result of a compromise between Citizens and agent association groups, including Professional Insurance Agents (PIA) of Florida, that worked with Citizens to ensure the language in the agreements didn’t enhance or extend liability of Citizens’ agents/agencies.

“The agreements attempt to make it very clear what the agents role is with Citizens [in the event of a data breach] – they need to be proactive in contacting customers and Citizens and let them know that the incident is being addressed and what is being done to keep it from becoming a large-scale incident,” said Corey Matthews, CEO and executive vice president of PIA of Florida. “[Citizens] really defined who takes control and makes people really aware that they need to monitor their systems.”

Mathews said the final agreements incorporates 100 or so changes/suggestions from the associations to what Citizens first brought to the table.

“We tried to make sure that the agreements protected both the agent and consumer,” he said. “We worked really hard to make sure it was a reasonable set of changes and that they don’t impose a huge burden on agents beyond what they need to be doing anyway.”

Mathews said the agreements don’t shift the liability to the agent but instead highlight their responsibility to the customer.

Carl Rockman, Citizens’ director for agency services, concurs.

“With more than 7,000 agents handling nearly a half million policies, we want to do everything we can to make sure our frontline agents understand their role and responsibilities in terms of information privacy,” said Carl Rockman, Citizens’ director for agency services.

PIA of Florida has offered a number of webinars and other educational opportunities for its members who are appointed with Citizens to learn about the new agreements. Citizens has also been offering webinars that provide general information about the new agreements and cyber security, as well as a mandatory online training course on cyber security.

Mathews said it is particularly important for agents to understand the changes because if the information of a Citizens customer is breached and it is determined to be the fault of an agent or agency, they would be assessed for the costs associated with the incident by Citizens.

“This agreement puts agents on notice of their responsibilities. We are really strongly encouraging our members to take a look and see what their exposures are,” he said.

PIA of Florida is also working on educating its members on the importance of protecting their systems and customer data. The association is currently working on putting together a cyber security manual for its small to medium-sized agencies, as well as working with Citizens to put together procedure manuals.

“We have engaged in a very aggressive cyber security education process with our members and are encouraging them to purchase a cyber liability policy,” Mathews said.

The Citizens agreements, however, does not require its appointed agencies and agents to purchase data breach coverage. Mathews said that was something they looked at but ultimately decided that cyber liability coverage is not a “one-size-fits-all” policy. It would be cost-prohibitive and complicated to require those with Citizens appointments to have coverage, he said.

As of mid-June, Rockman said that 85 percent of agencies and agents have already signed the new agreements, and the insurer has “been very encouraged with the response up to this point.”

Mathews said he has not heard anything negative against the new agreements from its members – if anything, he said, it is helping to motivate them to be proactive against a data breach event.

“It is a concern for a lot of agents and they are worried about what the impact could be for them,” Mathews said.

About Amy O'Connor

O'Connor is the Southeast editor for Insurance Journal and associate editor of More from Amy O'Connor

Was this article valuable?

Here are more articles you may enjoy.