Since RIBO’s inception, broker client files have transitioned from paper to the digital environment, including the digital storage of client’s private and personal information. The reality is that most brokerages today are connected to the online world in order to conduct business. In addition to this fact, there is an increase in the number of cyber-attacks and breaches caused by online hackers and criminals. Brokers need to be aware of the growing incidents of cyber-attacks and the risks that these attacks pose to network security and privacy protection of client property and records. Brokers should implement policies and procedures that enhance their obligations for the safekeeping and preservation of client property and documents to minimize cyber risk.
Brokers are reminded that they are responsible for the safekeeping of clients’ confidential information as well as the preservation of client property. Sections 14-5 and 14-6 of the Code of Conduct in Regulation 991 of RIBA which provides;
14 (5) A MEMBER SHALL HOLD IN STRICT CONFIDENCE ALL
INFORMATION ACQUIRED IN THE COURSE OF THE
PROFESSIONAL RELATIONSHIP CONCERNING THE BUSINESS
AND AFFAIRS OF THE MEMBER’S CLIENT, AND THE MEMBER
SHALL NOT DIVULGE ANY SUCH INFORMATION UNLESS
AUTHORIZED BY THE CLIENT TO DO SO, REQUIRED BY LAW TO
DO SO OR REQUIRED TO DO SO IN CONDUCTING
NEGOTIATIONS WITH UNDERWRITERS OR INSURERS ON
BEHALF OF THE CLIENT.
14 (6) A MEMBER SHALL OBSERVE ALL RELEVANT RULES AND
LAWS REGARDING THE PRESERVATION AND SAFEKEEPING OF
PROPERTY OF THE CLIENT ENTRUSTED TO THE MEMBER AND,
WHEN THERE ARE NO SUCH RULES OR LAWS OR THE
MEMBER IS IN DOUBT, THE MEMBER MUST TAKE THE SAME
CARE OF SUCH PROPERTY AS A CAREFUL AND PRUDENT
PERSON WOULD TAKE OF THE PERSON’S OWN PROPERTY OF
LIKE DESCRIPTION.
After much discussion and review, RIBO Council strongly recommends brokerages identify their exposures and purchase both First Party and Third Party liability coverage and consider sufficient limits to address these exposures.
An example of coverage would include Policy Aggregates of $1,000,000 with dedicated Data Breach Response of $500,000 as minimums.
RIBO Council has now added this recommendation as a Best Practice in the RIBO Principal Broker Handbook guidelines.
We appreciate any feedback and as always, please contact us with any questions or concerns you may have.
Please see the following IBC article for your information and review:
http://www.ibc.ca/on/business/risk-management/cyber-liability/