New York Regulatory Update 2011

CISO Executive Network

Understanding the Regulatory Environment

New York Breakfast Series Roundtable

Thursday, February 3, 2011

8:00 am - 12:00 noon

Reed Smith

Speakers

Paul Bond  Reed Smith

Misha Govshteyn  AlertLogic

Dave Kosenko  BigFix/IBM

Member Speaker

Linda Cooper Angles  Guardian Life Insurance Co.

Here's our interview with Linda.

CISO Executive Network Member Linda Cooper Angles Discusses Regulatory Compliance

At a life insurance company, there is an entire alphabet of regulations to deal with.  Add to that the compliance issues that cover the medical community since Guardian Life Insurance also touches on healthcare. 

“Plus, we have to consider state regulations,” says Linda Cooper Angles, Corporate Information Security and Governance Officer.

Linda believes it is important to provide education to corporate leaders on the many different compliance issues, but she adds that it is important for her information security team take ownership of corporate policies and make sure they are being compliant with government regulations. 

“We don’t have a legal department, so we put together working committees,” says Linda.  It’s important to bring people who work on the operational side of the business into the loop, she adds.  “We need them to help translate their needs and how the regulations fit their departments.”

To keep current of all the different (and changing) regulations, Linda recommends mapping out the regulations in some manner to compare and contrast them against other security policies.  This allows you to keep track of what the priorities are and what can be improved. 

The priorities on how to best implement the regulations is often dictated at the state level.  “Sometimes it is most efficient to choose the state with one of the more stringent regulations and set corporate policies around that,” Linda says. 

Why put all this effort into understanding regulations and making sure the company stays in compliance?  Like many things in business, it comes down to the bottom line.

For one, staying on top of compliance issues can reduce the cost of the examination in a compliance audit.  “An examiner can stay for months and the company has to pay for that stay and everything involved in the examination,” says Linda.  “You want that examination to go quickly.  And you want to avoid being fined.”

Not being compliant can also make the company civilly liable if there is a breach.  “An accident or a misfortunate incident is one thing,” says Linda. But it is a far different matter if the company tries to claim ignorance of the regulations when they were obviously lazy about compliance.

Finally, a breach can cause irreparable brand damage to the company, and that can lead to untold dollars in loss of clients and business. 

Her best advice?  Organize and collaborate.  “Reach out to others to talk about these issues,” she says.  “Don’t try to make all the decisions on your own.”

Linda joined Guardian Life Insurance Co. in 2003, where she is the Corporate Information Security and Governance Officer.  She is responsible for managing and leading the enterprise-wide information security and risk management program, which includes defining corporate policies and standards, developing and implementing risk management methods, monitoring key information risks, and championing related corporate initiatives.