CAMICO-CPA Professional and Employment Practices Liability Insurance
Member Login
Products Risk Management Services Get A Quote About CAMICO
 

CAMICO War Story:
CPA’s stolen laptop with client information and the expensive repercussions

Subject: Theft of personal identity information
Services: Pension plan audit

The regional grocery store chain of Foodstuff, based in the Chicago-Milwaukee region, employed more than 75,000 people and was a major client of the CPA firm of Nielson, Everett & Earle (NEE). The firm performed audits of Foodstuff's pension plan and sent an auditor, Bart Samuels, to the store chain's headquarters in Chicago to upload pension plan participant data onto his laptop computers as part of the audit work.

Samuels returned to his home that evening and later left his laptop in his house while going out to dinner Friday night with his wife. When they returned home, their front door was unlocked and several of their possessions were missing, including Bart's laptop.

Samuels was planning on encrypting the participant data when he got into work Monday morning, but now it was too late. Personal identity information for more than 75,000 people was no longer secure. There was also confidential information on his laptop from another client, a Wisconsin pharmaceutical sales company, Fountain Pharma, with more than 40,000 employees, but that information had already been encrypted.

Samuels notified NEE's managing partner of the theft, and the partner called CAMICO's claims department, which assigned an attorney to counsel NEE in the matter.

The attorney researched the notification requirements set forth in Illinois and Wisconsin law. Illinois law called for the most expedient notification time possible, without unreasonable delay; Wisconsin law called for notification within reasonable time, not to exceed 45 days. Illinois provided an exemption for encrypted data, but Wisconsin did not provide such an exemption.

That meant notifications were required for 115,000 people, within 45 days for the Wisconsin residents. The management of both clients, Foodstuff and Fountain, were demanding that NEE provide the notifications via first-class mail, which at $0.41 for postage and $0.30 for printing, came to over $80,000, not including staff and mail fulfillment services.

Foodstuff was also demanding credit-monitoring services for its 75,000 employees for one year. At $5.95 per month per employee, or $446,000 per month, the total bill for the year would amount to $5.35 million.

Loss Prevention Tips

The personal identity information should have been encrypted as soon as it was uploaded onto the CPA's laptop. Software programs should ensure that every data field that contains personal identity information always be encrypted. Physical security should also be provided for laptops, as in locking them to a desk or equivalent item.

Remote laptop security (RLS) features will also prevent access to protected files in the event a computer has been lost or stolen. Protected files are encrypted, and the program periodically authenticates the identity of the user, shutting down when the user is unable to provide authentication. Some RLS programs will track laptops when they are connected to the Internet.

Available to CAMICO policyholders only on the Members Site is the ID Theft/Data Security Resource Center, which helps policyholders better understand the issues involved and the steps needed to protect themselves and their client data.

"War Stories," drawn from CAMICO claims files, illustrate some of the dangers and pitfalls in the accounting profession. All names have been changed.  

----------------------------------------------------------------------------------------------------------------------------

Top 5 Ways a CPA Can Be Sued+

From CAMICO's own claims files, here is a countdown of the top five ways an accountant can get sued. Send an e-mail to riskadvisors@camico.com to request your own copy of the "Top 5 Ways a CPA Can Be Sued."

FREE REPORT 

Top 5 Ways a CPA Can Be Sued!

From CAMICO's own claims files, here is a countdown of the top five ways an accountant can get sued.

Send an e-mail to riskadvisors@camico.com to request your own copy of  the free report.    

 


      News Contact Us Testimonials Employment Report A Claim For Our Agents
 

       Copyright 2014 CAMICO Mutual Insurance Company. All rights reserved.  
       Coverage for the CAMICO program is provided by (i) CAMICO Mutual Insurance Company;
       (ii) Liberty Insurance Underwriters Inc., administered by CAMICO Insurance Services. 
      1800 Gateway Drive, Suite 300, San Mateo, CA 94404. Toll free 1.800.652.1772
  
Privacy | Terms & Conditions
                  

FOLLOW CAMICO