I n 2014, health insurance provider AvMed, Inc. was ordered by a Florida federal judge to pay up to $30 to every one of its customers whose personal information had been compromised when two company laptops were stolen – a total settlement of about $3 million. The case set a precedent because AvMed was not only required to compensate plaintiffs who had experienced identity theft as a consequence of the data breach, but every client whose data was affected. Cases involving such data breaches are becoming more common. In 2018, the non-profit health plan EmblemHealth was required to pay $575,000 after a mailing error exposed over 80,000 social security numbers. In a similar case, another healthcare company, Aetna, had to pay a hefty $17 million after a 2017 mailing revealed information about clients’ prescriptions for drugs used to treat HIV. One might blame these incidents on avoidable error, but for any company that handles personal information on behalf of its clients or employees, the risk of allowing data to fall into the wrong hands has been growing with the increasing sophistication of cyber attacks. For professionals in relocation, this is definitely something to pay attention to. Like healthcare companies, relocation professionals manage a tempting array of personally identifiable information (PII) and protected health information (PHI), ranging from social security and banking information to health records, passport infor- mation and even details of when a family will be vacating a home, and for how long. There are many avenues for cyber-theft to occur within the industry. Among these is email. “Email is just about the most vulnerable thing when it comes to being intercepted or someone finding the data,” says Michael Deane, co-owner and VP client services with All Points Relocation Service Inc. “Personal informa- tion is still sent by email. That should be reduced by depositing private information within a secure system that is locked down and encrypted.” Only authorized users are able to add or view data stored securely online, adds Deane, cautioning: “You are only as good as your cloud-based vendor, so you should know your vendor and their security protocols.” As the situation with AvMed demonstrates, phones and laptops are other vulnerable points of access, either through simple theft PLUGGING DATA LEAKS By Sarah B. Hood It’s time for the relocation industry to pay close attention to cyber-security SECURITY 42 PERSPECTIVES Fall 2018