INTERNET INSURANCE SECURITY ARRANGEMENTS AND POLICY

8th of February, 2018 for Electronic Commerce of Insurance Products

Introduction

As part of the eight-point commitment stipulated in our Customer Charter, we strive to provide our clients with the highest level of confidentiality of their information as possible. We also commit to provide safe and secure operations in the conduct of transactions online.

Our Privacy and Security Policy, which can be found in our website and a copy of which is also included here, explains how we ensure the security and confidentiality of our clients’ information and manage it carefully. This document describes the security practices governing www.autosecure.ph and supplements our Privacy and Security Policy.



Security Arrangements and Features

We recognize that technological attacks are unlikely to be eradicated hence we strive to maintain a strong cyber defense and response mechanism. We also recognize that absolute cyber security is unlikely to be ever achieved, thus we continuously monitor and strengthen our cyber security.

  • a. How we store data

    PLGIC complies with the storage requirement as provided in the Data Privacy Act of 2012 and other related laws. The www.autosecure.ph website store all information necessary to process an insurance coverage application in a POSTGRESQL database.


  • b. Who has access

    We have implemented procedures to ensure that only authorized representatives of PLGIC may view the clients’ information to protect the confidentiality of our clients’ personal data. This is also in strict compliance with the mandates of the Data Privacy Act of 2012 and all relevant laws. Thus, www.autosecure.ph has designated administrators who have full access to and can authenticate the data in the system. Client personal data is only made accessible to those particular employees who are handling such client’s account/s with their assigned usernames and passwords issued by the administrators. All other individuals have very limited access, also with designated usernames and passwords issued by the administrators, depending on the need and their roles as employees or as agents. Furthermore, user-access is regularly updated by the designated administrators.


    Only employees — who are also policy issuers — are authorized to manage the list of agents, user accounts, policy issuances, and the experience rating of every client. Agents are authorized only to insert credentials of clients and provide the quotation of the premium.


    In addition, access to our systems is logged and strictly monitored by our systems administrators. Hence, any possible breach can be traced right away.


  • c. How is the data protected

    We have implemented authentication mechanisms and security features to ensure the confidentiality, availability and integrity of information that is processed, stored and communicated by electronic or similar means through www.autosecure.ph.


    Thus, information collected from the clients and other data generated for every transaction and stored within the system are encrypted with SSL certificates.


    Moreover, digital copies of the policy are embedded with hash codes and are digitally signed with our security certificate which can verify if there are any changes on the document after it has been generated and signed. A copy of the digital policy is also automatically sent to the email of the client after authentication.