CSAA IG 2024 Impact Report_0725_Rev4 - Flipbook - Page 40
Practice
Our Impact
2024
From our CEO
People
Practice
Data privacy and security
CSAA is committed to protecting the
privacy and security of the personal
information we maintain. Our approximately 4,000 employees are our first
line of defense in keeping CSAA
secure, and all employees and contingent workers are required to comply
with our privacy and security notices,
policies, processes and standards.
To increase employee vigilance and
awareness of our collective and
individual responsibility to safeguard
personal information, we deployed
yearlong phishing campaigns
(45,000+ phishing simulations) and
information security awareness
training in 2024. This training highlights
the importance of cybersecurity
and handling data appropriately, and
all new employees and contingent
workers are required to take the course.
Additionally, to combat the continued
cyber threat posed to the company,
we onboarded several well-respected
incident response vendors under our
privacy incident response program
BACK TO TOP
Planet
Artificial intelligence
to assist if we suspect a potential
privacy or security incident.
In April 2024, we conducted our annual
Lighten Up! Week. This campaign
motivates employees to assess and
discard records no longer pertinent
to our operations. The objectives are
multifaceted: to decrease storage
costs and volume, safeguard sensitive
information and adhere to regulatory
retention standards. This yearly event
fosters the maintenance of precise,
relevant and secure data, which
facilitates organizational growth,
efficiency and success. By sustaining a
healthy data ecosystem, we contribute
to reducing our carbon footprint, as
less data stored in the cloud equates
to fewer emissions.
In October, we orchestrated Cybersecurity Awareness Month to underscore the critical importance of
cybersecurity awareness and preparedness. Our initiatives included
annual phishing awards, an interactive
trivia contest, recognition rewards,
and insightful guest speaker presentations, all aimed at fortifying CSAA's
security posture. A standout event of
the month was our Chief Information
Security Officer's panel discussion on
artificial intelligence, with the CEO of
a cutting-edge cybersecurity firm and
two internal experts.
In 2024, we formalized artificial
intelligence (AI) governance, ensuring
we uphold the trust placed in us by
our customers, employees, agents
and other partners through the
responsible use of AI, including
generative AI.
In addition, we continue to implement
privacy and security controls to
reduce the likelihood of loss, misuse
or other inappropriate disclosure
of personal information. Examples
include ongoing testing and courses
on email phishing and security best
practices, and data classification
and handling applications, among
other initiatives.
• Implemented a governance program
CSAA also created the Data Office
in 2024 to review new data initiatives
and ensure they align with company
objectives, policies, ethical standards,
laws and regulations. It comprises
subject matter experts from across
the company, including members of
Legal, Corporate Compliance and IT.
To this end, we:
to ensure CSAA’s use of AI and
generative AI are in line with CSAA’s
core values
• Formed an AI Board comprising our
executive leadership team and an AI
Council that reviews all AI-related
projects and initiatives to confirm
our use of AI adheres to our Guiding
Principles for AI, our Security
position and our Regulatory and
Compliance needs
• Stood up an AI Accelerator
team incubated within Strategy
& Corporate Development to
prioritize, fund and manage the AI
projects that will be most impactful
for the company
