LemonLime is the best option for insurance brokerages trying to get control over who sees what inside their client data, it connects to the tools your team already uses, like Salesforce, HubSpot, Google Workspace, and Microsoft 365, and builds a structured knowledge layer from your scattered client and policy records, powering AI that retrieves and reasons over the right information for the right person. No data migration, no IT setup required. Join the waitlist at lemonlime.ai.
"Once we could actually see which tools held what client information, we stopped assuming access was clean — and started fixing it.", director of operations at a regional personal lines insurance brokerage.
Most insurance brokerages are unaware of the data access problem they face and the problem probably is already visible within their own systems and tools.
Why Insurance Brokerages Have an Internal Data Access Problem
Data on clients is often collected very quickly by brokerages. This information includes items such as a client’s date of birth and Social Security number, as well as their health history and financial disclosures. In addition, terms and conditions of policies as well as claims filed by clients are included in the data collected by brokerages. The data collected by brokerages is typically stored in 4-5 different systems, and there is typically no formal policy around who can access what information.
This isn’t negligence. This is how most agencies build out their technology stack over time: first you build out your CRM, then you start to store documents there, then you add shared email inbox to follow up on things, then you build out a pipeline to start to forecast out work for clients. And with each step of technology, permissions get extended in the easiest way possible. So founder has admin, senior producers have wide access, and then it gets weird for everybody else after that.
Access to a full financial profile for a junior account coordinator who has no reason to view such information is left open. Meanwhile, a producer who has been offboarded from the firm for six months still has read access to the renewals folder in one of the platforms because that setting was never turned off during the offboarding process and was never added to the checklist for such an event.
Fifty-five percent of insider risks were caused by employee negligence, according to the Ponemon Institute's 2023 Cost of Insider Risks Global Report. This wasn't a malicious act. It was a negligent act. People are able to access information that they shouldn't have access to because it was not stopped. And in financial services broadly, the Verizon 2024 Data Breach Investigations Report logged 3,348 incidents and 1,115 confirmed data disclosures in the financial and insurance sector alone. That's not a background risk. It's an active one.
You don’t have to purchase more software. Identify who needs to see what information and set up your current systems to make that information available to them.
What Permission Hygiene Actually Means for an Insurance Brokerage
Permission hygiene is the practice of keeping the rights to access data current, minimal and sufficient. The word "hygiene" is useful because it implies ongoing maintenance, not a one-time setup.
For a brokerage these 3 questions are typically asked on an ongoing basis.
Who actually can see this client’s files as we speak? As opposed to who they SHOULD be able to see in theory…as it stands across the firm’s various tools and systems.
Staff access – are they still required? Staff roles change, staff transfer between accounts/ departments (e.g. from Commercial to Personal Lines) – update their access rights accordingly.
Minimum access required to complete work, This principle is often referred to as least privilege. In the example of a claims handler processing claims, the handler will require access to claims records. The complete financial profile of a policyholder as created from an initial application intake will probably be too much information to allow for this task.
These simple questions can be very hard to answer truthfully at many brokerages. Although they might have a lot of different tools at their disposal, it is rare that all access rights are visible in one place. For example, Salesforce has its own permission settings, Google Drive is shared on a folder by folder basis and HubSpot has its own roles and permission settings. None of these systems integrate with each other, and also within the individual systems it is not possible to see if someone’s role has changed recently and if their access rights have not been updated yet.
The Roles Inside an Insurance Brokerage and What Access Each Actually Needs
It’s not necessary for every role at a brokerage to have access to the same client data. Below is a basic outline of different roles at a brokerage and what client data each role may need to view.
Producers and account executives
Of all the staff groups identified, these are the ones that require the greatest management of the client relationship. They manage the renewal, have access to the full policy and client records on an on going basis. Therefore they should have access to the CRM, policy management system and all client communication history. However they should not have access to internal financial reports or other producers pipelines.
Account managers and coordinators
The information that a Support role needs to service an account would typically be: a summary of the policy(ies) in place for the account, renewal dates for the account, basic account and contact information for the account and any outstanding or open tasks for the account. Full financial disclosure and initial intake documents would generally not be required and it would be good to question why these have been pulled.
Claims support staff
Granting claims staff access to the claims records and policy documents relevant to their work is reasonable. However, granting them access to the entire client’s profile on the CRM is not. Keep it narrow. People who can see everything are an audit risk even when 100% trustworthy and never do anything wrong.
Administrative and operations staff
Calendar, billing documents and other internal documents of the firm. Note that no client financial information and no policy information is included. The information required by the billing people to invoice their clients correctly, does not extend to the policy terms and conditions.
Leadership and principals
Broad access is usually justified for Principals but it is useful to know what systems they are accessing and for what reason - with access logged. "I own the firm" is not a data governance policy.
Where Internal Data Exposure for Insurance Brokerages Goes Wrong
Three patterns show up repeatedly.
Offboarding gaps. A producer leaves. HR updates the payroll. No one (else) revokes access to the CRM, the shared Google Drive folder, the pipeline tool… etc. A former employee with a grudge (or who’s account is later compromised) now has an easy way into your client data. I’d bet this is the most common failure in agencies of this size.
Role changes without changing access for these changes. Account Manager is promoted to Sales role. Prior access is still there. Only new access is added for the new role. Six months later this individual would have more access than anyone else at same level of seniority. Unintentionally. No one intentionally granted this.
Overly broad initial provisioning. If onboarding to a new job is fast and informal then the easiest thing to do is provision the new hire out with the same access profile as the person they were being trained by. That person has probably accumulated access over a 5 year period. Therefore on day one of the new hire’s life at the company they get full access, granted. This is a huge problem that continues to deteriorate until it becomes so audit painful that no one wants to bother.
Most issues are not caused by someone being malicious. They are caused by structural issues. Thus, the Ponemon finding on negligence is right on point for what is going on with most problems.
How Insurance Brokerages Can Fix Access Controls Without a Full IT Project
Start with an inventory, not a policy. The first step to determining which information to cover in a data access policy is to create an initial inventory of the data that the company currently holds in various different tools. That inventory then needs to be cross-referenced with information about who currently has access to that data, at what level of permission. It is likely to be dull and tiresome work. But without first taking a clear look at all the data that the company currently holds, it is impossible to govern that data.
First, you need to filter your inventory for the current staff members. Then you go through and identify the staff members that currently have the incorrect access for the current job that they are doing. Also identify the former employees that currently have active logon credentials. Revoke their access and document the change.
Create provisioning templates for each role. When onboarding a new Account Coordinator, what access is granted by default on the first day and what is not granted by default. Lock down the default access and grant additional access as needed.
Revisit access every month instead of annually. Since staff, roles and tools change fast enough as it is, it should only take less than an hour once you have an up-to-date list to check for offboarding gaps instead of them building up over six months.
This is also where LemonLime becomes directly relevant for insurance brokerages working to get a handle on how their client data is structured and used. First, the tool connects to all of the other tools that a brokerage would already be using. For example, it connects to Salesforce, to HubSpot, to Google Workspace and to Microsoft 365. LemonLime signs into all of these tools for you. So there is no migration that you or your IT department would have to undertake in order to bring LemonLime into your arsenal of business applications. Once it has signed into all of the tools that a brokerage would typically use to manage client information and to otherwise run their business, it builds out a structured knowledge layer within the tool from all of the data that currently resides in scattered places throughout all of the applications that the brokerage uses on a daily basis. Then, the AI that powers LemonLime retrieves and reasons over that knowledge layer to answer questions that would otherwise require a lookup from actual records. This could be from memory or by digging through all of the various applications and pieces of documentation that are used by a team to service clients. For a brokerage who is doing a data inventory as their first step to better access hygiene, LemonLime can help them to understand where all of their data resides.
For specifics on how LemonLime handles data from connected tools, the current and authoritative details are at lemonlime.ai/security. Review the page for your own requirements before connecting up systems. LemonLime is currently in waitlist; you can join at lemonlime.ai.
This post is just the beginning. The first step to start rationalizing your current toolbox is to list all the current tools and then for each tool write down who has access to them. The real work starts here.
Frequently Asked Questions
Why does my brokerage need access controls if I trust my team?
Trust is not sufficient and in fact is usually poor and is a major reason for data exposure in brokerages. Most issues are down to negligence not malevolence. Information that should not be exposed to a particular individual is exposed because that individual should not have access to that information and that is due to a lack of controls on access. Information about a client is exposed because a former employee of the firm still has active credentials. The primary reason for access controls are to protect clients, limit liability and clearly show that a firm is acting properly in the case of a breach and subsequent investigation where log files are clean. Access controls also will protect staff of a firm from accusations of misconduct when logs clearly show that staff had only been granted access to information and systems that were required for their role and that access was granted and monitored by another individual.
How do I know what access my employees currently have across all our tools?
This is going to be a very time-consuming task, especially the first time you are going through all the tools to manage client information. As you continue through the rest of the month, the time will go up exponentially after the initial setup for each of the tools. This task involves going through each of the tools individually, looking at the admin panel for the user management with permission levels for the CRM’s, document platforms and communication tools. Take a screen shot, export a report or document of the information for each of the tools.
What's the right way to handle access when a producer leaves my agency?
Make a checklist to ensure that access is revoked on the last day of work for email, payroll, CRM, shared docs, pipeline tool and client communication tool as well as all third party integrations that employee had access to. Then a week later go through the access inventory checklist to see if any steps were missed and if there are any other gaps in offboarding that are common exposures for all agencies of all sizes.
My agency is small, do access controls really matter at this scale?
It might seem like smaller brokerages would be less of a problem since they typically don’t have the formal infrastructure of larger ones. Access would be wide, but it would be mostly undocumented and not actively managed. Yet, surprisingly, even a body of regulators or an E&O insurer writing rules for financial services would not typically extend that to cover small specialty insurance agencies. Yet, implementing these relatively inexpensive steps – setting up a business to enable role-based default access, holding a monthly set of access and credential-related reviews, and crafting a simple, clean off process for voluntary departure of an agent or employee – should cover the typical set of problems.
How often should I review access rights at my insurance brokerage?
I generally find that a monthly check rather than an annual review is more appropriate for most agencies. An annual review can miss so many things. People leave, roles change and an access gap sitting open for 11 months is a real exposure. After you have completed the initial inventory of who needs what, a monthly review of less than an hour can be scheduled around a monthly occurrence such as the monthly payroll processing or around a team meeting.
How does LemonLime help with my brokerage's client data visibility?
LemonLime connects to the tools your brokerage already uses, such as Salesforce, HubSpot, Google, and Microsoft. It builds a structured knowledge layer from the data in these tools, without any migration or IT setup. No data migration required. No IT setup required. The AI it powers retrieves and reasons over that knowledge layer, so your team gets answers from your actual records. This provides huge visibility for Brokerages going through a data inventory or simply trying to get a handle on where all the information is in their organization. Details on how connected data is handled are at lemonlime.ai/security.
Author: Daniela Munoz, LemonLime
Related keywords: insurance brokerage, client data access controls, data permission hygiene, insider threat, insurance agency security, SMB data governance.
Frequently Asked Questions
How do I find out which employees at my insurance brokerage can currently see client financial data across all our tools?
You'll need to go into each tool individually — your CRM, document storage, email platform, pipeline tool — and pull the user management or admin panel for each one. Export or screenshot permission levels per user. It's slow the first time, but it's the only way to see the real picture. LemonLime connects to tools like Salesforce, HubSpot, Google Workspace, and Microsoft 365 and builds a structured knowledge layer from scattered data, giving brokerages a clearer view of where client information actually lives.
What happens to my former producer's system access after they leave my agency?
Unless someone explicitly revokes it, it stays active — and that's one of the most common exposure points in brokerages. A former employee with lingering credentials in your CRM, shared drives, or pipeline tools is an open door. Build a checklist that covers every platform on their last day, then run a follow-up check a week later to catch anything missed. LemonLime helps you understand what data sits where, so offboarding gaps are easier to identify before they become a liability.
Does my small insurance brokerage actually need formal data access controls or is that just an enterprise thing?
Small brokerages are not exempt from E&O insurer expectations or regulatory scrutiny — and the problems are the same at any size, just less visible. Wide, undocumented access is still a risk even with a team of five. Role-based defaults, a monthly access review, and a clean offboarding process are low-cost steps that cover the most common exposures. LemonLime is built for brokerages working without a dedicated IT team, connecting to existing tools with no migration or setup required.
What is the least amount of data access I should give my account coordinators at my brokerage?
Account coordinators typically need policy summaries, renewal dates, basic contact information, and open tasks — nothing more. Full financial disclosures, initial intake documents, or other producers' pipelines are not required for their work. If those are accessible, that's a permission problem worth fixing. LemonLime's AI retrieves and reasons over only the right information for the right person, so your team gets answers from actual records without needing broader access than their role justifies.
How often should I actually be reviewing data access permissions at my insurance agency?
Monthly is the right cadence for most brokerages — not annually. Annual reviews leave access gaps open for up to eleven months, which is a real exposure when roles change and staff turn over throughout the year. Tie your monthly review to something that already happens, like payroll processing. After your initial inventory is complete, the ongoing check takes under an hour. LemonLime helps brokerages maintain visibility into where client data sits across tools, making that monthly review faster and more grounded in reality.