Thanks to high-profile security breaches like the ones at Yahoo and Equifax, the recent Facebook debacle and the introduction of the General Data Protection Regulation (GDPR), data privacy and ownership are massive talking points in the insurance industry—particularly for elite agencies with clients that are required to share highly confidential and sensitive private information to access the best premiums and coverage options.
The importance of data privacy is at an all-time high, and there are no excuses for getting it wrong. As the entire insurance industry embraces the cloud, independent agents must work harder to understand data privacy, as well as the difference between ownership and right-to-use client information.
Anyone who understands the insurance industry knows that access to data is the key to success. But who owns the data? Who is allowed to use it? And for what purpose? When information is shared over the phone and via email, the answers to these questions are unclear. But with the rise of InsurTech, there is an opportunity for greater clarity.
Established over the past 20 years, the standards for data sharing on the internet are clear: The contributor owns the data and the recipient gets a license to use it. As the owner of something, you can do whatever you want with it. As the licensee, you can do specific things, determined by your agreement with the owner and your privacy policy. Unless an agreement explicitly acknowledges a transfer of ownership, any company claiming to own their clients’ data is asking for trouble.
Consider the relationship between a business and their insurance broker. For a business to get insurance, they need to share sensitive information, and trust that their broker will keep the information private. This means InsurTech companies that serve brokers need to represent an extension of that trust as they store broker and client data in the cloud.
With many industries already in the cloud, the insurance industry is busy playing catch-up. Insurance has never been a first mover when it comes to technology, but the major advantage to coming into the cloud now— post-GDPR and Cambridge Analytica—is the luxury of learning from social media companies that are facing the consequences for failing to police their privacy policies.
That said, now is also the time for insurance companies to revisit their agreements and policies and remind employees about what they can and can't do with customer data.
Hopefully, the industry maintains its buttoned-up policies and the way it protects client data, while extending the same demands to InsurTech partners. With new requirements around data disclosure, we'll surely hear about it if they don’t.