Navigating regulatory challenges

Privacy Act Review is a key focus

Navigating regulatory challenges


By Daniel Wood

Insurance professionals often refer to the challenge of keeping pace with Australia’s tide of regulatory reform. At the Insurance Business Innovation Summit in Sydney on May 11 one of the panel topics is “Navigating regulatory challenges in a complex market.”

“I think the sheer volume of regulatory change that has come through for the insurance and financial services industry, in the last two years in particular, has just been extraordinary,” said Alison Cameron (pictured above), who is on the panel.

Cameron is head of governance, risk and compliance for Youi, an insurance company headquartered on Queensland’s Sunshine Coast. The firm’s offerings include motor, home, landlord and SME insurance.

“It has been a time of such significant change, reform and regulatory scrutiny that has not been seen, certainly in my career,” Sydney-based Cameron said.

Cyber, AI and automated insurance

She said key areas of reform include cyber, artificial intelligence (AI) and the automated insurance space.

“Then, how are we going to protect consumers from a privacy point of view,” Cameron said. “There's been much more focus, particularly on looking at the de-identifying information and what's going to happen coming out of the Privacy Act review.”

In February, the attorney-general released a Privacy Act Review Report. Industry feedback is due by the end of March.

Cameron said the review covers a raft of issues including giving consumers more control over their own information, the collection of that personal information, its use and disclosure.

“Then also what's happening about any of the offshore data flows and certification that goes along with that,” she said.

Cameron said this review is a key focus for the industry.

“Certainly that is going to be an enormous challenge for many organizations purely because in the tech space, most large organizations and ones that have been around for a long time are often dealing with multiple legacy systems that often are not interacting with each other,” she said.

Cameron gave the example of a big insurer with legacy systems needing to deal with former customers’ information.

 “The former customers could be saying, ‘We're not a policyholder anymore and we don't want you to keep this information on file’,” she said. “That then means there are pieces of information that often sit in multiple systems and whether those systems talk to each other, and how easy it is to try and unpick that – that's going to be a significant challenge for the industry.”

Advantages of youth

Cameron said keeping up with data privacy and other compliance obligations is about having good controls in place. She said that Youi, founded in 2007, is in a fortunate position compared to more long-lived insurers because of its relative youth.

“Even as young as we are, we still have a lot of system modernization that is happening,” she said. “We're very focused on being able to create the most innovative technology that we can using AI, but also really looking at what those security matters are for us from a risk mitigation point of view.”

Cameron said protecting access to assets and sensitive data depends on robust cybersecurity policies.

“We have a protected network,” she said. “We also make sure that we've got efficient identity management because those sorts of strong disciplines minimize the risk.”

IB asked Cameron how she regarded the last year of high-profile cyberattacks. Were the cyber assaults on Medibank and Optus a wake-up call?

“I think it is always surprising when it happens in the larger organizations,” she said. “Sometimes there's an assumption there, I think, that when it's very global companies or extremely large organizations, that they would potentially have things more robustly protected.”

She said attacks on that scale are always a wake-up call, for everybody.

“But we are well down this path already and trying to be as proactive as we can,” Cameron said. “Cybersecurity and the challenges that you've got around that are not new to anybody.”

She said if there are companies that are still experiencing “massive continued breaches” they should consider “a serious overhaul.”

“This is not a new situation that we're playing in, it's just become a little bit harder because there are new elements to it now and with machine learning that creates its own new elements,” Cameron said.

 IB’s Innovation Summit is taking place on May 11 at the Fullerton Hotel in Sydney. You can register for the event here.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!