Technology is advancing at the fastest pace in human history – faster than we can regulate and control it. This impacts how many industries interact with customers. As the insurance industry evolves to meet the changing needs of clients by moving more customer interactions onto digital platforms, privacy becomes all about data – who owns the data, who creates the data, how the data is used and who protects the data.
The 21st century has witnessed the birth of the some of the largest technology, social media and financial companies in history, making data protection regulations that much more important. The risks of largescale data breaches from such companies would be long-lasting and destructive. As foreign regulators explore open banking and open insurance, establishing universally compatible privacy standards will be the challenge to keep up with today’s global economy.
This is the foundation for the EU’s ‘Brussels effect,’ where organizations operating internationally must build businesses and products that adhere to the EU’s regulatory standards. Its GDPR privacy legislation, whose jurisdiction theoretically extends outside the EU’s borders, is a prime example of this. GDPR is setting the bar high, and if other countries can’t play by its rules, they risk long-term economic repercussions.
Nowhere in the history of regulation has ethics played such an important role. As insurance providers, we must consider that privacy protection relies on both internal and external support. The external is founded on an organization’s network infrastructure and IT systems and how the organization connects digitally with its customers. The internal support is founded on responsible and proactive business practices.
Financial services regulation has been economy-responsive for decades; however, the regulatory process is challenged to keep pace with the speed of today’s technology, particularly with the internet. This means the financial services industry must invoke high ethical standards where regulations are silent or not fully suited to current technology. By combining regulatory guidance and ethical standards, providers can deliver well-rounded privacy solutions.
When managing data, providers need to be respectful of consumers’ consent. It’s important to keep these points in mind:
- Consent should not be static. Providers should think of it as a dynamic and ongoing process, reflective of the constant evolution of technology and regulations such as GDPR.
- Consent should not be forever. Like any business relationship, choices should be provided throughout the term, allowing individuals to control the degree of accessibility and release of their personal data.
- Consent should be understood and easily managed. Clients should understand clearly what they are consenting to and be able to easily provide, limit or revoke their data. Providers need to ensure this while still administering fully functional products.
To be trustworthy, insurers and brokers should be accountable and ready to demonstrate compliance. Insurance providers have a wealth of data on individuals and are facing a continued push for more customer interactions to take place online, and as such, insurance companies are a serious target for cyber criminals. Should we not adapt to the current climate, we will be forced to pay the price.
The costs of cyber crime are both immediate and long-lasting. The immediate impacts include loss of business and media impact, plus the costs of restoring the confidentiality, integrity, and availability of data and systems. The long-term costs vary according to the incident’s type and severity but are affected by how it is handled. This could include reimbursing victims, legal compensation or regulatory fines – not to mention reputational impact.
These are all issues that need to be considered when brokers acquire E&O protection, as cyber insurance may not be part of standard coverage. Organizations need to treat client data as a real currency that can be stolen.
Innovation and regulation continue to compete as regulators prioritize consumer protection and insurance providers respond to consumers’ technology appetite. Providers must transparently and effectively use client data for the benefit of both parties.
Stephen Cheeseman is a qualified lawyer in the US, Canada and the UK with more than 25 years of legal and compliance experience. He serves as head of business affairs and alliances for technology venture company Thinktum.