Social media’s role in claims
GDPR will affect how insurers use social media in their investigations.
Insurers — claims adjusters more specifically — have had access to policyholder social media profiles for the better half of a decade now. Platforms such as Facebook, Twitter and Instagram can all be helpful tools, especially in claims where large losses are at stake.
According to the National Insurance Crime Bureau, it is estimated that nearly 10% of all U.S. property and casualty insurance claims are fraudulent. Furthermore, insurers spend nearly $5 billion annually on false workers’ compensation claims. As a result, taking to social media to gather possibly incriminating information in cases where fraud is suspected, is a given.
Accessing social media data
Data such as photos and conversations can shed light on fact versus fiction. In the case of a workers’ compensation claim where fraud is suspected, insurers can look for signs of claimants performing tasks like construction, landscaping or driving, after stating that they suffer from injuries rendering them unable to work.
Overall, the process of finding the information needed in such investigations has been fairly easy during the ‘golden age of social media,’ and in these instances, a picture can be worth more than a thousand words.
“Claims adjusters and special investigators have been using social media information as an investigation tool for years. This is particularly important in the investigation of potential fraud cases. Specifically, this is important in workers’ compensation or other injury-related coverages,” said Karen Pauli, principal at Strategy Meets Action.
The passing of GDPR
Now, to address the elephant in the room, the General Data Protection Regulation (GDPR).
GDPR has received a lot of press lately, but the law, adopted by 28 European Union Member States, dates back to 2016. There was a two-year period in between for companies to organize their implementation, and this brings us to 2018.
As of May 25, 2018, the regulation is in effect and designed to protect the private data of those located in the EU. This has far-reaching implications, especially for those in the insurance business, and those who use tools like Facebook and Twitter to collect photos, videos and text for defense purposes.
Related: Think GDPR doesn’t apply to you/? Don’t be so sure
Changes in Facebook policy
In May 2018, after a two-year preparation period, and in compliance with the newly enacted GRPR law, Facebook updated its privacy settings. This led to the social media giant creating a more transparent privacy policy, and gave Facebook users more control/understanding over their privacy settings.
The major challenge is that Facebook users can now update their policy settings at any time so that information is public or private. Consequently, any information gathered for investigative purposes is invalid unless there is an overwhelming amount of proof of fraud and the content will help to further the claims’ adjudication.
“I must point out that the objective of social media research is to find, secure, verify and be able to utilize ‘TIM’ — text, images and metadata. Metadata, when available (many social media platforms scrub or mask original metadata), can be especially valuable in confirming or refuting an insurance loss or claim,” said Pauli.
One question remains: Is there a direct impact on insurers now or in the foreseeable future?
Related: GDPR is here: Mess up and we’ll fine you, warns EU privacy chief
GDPR’s impact on insurers
GDPR can and will undoubtedly shape the way insurance companies collect policyholder data from those located in European Nations — no matter where the company itself is physically located. As a result of its recent enforcement, social media companies such as Facebook updated their privacy settings to be in compliance.
Enter the elephant, as there are countless U.S.-based insurance companies that conduct business across the pond, making GDPR more relevant to them than ever before. According to NTT Security, 75% of U.S. companies do not believe that GDPR will affect them.
Again, this is false.
Policyholders can now revoke data collected by insurance companies regarding claimants suspected in acts of fraud anytime they see fit. In extreme cases, insurers can head to federal court when there is an overwhelming amount of evidence supported by a reasonable suspicion of a false claim.
“GDPR affects social media sites, anti-money laundering, politically exposed person databases, and other third-parties that collect information from these sources. While some insurers actively conduct research using databases and social media or purchase data from third-party vendors, these data that were once accessible are now limited or in some cases, unavailable. As a result, it can be more difficult for insurers to estimate risk as well as the price of premiums,” said Alon Livshitz, CEO at Essence Intelligence.
Livshitz also says that GDPR creates other specific issues for insurers, ones that extend beyond social media. These can create mostly technical and business challenges, although the impact will likely be minimal.
Can insurers still access info?
The short answer is yes, but this largely depends on the user’s privacy settings.
Let’s say an injured worker has privacy settings engaged — there will undoubtedly be some limitations. It does, however, still benefit investigators to seek additional information. More frequently than not, injured workers are tagged in friends’ photos that could be used to win a claim due to their participation in a strenuous activity. This does not exclude travel.
“There are various ways, tools, resources and methods that exist to search for and find relevant social media content on unprotected or on publicly viewable websites. Or protected content can be obtained by authorization from the user; access and content provided by persons who have access to the protected content (Facebook friends, for example); search warrant if from law enforcement; or discovery in the course of civil discovery,” said Roy Mura, founder and managing member of Mura & Storm, PLLC.
Related: The GDPR cyber insurance checklist: Are you covered?
Final thoughts
The effects on insurers are only now starting to become clearer, and adjusting will be difficult. The good news is, it will not be impossible to make the adjustment and find workarounds to secure the information needed to recover large sums of money.
At its core, GDPR is good and aimed at protecting customer data. There are fines associated with not following the provisions of the regulation. The good that comes out of its passing is increased transparency and of course, higher standards of data security. This alone could lead to a decrease in cybercrimes.
With its passing, GDPR has also forced many insurers to examine how they will comply both now and in the future. Social media will change, and as it does, we too must adapt.
Moshe Beauford (moshebeauford@gmail.com) is a freelance journalist, copywriter and blogger. Beauford’s work has appeared in publications such as GeekTime Israel, PasteMagazine, Times of Israel, Property Casualty 360 and Claims.