What to 'get right' in the era of privacy, data ownership
Technology is playing a bigger role in a number of insurance areas, including targeted marketing, quoting and claims.
In an era of massive data being generated every day, how do we ensure privacy and provide clarity of ownership for the most sensitive data, like insurance data?
Because consumers are demanding more digital experiences and personalized engagement with brands they do business with (and with other products they use), technology is playing a bigger role in a number of insurance areas, including targeted marketing, quoting, claims and customer service. To keep up with consumers clamoring for more transparency and personalization, insurance carriers, agents and brokers must ensure ethical data hygiene practices.
Each of these functions has the potential to both streamline and innovate insurance offerings, but also produce very sensitive consumer data. How should insurers treat this data and ensure that all parties are regulating in ways that are legal, ethical, transparent and value-based?
Here are four key data privacy concepts that insurance carriers, agents and brokers need to “get right” in the era of privacy and data ownership.
Transparency is key — be upfront about your value exchange
Consumers are frustrated — from data breaches to long and complicated opt-in agreements, to a lack of understanding around how their data is being used — and they are demanding more transparency and autonomy around how their data gets used.
People are open to sharing their personal information, but only if companies are clear about the value proposition. The simpler that message is upfront, the easier the exchange will be, and ultimately, the better the user experience. And this is not only true for how we communicate with consumers but how we should inform on the use of data with any partners as well. Make it simple and make it clear.
Mitigating cyber risk: moats, hurdles and barriers
While leaders in technology are constantly discussing mitigating and reacting to cyber risk, what we should be talking about is how to proactively prevent issues in the first place.
Personally, I operate on the presumption that our data has been compromised from day one. Security is not a feature — it’s the nucleus of our company. While many companies start with their core offering and build in security as a feature after the fact, that’s not my philosophy, nor how we operate at Arity.
Be paranoid. Put as many systems in place as you can afford to. Game your system and prepare for various scenarios. Have the systems and responses ready for when the inevitable happens. And I believe they will happen. Determined threat actors will find their way in, someway, somehow, so it is our job to create as many moats, hurdles and barriers so that even if they marshal through where they are trying to go, the data is in a form that is utterly useless to them.
It also comes down to training your people. Everyone in your company is simultaneously your biggest asset and risk when it comes to security. Constant vigilance and regular training in what to look for is, in my opinion, the most cost-effective way to establish a solid foundation for security.
Collaborate with partners that are like-minded
This one is challenging because often it comes at the expense of growth opportunities; however, companies must ensure their partners have the same priorities and expectations in mind. Trust is key across all aspects of consumers engaging with businesses — between the customer and the businesses they subscribe to as well as between you and your vendors.
My advice to insurance companies is to realize that any third-party partner you work with is a shepherd of your data. You should never hesitate to learn more about what they are doing to protect your user’s privacy and personal data sovereignty in the changing legislative landscape. That’s our simple philosophy at Arity when evaluating the partners we work with.
You can’t put a cost structure around protection and security
No cost is too great to provide protection and security. Don’t limit it.
Insurers have always been in the business of protecting people and harnessing their personal data. But today, that role has evolved based on how companies connect with consumers and insurers must evolve how they continue to deliver on the promise to protect consumers in today’s digital environment. If your executive compensation budget is greater than your security budget, you need to revisit your security posture and position.
Base privacy and security measures should be omnipresent throughout your data program, period. At Arity, we’ve established controls to manage security risks relating to the data we protect. We have a robust information security program designed to meet regulatory requirements, contractual obligations, and most importantly, our customer expectations — simplicity and practicality in the development of everything from clear user agreements and privilege requests, to state-of-the-art security layers and infrastructure to support the latest regulatory requirements.
Privacy and security are paramount in today’s business marketplace. It’s central to building the trust that gives us the license to do the best business we can with our customers to help deliver best-in-class services to consumers.
Ensuring that insurance data is handled in an ethical way will be vital for insurance carriers, agents and brokers to better engage their customers with solutions that work best for them and build trust.
Related:
- Cyber risks threaten insurers, even for those not offering cyber insurance
- Third-party breaches are a threat — and many companies aren’t ready
- 5 key questions to ask when evaluating new agency technology
Emad Isaac is the vice president of engineering at Arity. The views expressed here are the author’s own.