by Theodore Augustinos | May 14, 2019 | InsurTech, Privacy/Data Security/Cyber Risk | Bermuda, European Union, Hong Kong, United Kingdom, United States
As an early stage or startup InsurTech, you’re highly focused on all the right things: identifying a challenge for the insurance industry, developing an innovative technical solution, making it practical and scalable, getting it funded, and implementing it. The industry for which InsurTech seeks to develop and deliver solutions is awash, however, in requirements and restrictions related to the collection, use, sharing, and protection of data. What do you need to know about the insurance industry’s privacy and cybersecurity issues that affect your InsurTech solutions?
Make Privacy and Cybersecurity your Competitive Edge
Insurers, producers and others that are potential sources of funding and potential customers for InsurTech solutions are increasingly focused on privacy and cybersecurity issues. This focus is driven by their developing legal and regulatory environment, and by their interest in mitigating privacy and cybersecurity risk. Your ability to attract interest will only improve if you display awareness of and sensitivity to these issues. Your InsurTech will stand out and enjoy a competitive edge if you have basic answers to the questions any investor or customer will ask about privacy and cybersecurity compliance and risk mitigation. Conversely, your great ideas will be undermined if you give the impression that your solution hasn’t been built with these issues in mind.
To exploit this potential competitive advantage (and avoid the risk of the uninformed), you may not need to become a privacy and cybersecurity expert, but you do need to have some understanding of the issues that will be of concern to your potential investors and customers.
The following are suggestions for turning potential privacy and cybersecurity pitfalls into a competitive advantage.
1. Know what data you collect and process. Privacy and cybersecurity issues are determined by the types of data collected and processed. Make sure you know what your designers and programmers are setting up in terms of types and methods of data collection. Privacy and cybersecurity issues turn on types of data, and you need to have, and to be able to provide, full visibility into your data collection and processing. Companies sometimes collect more data than they intended or knew about, simply because designers and programmers thought additional data sets might be useful someday, or in some future application. Know what data you’re collecting and processing.
2. Appreciate the rules of the road. There is a complex, changing, and increasingly onerous regime of privacy and cybersecurity requirements that affect the customers of InsurTech. Insurers, producers and other users of InsurTech solutions will need to make certain that your solution satisfies these requirements. Assume that any data collected and processed by your solution can be subject to these requirements. You don’t need to be expert in these requirements, but you do need to be aware of them.
Basically, depending on what laws and regulations apply, know that information that is identifiable to an individual may be subject to notice, disclosure and other requirements; limits on use and transfer; restrictions on retention; and rights of access, correction, portability and erasure. In some jurisdictions, other types of data including certain commercial data may also be restricted, and data related to military and dual use technologies can also be subject to data export and other restrictions. In addition, InsurTech customers may have contractual obligations or published policies and notices that restrict the collection, use, storage and transfer of certain data. Build your solutions with the understanding that your potential customers may not be able to use them unless they are consistent with these requirements.