Privacy and data governance: risks and opportunities for leading insurers

April 2018

Competitive pressures are driving insurers to seek the greatest possible advantage from the large amounts of data at their disposal. At the same time, security and privacy concerns are limiting their ability to do so. Regulation and customer expectations are elevating standards for privacy and data governance, and insurers need to develop systems, personnel, and governance policies to meet these higher standards. “Both from a regulatory standpoint and from the point of view of information security and customer expectations, you need to build privacy requirements into the DNA of how you work as an organization,” a participant said.

The obligation to safeguard data is made more challenging by the imminent enforcement, on May 25, 2018, of the EU’s General Data Protection Regulation (GDPR). The stakes are high. Violations of GDPR could result in fines of up to 4% of global revenues; further, the potential for civil lawsuits in the wake of a data breach multiplies the direct financial risk. Equally significant is the potential reputational damage resulting from a data breach, a high-profile fine, or the misuse of consumer data.

Yet even while they face greater constraints in how customer information can be deployed, insurers are using big data to improve underwriting, risk management, operating efficiency, customer relations, and product innovation. The ultimate challenge for the industry is to manage the tug-of-war between deriving strategic value from data and safeguarding consumers’ rights.

IGLN participants met in London on March 13, 2018, to explore these issues. This ViewPoints synthesizes the key themes that emerged from those discussions as well as conversations with participants ahead of the meeting: 

  • Regulation and consumer expectations are creating challenges for strategic uses of data

  • Insurers struggle to capitalize on the strategic opportunities afforded by growing data use