Risk & Analytics

New data privacy rules to cost UK policyholders more in premiums

Share this post:

The impending changes to the Data Protection Act 1998, which will come into force on 1 December 2014, make it unlawful for UK insurers to insist on policyholders providing details of their criminal record.

The Act has its origins in the European Community Data Protection Directive (95/46/EC), and it will be interesting to see whether this will be mirrored in other European countries, if not already.


In effect this means that if a policyholder fails to disclose a criminal conviction – which underwriters might consider to be a material fact which would affect their consideration of offering cover – then the insurer cannot force the policyholder to demonstrate their innocence. They have to rely on the policyholders good will and cooperation – but perhaps cooperation will be in short measure if there’s a risk of a claim being declined.

This will make life more difficult for claims investigators who might ‘smell a rat’, and they will be forced to think of other approaches. Will insurers increasingly need to look to ‘Big Data’, typically social and other media to try and find clues which might point to criminal activity?

But there’s a problem in this approach.

The same Data Protection Act 1998 is all about giving rights to people whose data is being collected, and the key elements of the Act are
• If you collect data about people for one reason, you can not use it for a different reason
• You can not give people’s data to other people or organizations unless they agree
• People have the right to look at data that any organizations store about them
• You can not keep the data for longer than you need to and it must be kept up to date
• You cannot send the data to places outside of the European Economic Area unless adequate levels of protection exist
• Most organizations that store data about people have to register with the Information Commissioner’s Office
• If you store data about people you must make sure that it is secure and well protected
• If an organization has data about you that is wrong, then you have a right to ask them to change it

Diving for information in the sea of Big Data to find evidence of crime is likely to be increasingly difficult.

The Data Protection Act 1998 was created to be in the public interest, and naturally many people (perhaps all of us) feel safer because of it. But with fraud costing the UK insurance industry one billion £ in 2011, and adding £50 to the annual insurance bill, at least we now know the cost impact of additional data safety obtained through this new regulation.

It’s a complex trade off . But how many would disagree that this is a price worth paying?

More stories

Four ways to stem the growth of financial crime in insurance

Insurers have long understood that the ability to quickly detect fraudulent claims not only stems losses, but also minimizes the impact to legitimate customers as well. But as more complex financial crimes like money laundering, employee fraud, and corruption have gravitated toward insurers more recently, many don’t have the programs in place to combat these […]

Continue reading

How digitalization of life insurance will transform a static industry

Life insurers have a big problem: Younger adults are not buying life insurance. Despite year-over-year population and GDP growth, the number of U.S. residents under 45 who applied for life insurance in 2018 fell 2.7 percent from the previous year, according to the nonprofit group MIB. Insurers have turned to emerging markets such as India […]

Continue reading

How big data, AI, and automation impact insurance

Data is the new gold… Data is the new oil… Pick your metaphor, but for insurers, data is the asset their critical business processes require in order to run effectively and produce actionable results. Data is a critical component of marketing, underwriting, product development, claims, distribution and IT operations, to name a few, and insurers […]

Continue reading