September 29, 2014 | Written by: Tony Boobier
Categorized: Risk & Analytics
Share this post:
The impending changes to the Data Protection Act 1998, which will come into force on 1 December 2014, make it unlawful for UK insurers to insist on policyholders providing details of their criminal record.
The Act has its origins in the European Community Data Protection Directive (95/46/EC), and it will be interesting to see whether this will be mirrored in other European countries, if not already.
In effect this means that if a policyholder fails to disclose a criminal conviction – which underwriters might consider to be a material fact which would affect their consideration of offering cover – then the insurer cannot force the policyholder to demonstrate their innocence. They have to rely on the policyholders good will and cooperation – but perhaps cooperation will be in short measure if there’s a risk of a claim being declined.
This will make life more difficult for claims investigators who might ‘smell a rat’, and they will be forced to think of other approaches. Will insurers increasingly need to look to ‘Big Data’, typically social and other media to try and find clues which might point to criminal activity?
But there’s a problem in this approach.
The same Data Protection Act 1998 is all about giving rights to people whose data is being collected, and the key elements of the Act are
• If you collect data about people for one reason, you can not use it for a different reason
• You can not give people’s data to other people or organizations unless they agree
• People have the right to look at data that any organizations store about them
• You can not keep the data for longer than you need to and it must be kept up to date
• You cannot send the data to places outside of the European Economic Area unless adequate levels of protection exist
• Most organizations that store data about people have to register with the Information Commissioner’s Office
• If you store data about people you must make sure that it is secure and well protected
• If an organization has data about you that is wrong, then you have a right to ask them to change it
Diving for information in the sea of Big Data to find evidence of crime is likely to be increasingly difficult.
The Data Protection Act 1998 was created to be in the public interest, and naturally many people (perhaps all of us) feel safer because of it. But with fraud costing the UK insurance industry one billion £ in 2011, and adding £50 to the annual insurance bill, at least we now know the cost impact of additional data safety obtained through this new regulation.
It’s a complex trade off . But how many would disagree that this is a price worth paying?