The amount of data being collected is increasing as the world becomes more connected with a surge in Internet of Things (IoT) devices. Laws and restrictions around using this data are becoming stricter to protect the interest of consumers. Regulators, for example, can influence the development of insurance products such as motor insurance or impose restrictions on how consumer data is used.
Listed below are the key regulatory trends impacting the big data in insurance theme, as identified by GlobalData.
General Data Protection Regulation (GDPR)
GDPR prepares all businesses for the growing importance of data-driven business models in the digital economy. GDPR was introduced in the European Union (EU) in May 2018. More than 89,000 personal data breach notifications were sent to EU data protection supervisory authorities during the first year of its enforcement, while more than 144,000 queries and complaints were made to such authorities by individuals who believed their rights under GDPR had been violated. Authorities have begun using the powers provided by GDPR to levy significant fines on non-compliant companies.
Other countries have moved to implement similar rules after the GDPR was passed. Common principles here for insurers are requirements to: (1) be transparent about how they use data; (2) obtain “informed consent” to use data in a manner customers want and risk a breach if they profile data for an activity they only have “implied consent” for; (3) ensure automated decision-making is fair and unbiased; (4) protect data integrity by using only up-to-date, accurate data. Insurers also must report any cyber breach immediately or face large fines.
Restrictions to the movement of data across national borders are not new, but they have soared in the last decade, parallel to the development of digital technologies and the associated growth in the storing, processing, and sharing of data. A growing number of jurisdictions have introduced or strengthened different versions of data localisation requirements that impede or make the offshore processing of data generated costlier within their territory.
Countries such as Canada, Russia, China, India, and Nigeria have adopted data localisation laws, while under GDPR personal data can only be transferred to countries outside the EU if adequate levels of protection are guaranteed.
The upshot is that companies operating in countries or regions with data localisation laws will most likely be required to expand their storage facilities, both physical and virtual, to ensure they are compliant. As such, data location restrictions reduce providers’ ability to benefit from scale-related efficiency gains, make the already difficult task of managing information technology (IT) infrastructures and data repositories across a global organisation more complex, complicate the servicing of clients with a presence in multiple geographies, and limit the possibility of combining different sources of data to extract value using artificial intelligence (AI) techniques.
Having access to a complete and diverse dataset is essential to reduce the risk of bias in AI developments. Excluding data from some jurisdictions could skew the behaviour of AI-based applications in unpredictable ways when deployed to these geographies. It might take a step back in countries that introduce burdensome data localisation restrictions, and local economies may lose or have reduced access to global financial services and markets.
From Know Your Customer (KYC) to Know Your Data role for chief data officer
KYC requirements are developed at a global level, then transposed and administered under national legislation. KYC procedures have been adopted to avoid anti-money laundering activities. Financial entities are required to run a series of checks to verify the identity of clients before entering any business relationship, which comprises identity checks as well as gathering information on the individual’s address.
KYC is cross-border and is subject to differences in interpretation. Most regtechs have so far focused on offering KYC solutions to help insurers simplify the process of onboarding customers and assist with fraud prevention and identification. Advanced solutions may help identify duplicates in databases. The adoption of real-time solutions in KYC has been praised for enhancing the customer experience, as the process of taking out new policies is streamlined.
This is an edited extract from the Big Data in Insurance – Thematic Research report produced by GlobalData Thematic Research.