Handling Sensitive Consumer Data Is A Tricky Issue

BOSTON -- How insurers treat sensitive consumer data is a tricky issue for regulators and lawmakers.

Iowa Insurance Commissioner Doug Ommen conceded "there is a lot of concern among some regulators that the data that is finding its way" into the wrong hands.

Ommen was part of a discussion on the future of financial services regulation at the LIMRA 2019 Annual Conference.

Still, despite the potential for devastating data breaches, Ommen is cautious about using the hammer of regulation.

"I don't know if I think additional regulation is the right answer," he said. "I know across the pond, Europe is looking at that type of approach and California is looking at that type of approach as well. I don't know if that approach works very well."

Two of the most prominent data privacy laws currently influencing the discussions are the European Union General Data Protection Regulation and the California Consumer Privacy Act.

The California law takes effect in the summer 2020 and analysts say insurers, even those with cyber insurance, might not be adequately protected. Speculation is rampant on how the California law will influence what the NAIC produces.

Trust is the key to good business relationship between carriers and consumers, said Ommen, who sits on a big data working group at the National Association of Insurance Commissioners. More regulations can just get in the way of developing that trust, he added.

"I don't know if regulation is the answer because as regulators, we may have our opinion of what is good and bad," Ommen said. "But it gets back to the very basics of the relationship between the consumer and the carrier that's providing that peace of mind."

The difficulty regulators have now is not just the initial consent, but "whether or not consumers understand what is being used, how it's being used and whether it's even accurate," Ommen said.

So much more data can be collected on consumers now, he said, which makes it even more difficult. And many carriers use third-party providers to collect data.

At the end of the day, it comes down to doing the right thing. To some extent, Ommen said insurers will determine how far regulators go.

"Companies have to own the responsibility of what data they're going to use," he explained. "Regulators will work with the carriers to rise to a level of comfort from the carrier side. If companies do this right, there won't be a need for regulation. You, the carriers, can either do it right, or you can do it wrong."

InsuranceNewsNet Senior Editor John Hilton has covered business and other beats in more than 20 years of daily journalism. John may be reached at [email protected]. Follow him on Twitter @INNJohnH.

© Entire contents copyright 2019 by InsuranceNewsNet.com Inc. All rights reserved. No part of this article may be reprinted without the expressed written consent from InsuranceNewsNet.com.

InsuranceNewsNet Senior Editor John Hilton has covered business and other beats in more than 20 years of daily journalism. John may be reached at [email protected]. Follow him on Twitter @INNJohnH.