Anand Pejawar, Whole-Time Director, SBI General Insurance
In today’s world, Data is an invaluable commodity, and therefore the preservation and safeguarding of data has become that much more important. The world as we know it too has and continues to move rapidly to use data to provide a slew of conveniences, many of which were unheard of even a decade ago. However, with all conveniences come a plethora of risks to one’s data; and therefore one needs to ringfence against these risks. Unauthorized, careless, or ignorant processing of personal data can cause significant harm to individuals and businesses. In November, the Indian Ministry of Electronics, and Information Technology (MeitY) released the Digital Personal Data Protection Bill 2022 which has largely focussed on providing the consumer or the “Data Principal” control over their data and recognises the right of individuals to protect their personal data for lawful purposes and for matters connected therewith or incidental thereto.
Gartner predicts that by the end of 2024, 75% of the world’s population will have their personal data protected by modern privacy regulations. This regulatory evolution has been the primary driving force behind the operationalization of data privacy. In response to the changing environment, businesses are redefining their data protection strategy. It is critical in adopting a framework which identifies the data flow and whether data protection regulations are being followed.
The insurance industry, like most other industries, is dependent on digital technologies for its internal operations and customer-facing programs. Technology has undoubtedly accelerated processes and has made customer self-service widely available. However, along with the ease, there are risks of security breaches as well.
The IRDAI has mandated insurance companies to protect and maintain the confidentiality of information they collect. Records must be kept and maintained in India, and disclosure is only permitted under certain conditions. Recognizing that data security must be maintained at all five stages of the data lifecycle (data at source, in motion, in use, at rest, and at destruction), the IRDAI has created such framework for data protection on insurers.
Insurers need to process their customers’ personal data to insure risks, provide customised services, enable risk-based pricing, and process claims. Insurance companies need to understand customers’ priorities and behaviour to protect them as best as possible. Insurance companies today are building business processes across all aspects of their operations and moving their businesses, including applications, data and infrastructure, to the cloud to become more customer centric.
Measures insurance companies should apply for Data Protection
- Establish data security policy: Organisations should establish and regularly evaluate an overall data security policy covering access control, data breaches, privacy, and mobile device security within the organization.
- Regular Risk Assessments: Organisations should conduct regular risk assessments to identify potential security threats and issues that could affect customer data. This can be achieved by employing threat intelligence solutions that can create a detailed audit trail of access points and provide detailed insight into malicious or suspicious network activity.
- Encryption of Sensitive Data: Organisations should encrypt sensitive data wherever possible to prevent misuse or theft of information. This may include using encryption algorithms such as AES-256, which has become the industry standard for data encryption in today’s global economy.
Data security and privacy is no longer a niche IT issue, but a critical business priority. As data becomes more valuable and more privacy laws are enacted, proactively addressing privacy and security vulnerabilities should be at the top of every company’s to-do list in 2023.