Insurance News

data handling: Insurers concerned about data handling in new digital regime


The potential penalty of ₹250 crore for breach of provisions of the new digital laws has rattled insurers whose nearly 30 lakh agents range from matriculates to high end professionally qualified people. With no case law yet, insurers fear that numerous frivolous cases could crop up

The introduction of Digital Personal Data Protection Bill, 2023 applies to digital or physical data and covers personal data, except what is publicly available or under legal obligation. This new law is about how personal information is handled and covers data shared online or offline that gets turned into digital format. The law is about how companies use personal information and getting permission from individual before using data.

Insurance companies hire individual agents to sell insurance policies and help with policy renewals and other related services. These agents work with different types of insurers like life, general, health, and specialized. There are about 24.43 lakh individual agents in the life insurance industry and 6.88 lakh agents in the general insurance sector as of March 2022, according to IRDAI annual report.


Insurers will have to put controls on end use of personal data and ensure that specific consent is taken for the purpose for which data is processed.

Insurers say that the biggest risk is agents and other distributors carrying customer data, which is freely available in the market. “If there is any data breach, customer and Data protection board will have to be informed,” the executive informed.

The insurance sector has begun engaging with prominent big four consulting firms on this.

“Regulating customer data lying with distributors will be the biggest challenge,” said a insurance executive.

In case there is a breach, customers will file complaints before data protection board against insurers even though agents attached with insurers may disclose customer data and would lead to insurers paying the penalty, an insurance executive said.

The bill comes with strict rules and in case of any violation, there could be heavy fines, even up to ₹250 crore. However, if someone disagrees with a decision, they can ask Telecom Disputes Settlement & Appellate Tribunal (TDSAT) to look into it.

The bill talks about formation of Data Protection Board, a regulatory authority entrusted with overseeing data management practices and enforcing compliance. In the event of a data breach, stringent protocols are in place mandating the notification of both the customer and the Data Protection Board.


Source link