INTRODUCTION

The industry of insurance services is all about fiddling with risks for which the data of the insured people is vital. Insurance companies practice collecting vast amounts of data from various policy holders which includes medical history, financial records, debt related data and much more. These types of data are critical for underwriting rules and help in designing various premium plans, customization of offerings etc. With time the insurance industry has witnessed a massive shift towards tech-driven operational structures which requires them to streamline their own operations to handle and protect customer data.

Building and maintaining trust between the insurers and policyholders relies largely on transparency. Insurance firms must set up clear expectations of the data, and their collection, usage and the security measures that shall be put in place. Such openness fosters trust and accountability, hence reassuring customers that their data is managed responsibly. To achieve such transparency, insurers must provide clear and concise privacy policies which are easily accessible to customers. Regular updates on data protection measures, information on security protocols and educational content about data privacy can also enhance policyholders’ sense of security.

India has introduced the DPDPA to address the need for robust data protection regulations. This Act governs the processing of personal sensitive data. And ensures that individuals have privacy rights over their own personal data. It focuses on the necessities of obtaining explicit consent from individuals prior to data collection and enforces strict penalties for any data breaches. Insurance companies which manage large volumes of personal and sensitive data are required to adhere to these regulations. Failure to comply can result in substantial penalties and damage to the company’s reputation, thereby diminishing policyholders’ trust.

INDIAN REGULATORY LANDSCAPE

The Insurance Regulatory and Development of India (IRDAI) oversees the protection of policyholders and consumers in the insurance sector. It has established a regulatory framework to safeguard policyholder’s data, which complements the IT Act, 2000 and the IT Rules, 2011. The IRDAI’s regulatory framework for data protection includes several key regulations which apply to all insurers, insurance intermediaries and policyholders. However, they do not provide a uniform framework which is necessary due to technological advancements. The introduction of the Digital Personal Data Protection Act marks a progressive step toward safeguarding consumer rights in a data-centric environment. Nonetheless, its enforcement would pose compliance challenges for many such insurers and intermediaries which can be categorized as Data Fiduciaries under this Act. Under Section 6 of the Act, it is required that a consent by the data principal must be “unambiguous, clear, specific, free and unconditional.” Such consent must be for a specific purpose and limited to the appropriate amount of data necessary. Under Section 9 the question of collection of medical history data for health insurance and the need for parental consent for their child’s data arise.

The Act’s impact on long-standing policies which need to be renewed is quite unclear. Furthermore, the DPDPA affects the insurance intermediaries like other brokers who usually handle customer data raising flags of third-party insurance transparency. The Act defines a “data fiduciary” under Section 2(j) as any person who determines the purpose and means of processing personal data, implying that insurers and intermediaries are held responsible for customer data.

Read original Article Here > https://tsaaro.com/blogs/dpdpa-s-impact-on-insurance-data-protection/