Facebook privacy controversy could hinder insurers' data use
Social media analysis tools have gained traction among top insurers looking to thwart fraudulent claims and bolster underwriting. But with Facebook facing mounting pressure over its mismanagement of private user data, the fallout will likely be the creation of new federal regulations aimed at all companies that collect personal identifiable information, experts say, with extensive implications for the insurance industry.
U.S. lawmakers will be looking to implement data privacy statutes similar to those first established in Europe back in 2012, says Mitch Wein, VP of research and consulting at Novarica. At a high level, the EU assumes data ownership always remains with the individual. That means private information cannot be sold or reused in anyway without permission.
This kind of regulation means insurers would be unable to use customer data to recommend and underwrite core products from other lines of business at the point of sale, says Wein. Under longstanding EU rules, which have been rolled into the governing body’s existing General Data Protection Regulation (GDPR) framework, consumers also reserve the right to withdraw their consent at any point.
“What if consent is withdrawn, how do regulators guarantee it’s deleted?” said Wein. “Data is stored in the cloud, and in a lot of other places. How do insurers properly delete it?
Proposed regulations would also have significant impact on vendors, such as LexisNexis or Verisk Analytics, as questions arise over the levels of consent received from consumers in capturing the data. The same is true for insurtechs partnering with carriers at record rates, as companies’ reliance on third-party data for claims, underwriting and product marketing has skyrocketed in recent years.
“The bottom line is, we know there are going to be regulations that impact data security and privacy, and there will be reputational damage for insurance company CIOs or other individuals that do not follow them.”
Insurers are used to being regulated, at least on the state level. Carriers, agents and brokers often include privacy statements disclosing how exactly they will use personally identifiable information (PII) data, according to Karen Pauli, principal at Strategy Meets Action.
Early on, insurers’ legal teams shied away from green-lighting the use of PII data from social media, due to lack of permission and attribution. Today, a large amount of data in use by carriers today is aggregated--or not personalized—and used for segmentation.
“The industry grew more comfortable because it [social media] has become a part of the fabric of our lives,” Pauli says.
Insurers, particularly in workers compensation, have used social media data for claims fraud detection for years, she added. Companies, however, questioned the valuable insights that could be derived from the data for underwriting and the marketing of new products. Insurers’ social media data strategy now spans all three functions, thanks to carriers’ growing comfort with data analytics and advanced machine learning tools to identify trends in customer behavior.
“They didn’t have that before,” said Pauli. “They knew facts about policyholders, but social media data can provide insights on behavior. That is the new frontier.”
Due to insurers’ established practices, questions may now arise around the acceptable uses of third-party data, Pauli concluded.
The key for insurers will be whether "a reasonable human being believes their data will be used for claims, underwriting and marketing purposes," she says.