6

|

Disrupt or be disrupted

These findings raise several significant implications. For example, the frequency, extent and

high visibility of data breaches mean customers may come to demand more value for sharing

information — and insurers must consider the value proposition as much as their protocols

for protecting data. Similarly, they may seek to limit their risk exposure to data breaches or

shift that risk to other parties by choosing not to collect or maintain certain types of PII that

is available through third-party channels.

Further, new data provides an opportunity for insurers to retake the information advantage

relative to policyholders and agents, and reduces the insurer’s reliance on customer self-

reported or brokered data. Risk pools can be determined using direct streams of detailed and

granular data, meaning some broker and agent activities will no longer be needed.

Customer data security and privacy

Implications

ff

High-profile data breaches may lead

customers to demand more value for

sharing information

ff

Generic, blanket privacy policy

statements will no longer suffice

Actions

ff

Engage customers to identify what value

they will seek in exchange for their data

ff

Revisit data protection protocols and

new, emerging architectures

ff

Don’t store or maintain customer data

that is readily available

ff

Acquire and internalize data not

replicable externally

ff

Turn to external parties to maintain

certain types of PII

ff

Consider engaging regulators and

industry peers in developing robust or

auditable “generally accepted privacy

principles”