Big data is a boon for insurers, which use it for underwriting, pricing and more. For consumers, however, it’s more of a mixed blessing, as they sometimes fail to see the benefit of sacrificing privacy for convenience (to the extent they even know they are sacrificing privacy).

A 2014 study by global big-data consultant GfK found that 60 percent of US Internet users were more concerned about how companies protect personal data than they’d been 12 months ago. And in a 2014 global online survey by consultant Communiscape, 87 percent said, if it were available on the websites they visited, they would enable a “do not track” button to prevent browsers from capturing their search and purchase histories. Thirty percent would actually pay a premium or surcharge to prevent marketers from capturing their data.

And this existing/potential for abuse has begun to stir the giant that is government regulation. A recent study by the US Federal Trade Commission raises some thought-provoking issues about consumer IoT devices and the future of privacy.

The FTC focused on four areas for businesses collecting data:

Security: Companies can build security into their devices at the outset by conducting a privacy or security risk assessment; minimizing the data they collect and retain; and testing their security measures before product launch.

Data minimization: Minimizing the data collected and disposing of it when no longer needed can deter data thieves and help protect consumers. Options include collecting only the fields necessary to the product, collecting less sensitive data, or de-identifying collected data.

Notice and choice: Offering customers notice and choice can be challenging with the IoT because of the ubiquity of data collection, but it remains important, especially when the data are inconsistent with the product.

Legislation: Because the IoT is still in its infancy, the FTC agrees that legislation specific to the IoT would be premature. However, the development of self-regulatory programs designed for particular industries could help with privacy concerns.

When the FTC gets involved at this level of specificity, everyone needs to start paying attention. With potential data collection abuses on the radar for both the public and the government, the insurance industry needs to take a more overt stand on the issue. This can take the form of more consumer protection extending the lethargic identity protection measures to incorporate the intensity of new risks, as well as thinking about the commercial implications of regulation threatening the data monetization business model which has become common for so many firms today.

Most current insurance business models are using data to enhance their underwriting profitability, and in some cases monetizing that data through reselling. In a past blog post (“A model for ‘purposeful’ data collection”), I discussed how insurers should at the very least clearly state their purposes for collecting data, and ensure that the data will be handled securely.

However, the proliferation of big data also presents an opportunity for insurers to become mindful curators of the information they collect, transitioning from product purveyors to trusted partners of their customers; think of the insurer as the “identity vault” on behalf of its customers. By reassuring customers that we have their best interests at heart, insurers can build relationships and minimize abuses—and in turn, stave off the threat of government intervention. Oh, and by the way, maybe insurers can also help firms with business models predicated on data monetization to hedge the risk of regulation. I wonder how much a firm would pay to avoid being regulated out of business?

For more information, go to:

https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

Submit a Comment

Your email address will not be published. Required fields are marked *