On the world stage, an acknowledgment of data’s special status came in February, when officials of the European Union and United States reached an agreement governing international data transfers. At issue were the privacy of 500 million European residents as well as the rights of companies located offshore to store data in U.S. servers. Some residents and groups in Europe were concerned about private information being exposed to review by intelligence agencies. On the other side, it was argued that any inhibiting of data transfers could have a serious and harmful effect on the EU’s gross domestic product.i
Global tensions: Access and privacy
For now—and likely into the distant future—the concept of balancing access to data while simultaneously preserving privacy remains a central question. Across the globe, tension is growing between these two forces: that of responsible access to big data, on the one hand, and protection of the public, on the other. The recent agreement between U.S. and EU officials, also known as “Privacy Shield,” is facing a legal challenge in an Irish court that could further call into question transatlantic transfers.ii Whatever the court’s decision, resolution of the issue is sure to affect how information is exchanged in the future, how international businesses are operated, and where data can be warehoused securely—particularly in terms of adopting cloud-based storage plans.
But the controversy also contains a lesson that resonates closer to home. In the United States, it is bringing to light the public’s increasing sensitivity to data privacy and a need for responsible practices that can inform data stewardship in all spheres of business. In the insurance space, many now believe that big data doesn’t necessarily have to mean open data. A movement is advancing to establish protocols that will help prevent the misuse of data and inspire confidence among policyholders. Forward-thinking leaders are voicing a commitment to more responsible use of data—and to insist their organizations adopt common sense measures that balance privacy with ease of consumer access.
Minimizing Data’s Risks
As the efficiency of data collection and insights gained from analytical tools improve, it’s a fair bet that unauthorized access of private information will follow. With deeper stores of data housed in banks, government agencies, retailers, universities, and other institutions, consumers are growing both wary and impatient. In the course of any transaction, is their privacy being protected or compromised? And how can ordinary people enjoy the numerous benefits of big data while minimizing its risks? Consumers want to be sure that data becomes the new oil, and not the new asbestos. Asbestos is a hazardous mineral that often has to be removed from buildings and other structures, usually at great cost. If users of data aren’t prudent, consumers and changing public sentiments may force data’s removal from corporate structures, also likely at great cost. Responsible practices should help keep data as a resource that remains liquid and valuable, rather than static and feared.
This discussion is raising dynamic ideas that extend beyond strict compliance with U.S. federal, state, and local regulations and the regulations of other countries in which our companies operate. Of course, the commitment begins at home, with each company securing all personally identifiable information (PII) and protected health information (PHI) and employing a layered approach to security architecture. The idea is to install controls that can quickly detect and respond to threats in order to reliably protect data assets.
The roof of that secure structure has to be supported by a strong internal governance process involving investment in security, education, compliance, and audit. This layered approach leads to the monitoring of systems and networks for suspicious activity in a landscape where trusted sites can also provide alerts against possible or presumed threats. The creation of an information security response plan can help limit unauthorized alteration of data, databases, and computer systems, and provide a clear strategy in the event of an emergency.
Erecting Data Defenses
Putting data defenses in place is really no different than erecting a fortress. But what about the people within the walls and those consumers standing outside? Building trust and transparency is a challenging task that never truly ends. Corporate leaders need to work closely with regulators, customers, and consumers in providing valid answers to questions about use and management of customer data. In the insurance space, that should include an explanation of how data continues to serve our customers’ best interests in expediting claim payments, rooting out fraud, and developing more equitable premiums so that policyholders are making payments commensurate with their risk.
We know that even fortresses can fall, and stewardship of data is likely to remain an issue into the distant future, with effects for consumers and companies still unseen. Insurers will be challenged to simultaneously serve and satisfy their policyholders. The world driven by data is only becoming more connected and complex—and it’s time for responsible leaders to acknowledge that evolution with action.
i Mark Scott, The New York Times, “U.S. and Europe in ‘Safe Harbor’ Data Deal, but Legal Fight May Await,” February 2, 2016; http://www.nytimes.com/2016/02/03/technology/us-europe-safe-harbor-data-deal.html
ii Sam Schechner, The Wall Street Journal, “European Privacy Case Adds New Threat to Data Flowing to U.S.,” May 25, 2016; http://www.wsj.com/articles/european-privacy-case-adds-new-threat-to-data-flowing-to-u-s-1464196034