ORLANDO, Fla., Nov. 8, 1999 – Insurers can safeguard the confidentiality of information about their policyholders, claimants, and businesses by working more closely with public-policy makers and being more vigilant within their own organizations, according to Frank J. Coyne, president and chief operating officer of Insurance Services Office, Inc. (ISO).
Coyne told insurers: "When you provide data outside your organization – whether to vendors, third-party administrators, consultants, rating organizations, or government agencies – get the same confidentiality safeguards from anybody else as you do now from ISO."
Addressing AISG InsTech '99, ISO's Insurance Technology Conference, Coyne said insurers are justifiably concerned about disclosure of their proprietary data that could jeopardize their business strategies and the privacy of their policyholders and claimants.
"ISO shares your concerns," Coyne told insurers.
Coyne said that the National Association of Insurance Commissioners needs to fully appreciate the drawbacks of a proposal to permit regulators to publicly disclose insurer-specific data that would reveal pricing and other marketing strategies.
"When courts interpret the laws to mandate that government agencies disclose sensitive data in their hands, we need to change those laws," said Coyne.
"People who take risks to develop a new idea must be able to protect their trade secrets and benefit from what they develop," he said." Take away the economic benefits, and you stifle innovation to the buyers' detriment.
"At ISO we understand how important maintaining confidentiality is to stimulating innovation," Coyne said. "That's why we've implemented policy and procedural safeguards to ensure the confidentiality of data insurers place in our safekeeping."
ISO gathers data from insurers on their premiums and losses and reports aggregate data to regulators as their statistical agent. ISO also gathers claims data for its ISO ClaimSearchSM system used by insurers to detect fraudulent bodily injury, property, and auto claims.
Coyne noted ISO's corporate bylaws prohibit ISO from releasing individual insurers' data unless that's legally required. Even when such a release to regulators is required, ISO notifies regulators the data potentially contains trade secrets or is otherwise sensitive. ISO also advises affected insurers to review their own situation, so they can act to protect the confidentiality of their data.
"We do not sell or allow access to individual insurers' data," Coyne stressed.
By utilizing aggregate data, Coyne explained, ISO can frequently meet regulators' objectives, eliminating the need for regulators to obtain individual insurers' data. "So the availability of aggregate data is – itself – a safeguard of confidentiality," Coyne observed.
Coyne noted ISO screens aggregate data before disseminating it to anyone to ensure that individual insurers' data isn't discernible.
He added the ISO ClaimSearch fraud-detection system has its own detailed privacy and security policy limiting access to authorized users for specific information and purposes. "Our objective is to protect the legitimate privacy interests of policyholders and people who are injured," Coyne said.
ISO's policy complies with federal and state privacy legislation, as well as the National Association of Insurance Commissioners' Insurance Information and Privacy Protection Model Act, Coyne noted.
Coyne advised insurers to protect their data by taking actions similar to ISO's, namely:
"And be ready to support your claim for trade-secret protection when it's threatened," Coyne advised insurers.
"The threat of unwarranted disclosure of proprietary data is real, but the threat remains manageable," Coyne said. "If we act in a responsible and timely way, I'm confident our public-policy makers will maintain the incentives for innovation that protecting trade secrets provides."
Coyne asked industry leaders to reaffirm their commitment to maintaining and building one of the industry's most useful and valuable shared assets – ISO's databases.
"The more robust those databases become, the more reliable, useful, and valuable the information that flows from them will be – for selecting risks, pricing properly, detecting fraud, and managing catastrophes," said Coyne.