The UK’s data protection bill is set to be modernised to include protection for people’s internet history, social media, and DNA.
The original bill was passed in 1998 and is far behind how our data is collected and used today.
It will be published when Parliament returns from its summer recess in September, and is based on the EU’s General Data Protection Regulation.
However, big data and analytics is increasingly important to insurers in pricing and tailoring policies for customers, but this emerging trend faces some ambiguity.
Storing vast amounts of personal data will present an increased risk as the cost of being breached is soaring, to go alongside very damaging reputation damage.
The fines for businesses that lose customer data following a cyber attack are set to rise to as much as £17m, or four percent of turnover, from a previous maximum of £500,000, with the reporting of any incident becoming mandatory.
Admiral attempted to use social media to help price motor insurance in a failed experiment towards the end of 2016.
Facebook and public outcry put an end to that, but it insurers still want to use the information if they can.
This is going to become harder however, with the definition of personal data now expanding to include social media posts, IP addresses, and internet cookies.
Insurers have been able to obtain personal data relatively easily until now, through consumers not ticking an opt-out box.
However, with explicit consent now required by customers having to opt-in, and consumers’ rights to have already-held data deleted, insurers will be dependent on customers believing they will benefit from sharing of their data.
If this is not the case, insurers will have to rely more on anonymised data at the cost of opportunities to offer increasingly individual polices.
The new bill also makes it illegal to attempt to identify individuals from anonymised data.
Processing data and finding insights from it is one area where artificial intelligence could be very valuable, but the bill means people will be able to demand that their personal data is processed by a human, not a machine, potentially putting some insurers off AI adoption.