Briefing: Data reform bill treads privacy fine line, but insurer opportunities ahead

Of late I have been receiving bogus calls from a housing repairs firm stating that I am eligible for a substantial claim.

When I asked how the caller got hold of my number, they said that my details were on the the firm’s centralised database, but at no point have I signed up. 

This got me thinking about how firms share personal data with third parties. It coincided with the UK government’s draft legislation to liberalise the use and access of data on 23 October 2024. 

Coined the Data (use and access) Bill (DUA), it revamps current laws on data protection and digital information post-Brexit, as well as aiming to boost the UK economy by £10bn by streamlining the use of data for certain public services such as the NHS and police.

It replaces the Data protection and digital information (DPDI) Bill, which failed to be enacted when parliament broke up for the general election campaign in May.

The aforementioned Bill removes the need for an officer to explain in writing why someone’s personal data has been accessed or disclosed.

It aims to save 1.5 million hours a year of valuable police time and £42.8m per year of taxpayer’s money, but what does it mean for the insurance sector?

Concerns have already been raised as to whether it opens up data access for the state or big tech firms?

I recently spoke to Matthew Geyman, managing director at Intersys, he told me that although it was ”early days” the Bill is subject to change, with the second reading on 19 November 2024.

For Geyman, the Bill contains “sensible changes related to automated decision making and so presents a lower probability of threatening the European Union’s (EU) adequacy decision relating to the UK’s data protection legislative framework”.

He continued: “This can only be good news for UK businesses and the insurance sector, given the vast corpus of information available to it and the increasing importance of cross border data transfers.

“At first glance, the DUA appears to scale back some of the more contentious areas of the previous government’s DPDI.”

Insurer positives 

The Bill provides a standardised framework for digital identity verification allowing a secure digital identity proposition, which could help insurers. 

Nutan Rajguru, head of analytics, claims and underwriting, added: “Overall, there are many positives for insurers. For example, it’s welcome news that the government is introducing a standard around digital verification services. This could help insurers in the fight against fraud.”

Likewise, Geyman highlighted the section on Digital Verification Services “appears to seek improvement in the certainty around individual online identity and thereby, is the opposite of a ”free for all” for big tech. 

For personal lines insurers, he said, it could “more tightly verify the identity and personal history of an insured” improving risk selection. 

Vannessa Young, compliance, sustainability and advisory boards’ manager at Biba, pointed out that the Bill covers changes to Data Subject Access requests, so that controllers only need ”reasonable and proportionate efforts” to identify data.

“There is a fine balance to be had between firms’ ability to use personal data and data privacy rights and we will be following progress of this Bill as it makes its way through parliament,” Young said. 

Hopes

Rajguru noted the Bill’s expansion of the definition of “research”, which “allows for data to be used for commercial research purposes”.

Biba hopes that ”changes to these acts will bring clarification around the permitted use of data”, Young said.

Rajguru added: ”There is of course the danger that increased use of online data will give rise to more cybersecurity attacks. The very welcome data changes, which can drive efficiency and economic benefits must be implemented carefully with the proper investment in cyber security technologies.”

For me, I personally believe an update to data regulation has been long overdue and I am excited to see how this regulation can benefit the rest of the industry