Big data, ethics and the right to know and challenge
As insurers accumulate increasing amounts of data about their personal lines policyholders, a number of dangers emerge that raise ethical questions for insurers. In this post, I want to look at two particular dangers: how insurers combine and draw insight from all this big data, and how policyholders might exercise their rights to find out about the data being held about them.
In a recent article in the Post Magazine, insurers came across as having more data than they know what to do with. Here’s what one leading insurer had to say:
“The amount of data we’re using means the rating, especially for motor, has become so sophisticated that even our underwriters won’t always be certain what is behind a price. Sometimes this can make it seem difficult to explain to our customers…”
I’m not sure sophisticated is the right word to describe it. If you haven’t got a proper handle on how data is driving your pricing, then even underwriting seems a bit generous.
Adding datasets together is a rather benign activity. However, as previous posts have pointed out, the ethical issues come surging forward when you start to draw conclusions from all that data. The insurer might start out thinking they’re differentiating between good and bad risks, but risk discriminating between categories of policyholder using proxies for risk so complex they can’t explain them to an inquisitive policyholder.
When that discrimination starts to look less like risk profiling and more like social profiling, then it only takes one successful complaint to undermine the whole data edifice being built across the market. That could make the Test Achats case look like a nice afternoon tea party. This is just one of the reasons why I’ve spoken before about data and privacy being the next great controversy, set to match PPI in reputational damage.
Insurers recognise the right of policyholders to know about, and possibly challenge, the data being held about them. Some insurers see such enquiries as a helpful form of ‘data self regulation’ and ‘data quality check’ by policyholders. That looks more like a swinging door to an empty stable.
Clearly an insurer not able to fully explain what data they hold about a policyholder, and how they’ve been using it, isn’t going to make this a very smooth process. I doubt very much whether many policyholders are aware of these rights, with even fewer having exercised them. So does this mean that this shouldn’t be a big issue for insurers? I’m not so sure – remember how EU data protection regulators sat up and took note when an Austrian law student’s data request to Facebook produced a file amounting to over 1,200 pages.
How well are personal lines insurers set up to respond to detailed data enquiries from policyholders? If the FSA’s previous views on how complaints were being handled is anything to go by, then they could well have some way still to go. Let’s hope they’ve learnt from that earlier experience.