Please don’t talk about data misuse! …and other ambiguous terms.
The language we use when talking about an ethical situation is important. Words can sometimes convey more than their simple meaning, and hide more than they are meant to explain. It’s a habit that the insurance sector could be slipping into with regard to what I believe to be the biggest ethical issue it will confront over the next five years.
Clarity of language matters because it supports openness in how discussions are conducted. Openness in turn helps support an ethical culture. In the UK, clarity of language is often summed up as ‘calling a spade a spade’. So if someone turns out of have lied about some performance figures, this shouldn’t be referred to as having ‘misrepresented the facts’. It should be referred to as lying.
People use ambiguous terms like ‘misrepresenting the facts’ to distance themselves from the unethical behaviour that is at the heart of the situation being described. That distance might be an attempt to rationalise their own bad decision, or might be a way of disassociating themselves from those more directly involved. Either which way, it has the affect of diluting the seriousness of the situation and potentially, diminishing the firm’s interest in addressing the problem.
So let’s consider the term data misuse, being used by the insurance sector to cover two things: firstly, not having adequate security measures in place to prevent unauthorised access to data, and secondly, using policyholder data in ways for which the insurance firm does not have the policyholder’s consent. Both circumstances have a direct impact on the privacy of the policyholder’s data, and it’s privacy that I see as the sector’s number one long term ethical risk.
Let’s be clear – using someone else’s data in ways for which consent has not been given is not ‘misuse’; it’s illegal. Referring to this as data misuse is a little like referring to insurance fraud as misclaiming.
And gaining unauthorised access to policyholder data entrusted to a firm would be fraud by the individual involved, and for the firm holding such data, it could constitute a breach of regulations. Of course the firm wasn’t expecting the data it held to be accessed by an unauthorised person, but nevertheless, it was under a duty of care to protect it, and under a regulated obligation to take sufficient steps to prevent it.
Some insurance firms might find the comparison with ‘misclaiming’ inappropriate (and I used it to nudge firms into reflecting on the importance of consent), but so might the policyholder who finds their data has been ‘misused’. Both deserve clarity of language. The cumulative financial impact of data theft can be huge, as customers of Barclay’s Bank in the UK, and Target stores in the USA, would testify.
In the South Korean insurance market, data misuse (in both its forms) has led to serious interventions by the regulator. Some lines of new business have been closed down until problems are resolved. It’s a market with a long way to go to rebuild consumer trust (as p22 of this report illustrates).
Using clear and unequivocal language has an important part to play in delivering ethical leadership within a firm. Diluting the language reduces the seriousness with which the problem is perceived and undermines any ethical vision that those in charge are trying to deliver. Words count.