In a recent speech to marketing professionals at an event about privacy organised by the Financial Services Forum, I raised the prospect that tensions between the insurance industry and the general public around privacy issues will grow to be as controversial as the misselling of payment protection insurance is today. I also thought that it will be difficult for insurers to avoid much of this ‘privacy controversy’, because of it being fuelled by three big uncertainties:
- changes in how firms acquire information about their customers;
- uncertainty around what is actually covered by privacy;
- changing attitudes around what we share and make public.
These three big uncertainties are not unique to the insurance industry, but are likely to prove more significant to insurers and brokers, in large part because of two recent legal developments: the loss of utmost good faith in personal insurances and the loss of gender as an underwriting factor.
I want to explore the issues surrounding privacy and insurance in a series of blog posts over the next few weeks. I won’t be taking a legal perspective, as lawyers are better qualified for that and also, the law invariably lags public opinion. Instead, I’ll be outlining the types of concerns that the public can have from how insurers can go about their business.
So what is privacy? There are many shelves of academic texts exploring that question, few of which have been able to reach a concensus. I can’t give you a definition of privacy (there are too many to choose from), but I can point out the way in which it has been expressed as a fundamental human right, in this wording from Article 12 of the United Nations Universal Declaration of Human Rights of 1948:
“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”
The last hundred or so years, during which privacy has taken on its present form, has seen it encompass a range of concerns: protection of one’s reputation, protection from searches and interrogations, control over personal information, freedom from surveillance, control over one’s body, freedom of thought and solitude in one’s home. So it’s important to see privacy less as one unified construct and more as a family of related concepts.
The relative breadth and complexity of privacy has not put off some commentators from issuing sweeping statements as to its nature. One assertion that has been cropping up lately in insurance circles has been that if insurers draw on information that is in the public domain, then they needn’t worry about privacy issues. This line of thinking adopts the ‘privacy equals secrecy” approach, in that once information is in the public domain (no matter how limited the disclosure), then it is no longer considered private. However this argument assumes that every act of disclosure is limitless in nature, which is far from how a great many members of the public would see it. It is natural for people to want to keep things private from some people, but not others: for example, you may complain to some colleagues about your boss, but would be upset if they then assumed that they were free to broadcast those opinions around the company.
As insurers explore new ways of sourcing data about prospects, policyholders and claimants, they are often presented with bold statements about the implications that a particular approach has for privacy. Bold statements may grab attention, but often fail to represent the reality of public concerns.
Over the next few posts,I’ll try to outline what I believe will become the principal concerns the public will have with insurers’ sourcing and use of data. I’m referring to them in the future tense, but in reality, they are already emerging. The five issues I’ll be focussing on are: aggregation, secondary use, identification, surveillance and consent.