Follow Us



4 Ways Insurance Can Prepare for New Data Privacy Laws

Though it only took effect on Jan. 1, the California Consumer Privacy Act, or CCPA, has already changed the way corporations view consumer data. And with the introduction of the New York Privacy Act earlier this year, consumer data control has gone even further. This could mean fundamental changes to data management and basic operations for companies in the insurance industry.

Insurance executives now face an expensive, significant enterprise effort: knowing where data is within a company and how it’s shared — or potentially sold — to third parties. If companies are slow to implement the necessary protections, clients will question their commitment. Insurance is a trust business, after all.

When it comes to a company's use of personal data, nearly seven in 10 consumers say honesty and transparency are key to gaining their trust. Being proactive with data security is a surefire way to build credibility. Companies that are committed to client data privacy should stay ahead of these laws — not respond after the fact.

Turning a Blind Eye

Failing to be compliant when the laws go into effect puts your consumer base and company at risk. You may attract the ire of regulators, who can impose significant fines ranging from $2,500 to $7,500 per violation.

The average data breach involves an estimated 25,575 records and can cost a company about $3.9 million. Just look at Facebook's recent $5 billion Federal Trade Commission fine — the result of data exposure to third-party firm Cambridge Analytica.

If the expense isn’t enough to convince you, the time and effort involved in compliance should. It has the potential to tie up your IT and business teams, limiting your ability to develop business initiatives and remain competitive in the marketplace.

Any state laws similar to CCPA and the New York Privacy Act will fundamentally impact data management. Adding a pop-up to your website asking users whether they want to "opt out" seems like a simple way to be compliant. In reality, compliance requires you to redo privacy statements, put 1-800 numbers in place, adjust your website, and so much more. Each of these steps can be huge undertakings for insurance organizations.

Preparing for the Privacy Age

For agile institutions, these new laws are an opportunity to put the mechanisms in place to be compliant and reassure customers that their data is secure and protected. The following strategies will make it possible for your company to stay ahead of the laws:

1. Start now.

It's very likely other states will follow California's lead and pass consumer privacy laws. To get ahead of any potential issues, launch an initiative now. Insurance organizations move at a methodical pace, and you'll need a lot of time to tackle this problem.

2. Review your current status.

It’s difficult to get anywhere without determining the best place to start. As such, conduct an objective “current state” review. Even if the laws aren’t yet on the ballot, it’s a good idea to review your organization’s current practices and procedures. Then, use existing laws to inform your direction.

For example, New York’s Cybersecurity Regulation requires all banks, insurance companies, and other financial institutions to meet certain criteria. They must have a formal cybersecurity program with written policies for consumers’ private data, a chief information security officer, and established controls to ensure safety.

3. Seek outside help.

Many firms aren’t equipped to review their current state internally. They’re either too close to the business to be objective or don’t have the proper expertise. If this is the case, hire an outside firm to conduct an assessment. That way, you can arrive at a solution for CCPA — or similar laws — while liberating resources to focus on other business ventures.

4. Establish a culture of compliance.

Meeting compliance standards means nothing if you don’t have a culture in place to support them. Review all changes and developments for compliance during the design stage.

If your team members understand any changes from the beginning, they'll be more likely to accept them. This may take time, but it’ll be much easier at this stage. It will also help you avoid having to retrofit compliance on existing infrastructure and applications.

Modern consumers want privacy. Using these laws, differentiate yourself from other insurance companies by making it a core value of your organization. Your commitment to data privacy won’t just check that compliance box, it will also make your business more consumer-centric.

Featured articles




The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.


April 5th – 7th, 2020
The Diplomat Resort
Hollywood, FL
Become a member today to receive updates –


only online

Only Online Archive

ITA Pro Buyers' Guide

Vendor Views

Partner News