InsurTechs’ Duty of Privacy and Transparency in the Digital Age

Innovators must lead the way in developing technologies that empower users and set the right safeguards for data protection between technology vendors and insurers.

(Image source: Adobe Stock.)

Everyone seems to be up in arms lately about privacy, and for good reason. Between rumors of shady Russian hackers, the proliferation of “fake news” on social media, and the most recent data breach (or instance of data misuse) involving Cambridge Analytica and Facebook, it’s suddenly obvious that private data is not so private after all, and that every “What ‘Friends’ Character are You?” quiz has been giving advertisers (and other more nefarious groups) access to information about personal habits and preferences all along.

Is it really all that surprising? The reality is that individuals today have a substantial digital footprint. People wear sensors and tracking devices that read habits and encourage less risky behaviors. People willingly give Siri, Alexa and “Hey Google” much more than a glimpse of daily home lives. Smartphones, social media, and online finance technologies have developed so quickly that there has been little thought along the way as to the consequences of having so much information publicly available, and how to secure it. And, regulators are now scrambling to retroactively fix problems that are larger than anyone considered possible at the outset.

The InsurTech industry was born in this era, and thus carries both terrific potential and great responsibility. Between 2013 and 2017, more than 1,200 InsurTech companies in 14 categories across 61 countries received over $18 billion in funding, driven by automation, machine learning, and using data sources to make better decisions around everything from pricing and better customer service to selling more products.

Privacy a Top-Priority Issue

Working with data in InsurTech, specifically in the employee benefits industry, requires compliance with HIPAA, SOC 2, and HITRUST, to name a few relevant regulations. There are important considerations that any software provider working with insurance companies, hospitals, or vendors handling protected health information (PHI) or personally-identifiable information (PII) has to be aware of, and take steps to protect people’s privacy.

Hundreds of new HealthTech and InsurTech platforms are coming to market and gaining access to data, and health insurers increasingly have better access to individuals’ health and personal information than ever before. Fortunately, companies are starting to provide Big Data analytics to help insurers evaluate risk, and insurers are starting to use that data to assign rates and set pricing. So, it’s no surprise that both companies and employees consider privacy concerns to be a top issue when determining how much involvement is warranted with new technologies or solutions.

Chris Tarbell, a former FBI special agent who infiltrated both Anonymous and the Silk Road, purveyors of personal information on the dark web is an industry speaker on privacy and security issues. He was involved in the tracking and arrest of both Sabu (of Anonymous) and Dread Pirate Roberts of Silk Road (Ross Ulbricht). In this talk, Tarbell said he personally uses two laptops; one is secure and only used for private banking and NOTHING else. The other one is used for all other online activity. This is his attempt to secure his private data. In his words, “No one’s data is safe; and if a company thinks they haven’t been breached yet, it is only because they are not yet aware.”

The collection of personal information has become so pervasive that one can no longer build a wall around data or adjust privacy settings to a level that will secure everything. Just 12 percent of Americans and 9 percent of social media users overall report a “very high level of confidence” that the government and tech companies can keep personal information safe and secure, according to a Pew study from 2016.

So, how do we as an industry embrace this change and find redemption in the inevitable airing of our dirty laundry? And, how do we in InsurTech aggregate this publicly-available data and use it for good and not evil? We need to redefine our expectations around privacy, and we do it by advocating for digital transparency.

Digital transparency isn’t a new idea. “Privacy means people know what they’re signing up for, in plain English and repeatedly,” said Steve Jobs in 2010, speaking to the Wall Street Journal at the D8 conference. “I believe people are smart, and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you’re going to do with their data,” he added.

Digitally Transparent and Ethically Sound

One arm of protection relies on technology developers to consider data protection as technology platforms are built, not afterward, and build better encryption into technology products so that consumers’ data is no longer at great risk. The other way of ensuring that companies are digitally transparent is to enact legislation that empowers consumers and requires companies to protect personal data. In May 2018, the European Commission will begin to enforce a set of personal data regulations which is the strictest yet in enforcing user data protection. This legislation speaks to consumers’ digital rights, including the “right to be forgotten,” where one will be able to ask companies to delete personal data for a multitude of reasons, including a company having no legitimate reason to keep it.  If companies fail to comply, they face large fines and potential bans on processing data.

InsurTech is coming of age at just the right time to decide how to use Big Data in a way that protects startups from the pitfalls into which the large social media companies fell. We have the opportunity to build the InsurTech industry as digitally transparent and ethically sound, even as we accept the inevitability that the curtain has been pulled back on our privacy as we imagined it. As we revolutionize the insurance industry, it’s all the more important that we lead the way in developing technologies that empower users and set the right safeguards for data protection between technology vendors and insurers.

How Risk Managers Can Feel Comfortable When Insuring Drone Operators

Jason T. Andrew // Jason T. Andrew is a serial entrepreneur advising numerous Silicon Valley startups, and also volunteering in the industry/community. Recognizing the early trend for InsurTech innovation in 2013, Andrew co-founded Limelight Health to deliver better data integration and sales efficiency for insurance carriers, PEO’s, brokers and others in the employee benefits ecosystem. Andrew can be reached for further information or comment via email at

Leave a Comment