Navigating Third-Party Data, Data Privacy, and Data Management in P&C Insurance

As we discussed in our recent blog post ‘Revolutionizing Insurance Through Data-Driven Innovation’, the coalescence of big data, advanced analytics, and AI is driving modernization, enabling efficiency, and enhancing customer experiences. Insurers today have access to vast amounts of third-party data that provide deeper insights into risk factors and allow for more accurate and dynamic underwriting. But what exactly is ‘third-party data’?

In the insurance industry, third-party data refers to information collected from external sources that are not directly involved in the insurance transaction between the insurer and the insured. This data is obtained from various third-party providers and can include a wide range of information that enhances the insurer's understanding of risk, customer behavior, and market trends.

As Alyssa Guerrieri, Vice President at Nationwide E&S/Specialty explains: “Our partners’ ability to leverage third-party data as part of the underwriting process improves risk selection through evaluation of risk characteristics that may not be readily apparent or attainable in standard submission documentation.”¹

What are Examples of Third-Party Data Uses in Insurance?

1. Credit Scores: Data from credit bureaus can be used to assess the financial reliability of policyholders, which is particularly relevant in auto and home insurance.
2. Telematics Data: Information from connected car devices that track driving behavior can be used to determine auto insurance premiums more accurately.
3. Weather Data: Historical and real-time weather data from meteorological services can help insurers assess the risk of natural disasters and plan for potential claims surges.
4. Health Data: Data from medical records, wearable devices, and health monitoring apps can be used to better understand an individual's health risk profile, especially helpful for life and health insurance.
5. Property Data: Information on property characteristics, maintenance records, and real estate transactions can assist in underwriting home insurance policies.
6. Social Media Data: Insights from social media platforms can be used to understand customer preferences, detect fraudulent activities, and enhance marketing efforts.
7. Geospatial Data: Geographic information systems (GIS) data can help insurers assess environmental risks, such as flood zones or earthquake-prone areas.

Third-party data in the insurance industry provides valuable insights that can enhance risk assessment, detect potential fraud, streamline operations, and improve customer experiences. As the industry evolves, strategic use of third-party data will become increasingly important in driving innovation and competitiveness.

Challenges and Considerations with Third-Party Data

With the plethora of third-party data available in the ecosystem, a key challenge becomes selecting data that is both high quality and fit for purpose. Per Bryan Adams, head of catastrophe analytics at Arch Insurance, navigating all the different data sources out there can be overwhelming. At Arch, they work to truly understand the problems they want to address and the optimizations they want to gain first. Then they seek different types of vendors who can provide the “right data for the right purpose” – and ensure the data is both relevant and continually updated.²

Data Privacy Protection

Although both digitization and the extensive use of customer data have brought significant benefit to the insurance industry, these advancements have also brought an increased need for protection and a demand for data privacy. As an aspect of data protection, data privacy addresses the proper storage, access, retention and security of sensitive personal data or personally identifiable information (PII), such as names, addresses, Social Security numbers and other financial and health information.³ The widespread use of smart phones, telematics, IoT and wearables means that a tremendous amount of personal data is regularly collected on digitally connected devices. This extensive data collection has led to the development of state and federal regulations to prevent consumer data from being sold and shared without permission.

The implementation of the EU’s General Data Protection Regulation (GDPR) in 2018 requires companies to allow consumers to opt in to the collection and use of personal data. In January 2020, the California Consumer Privacy Act (CCPA) went into effect to further protect consumers by requiring companies operating in the state to provide them with greater control over their personal data. Since then, many states across the country have introduced their own regulations, with several more planning to do so in 2024 and beyond, creating an environment where maintaining compliance is becoming increasingly arduous.

The National Association of Insurance Commissioners (NAIC)⁴ has also developed several model laws that concern consumer data privacy:

• The Health Information Privacy Model Act (#55) 
• The Insurance Data Security Model Law (#668) 
• The NAIC Insurance Information and Privacy Protection Model Act (#670).   
• The Privacy of Consumer Financial and Health Information Regulation (#672).   
• The Standards for Safeguarding Customer Information Model Regulation (#673) 

Regulation #672 was adopted by every state to comply with the Gramm-Leach-Bliley Act (GLB) passed in 1999. GLB required that financial institutions, including insurance carriers, must inform their customers about their information sharing practices, as well as explain the customer’s right to ‘opt-out’ from having their information shared with specific third parties.⁵ Since the model regulation is over two decades old, it fails to account for the technological advancements enabling widespread data collection. The NAIC has, therefore, tasked the Privacy Protections (H) Working Group with drafting a new Privacy Protections Model Act (#674) to replace Models #670 and #672.⁴

Data Management

Essential for leveraging third-party data, ensuring data privacy and compliance, and driving ultimate business objectives, data management incorporates the activities involved in gathering, storing, safeguarding, and utilizing an organization’s data. It encompasses a variety of policies, tools, and procedures that enhance the usability of data while adhering to legal and regulatory requirements.⁶

Per Celent, data management challenges are diverse and require a comprehensive strategy that includes consistently monitoring data management infrastructure and making necessary adjustments. Data governance and quality are essential for managing the influx of data from an increasing number of sources and systems. “AI, ML, and other advanced technologies like NLP (Natural Language Processing) will continue to play a key role in data management, analysis, and reporting. Insurers need to modernize and expand existing data governance frameworks to support the end-to-end AI development life cycle.”⁶

Obstacles to reaching data management maturity include siloed systems, talent gaps, and risk management challenges. To reach high maturity levels, insurers need to break down organizational silos, drive data sharing, instill analytical skills as core competencies, and embed data-driven decision making throughout the organizational culture.  

Keeping Payment Data Secure

Insurers who store sensitive personal data can be prime targets for hackers. Having sensitive payment data in your system increases your security risks and your compliance burden. One Inc takes cybersecurity seriously. We adhere to industry-leading security requirements that reduce your risk of exposure, simplify your network security and compliance practices, and help to protect your policyholders from payment data theft. As a Nacha Certified Third-Party Sender, we have met rigorous standards for risk management and compliance, demonstrating the strength of our corporate controls.

Learn more.

Sources:

1. Nationwide – https://nationwideexcessandsurplus.com/news-insights/property-casualty/articles/how-data-trends-will-drive-innovation-in-the-insurance-industry
2. Digital Insurance – https://www.dig-in.com/list/arch-insurance-exec-talks-about-managing-third-party-data
3. TechTarget – https://www.techtarget.com/searchcio/definition/data-privacy-information-privacy
4. NAIC – https://content.naic.org/cipr-topics/data-use-privacy-and-technology
5. FTC – https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act
6. Celent – https://www.celent.com/insights/342772934