An Ontario resident approached a direct writer for an auto insurance quote in March 2005. A new customer, the man gave the insurer his name, date of birth, vehicle informa- tion and property information. Upon receiving the quote, he took his auto insurance business elsewhere.
Little did he know, the insurer would retain his data for the next eight years.
The customer found out in 2013 when he requested to access his personal information from the insurance provider. The insurer con- firmed to him that it had retained his personal information from the 2005 quote. Upon the man’s request, the insurer, a subsidiary of a Canadian bank, deleted the personal information from its database.
But the discovery stuck in the craw of the consumer, who filed a complaint with Canada’s privacy commissioner. In resolving the complaint, the insurer explained that its records management system and retention periods were set by its parent organization, the bank. Under the bank’s policy, a seven-year retention period applied to records such as declined or withdrawn insurance quotes, as well as to records related to declined and withdrawn applications for other bank products (e.g., credit cards, loans, mortgages, etc.). The purpose of retaining the data was to substantiate a lack of bias or discrimina- tion in the approval or declining of a product, the insurer said.
But the consumer couldn’t understand why his information had not been deleted after seven years, as per the bank’s policy. He also didn’t understand why a seven-year retention period would apply to personal information collected for an insurance quote that is valid for only 60 days.
Canada’s privacy commissioner sided with the complainant. The insurer thus narrowed its retention period for auto quotes to three years, reflecting standard fraud prevention requirements. By November 2014, the insurer’s system automatically deleted each month all auto quote records after three years.
Problem solved, right? Not so fast...
Data collection remains a hot – and sensitive – topic in the in- dustry. As data becomes the next hot currency akin to gold, a type of confidence game is developing: Can the industry be trusted with a consumer’s private information?
Whose information is this, anyway?
Discussion about data always boils down to where the information came from in the first place, insurers and brokers say. “‘Whose in- formation is it?’ That’s the question,” says Brenda Rose, vice pres- ident of FCA Insurance Brokers. “It’s the customer’s information. It’s not the insurer’s and it’s not the broker’s information. It’s only ours in our role as representatives of the customer. We are custodi- ans of that information because that’s where our duty lies, legally. When we are sharing information with the insurer, we are doing so on behalf of the customer.”
Based on this fundamental understanding, the Insurance Brokers
     DATA COLLECTION l COVER FEATURE
canadianunderwriter.ca | February 2020 23