COVER FEATURE l DATA COLLECTION
  “We don’t need more regulation,
but we might need more transparency around how information is being used and what it’s being used for.”
in those two reports are governed by MTO [Ministry of Transportation On- tario] rules and regulations, which are quite different than industry norms,” Simpson says. “Most [insurance] com- pany contracts with brokers will state that you have to retain all information on a client for seven years. But if that cli- ent leaves the brokerage, you’ve got 30 days to destroy the personal data in an MVR or AutoPlus, so there are conflicts we have resolve within our industry to make sure we are all on the same page.”
Issues around data collection have more to do with just regulation and compliance, Rose says. There’s also the data security issue.
“If you are a brokerage or a carrier, and you are retaining all kinds of in- formation, everything you retain is a security hazard,” she says. “If you are breached and a bad actor then has ac- cess to it and abuses it, then you now have a responsibility or a liability. You have to weigh the need for retaining [the information] for self-protection – to prove why you made a decision – versus a potential risk if you get hacked.”
Privacy and security are fundamental data issues, to be sure. But perhaps the greatest sensitivity around the use of consumer information cuts to the core of the trust between brokers and insurers. This, above all, is a distribution issue.
“It comes down to broker-carrier re- lationships,” Rose says. “If, as a broker, I shared information with a carrier and then subsequently found out they were sharing that information with someone else because they weren’t successful at ob- taining the business with us, then I would not be able to trust that relationship. The vast majority of carriers are careful about this and, before they start talking about a file with a different broker, they require authorization from the insured.”
Confidence game
Privately, brokers have told Canadian Underwriter data collection stories that make them nervous. The underlying fear is that insurers are using client data supplied by brokers to establish a direct relationship with clients, thus cutting brokers out of the action.
Association of Canada (IBAC) prepared a report in 2014 on appropriate data usage. IBAC CEO Peter Braid summarized the essence of the report saying that IBAC “supports PIPEDA fair information prin- ciples.”
In an email to Canadian Underwriter, the Office of the Privacy Commissioner of Canada reiterated that the Person- al Information Protection and Electronic Documents Act (PIPEDA) outlines 10 principles of fair information practices, including:
• Using or disclosing personal informa-
tion only for the purpose for which it was collected, unless the individual consents, or the use or disclosure is authorized by the act.
• Keeping personal information only as long as necessary to satisfy the purposes.
• Putting guidelines and procedures in place for retaining and destroying personal information.
• Keeping personal information used to make a decision about a person for a reasonable time period. This should allow the person to obtain the information after the decision and pursue redress.
In addition to supporting these and other PIPEDA principles, Braid says, IBAC believes “consumers’ consent for direct or indirect use or disclosure of their personal information must be explicit and must not be assumed by default.”
Transparency
Is the industry making clear the purpos- es for which it collects consumer data?
“We don’t need more regulation,
but we might need more transparen- cy around how information is being used and what it’s being used for,” Rose says. “What’s evolving is the use to which people can put the informa- tion. If a carrier collects information and all they do is generate a quote with it, that’s fine. If they then try to use it to do some kind of analysis and learn something about this client and then come back to the client in some way that was not intended by the customer, that’s when it’s crossing the line.”
If a client doesn’t know how insurers are using the data, then it’s difficult to know whether the consumer has given the insurer consent to use that informa- tion for the purpose to which it is put.
“I think there’s a bit of a grey area in the industry as to whether explicit or implied consent is required for certain activities,” says Colin Simpson, CEO of Insurance Brokers Association of On- tario (IBAO). “One example is marketing activities. If you as a consumer have gone in to get a quote from an insurance bro- ker, have you then opened yourself up for any company to which you have pro- vided this quote to market directly back to you again? To me, the answer is no.”
Another ambiguity comes out of con- flicting contractual terms – both within and outside the P&C industry — that de- fine personal and commercial informa- tion and retention policies differently, as Simpson points out.
“In Motor Vehicle Reports [MVRs, which show an Ontario customer’s driving history] and AutoPlus Reports [which show auto claim history], for example, the collection of the data held
24 February 2020 | Canadian Underwriter