Our Wired World

Data & Privacy in 2019

What can you do to protect yourself from the lunatic who is savvier than you, and how to reap the benefits of data gathering

by Jason T. Andrew

Mr. Andrew is CEO and co-founder of Limelight Health, a technology platform that delivers quoting, underwriting, and proposal solutions for the employee benefits industry. Visit limelighthealth.com

Everyone is talking about data. It seems like every click we make and every call we take gives away more data about our daily habits and preferences. So naturally, any conversation about data leads to concerns about privacy. The more one learns about who is gathering data on us, and how much of your personal data it is “out there,” the easier it is to start asking if George Orwell’s 1984 has actually arrived.

It really does seem as though Big Brother is tracking us. The most common focus in the media is on how our social media and personal data is used– and how companies like Google, Apple, Amazon and Facebook are not only very aware of who we are (and know our preferences and habits better than we do), but have our entire footprint archived and for sale.

Forbes brings a new twist to the concept of data tracking in their recent article entitled “United’s Apple Disclosure Reminds Us About the Value of Offline Data.” In the article, the author states that “An internal promotional poster prepared by United Airlines for its employees went viral. The poster revealed not only that San Francisco to Shanghai was the most important route for Apple from SFO but went on to list Apple’s top 10 most important destinations from the airport, revealing a ground-truthed look at the locations most important to Apple at the moment”.

“The more important story,” says the author, “is just how much of our lives are now recorded in the archives of private companies and the exquisitely detailed portraits that data offers of our patterns of life.”

Cybersecurity & The Dark Web

Chris Tarbell recently spoke at a private event in Palo Alto, CA. Chris is an industry speaker on privacy and security issues who also happens to be a former FBI special agent. Tarbell infiltrated both Anonymous and the Silk Road, purveyors of personal information on the dark web, and was involved in the tracking and arrest of both Sabu (of Anonymous) and Dread Pirate Roberts of Silk Road (Ross Ulbricht). In this talk, Tarbell said he personally uses two laptops; one is secure and only used for private banking and nothing else. The other one is used for all other online activity. This is his attempt to secure his own private data. In his words, “No one’s data is safe; and if a company thinks they haven’t been breached yet, it is only because they are not yet aware.”

A recent Ernst & Young security survey backed Tarbell up on this when revealing that 59 percent of respondents had encountered a significant cybersecurity incident in their organization. Because insurers store so much sensitive personal and business data, they have become a prime target.

Now that we have painted a very bleak outlook on data generally, there is actually plenty to be excited about and the overall outlook may not be as dark as this article has started to suggest.

Working with data in Insurtech, specifically in the employee benefits industry, requires compliance with HIPAA, SOC 2, and HITRUST, to name a few relevant regulations. There are important considerations that any software provider working with insurance companies, hospitals, or Insurtech vendors handling protected health information (PHI) or personally-identifiable information (PII) has to be aware of, and they must take steps to protect people’s privacy.

Redefining Our Expectations On Privacy

So, how do we as an industry embrace this new environment and find redemption in the inevitable airing of our dirty laundry? And, how do we in Insurtech aggregate this publicly-available data and use it for good and not evil? We need to redefine our expectations around privacy, and we do it by advocating for digital transparency.

Digital transparency isn’t a new idea. “Privacy means people know what they’re signing up for, in plain English and repeatedly,” said Steve Jobs in 2010, speaking to the Wall Street Journal at the D8 conference. “I believe people are smart, and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you’re going to do with their data,” he added.

Some of the protection starts with technology companies and startups. It is critical to start with a philosophy on the executive team and founding team around data and privacy. That has to filter to developers who then consider data protection at the time that technology platforms are built, not afterward, and build better encryption into technology products so that consumers’ data is no longer at great risk. The other way of ensuring that companies are digitally transparent is to enact legislation that empowers consumers and requires companies to protect personal data.

The more one learns about who is gathering data on us, and how much of your personal data it is “out there,” the easier it is to start asking if George Orwell’s 1984 has actually arrived...

In May 2018, the European Commission began to enforce a set of personal data regulations which is the strictest yet in enforcing user data protection. This legislation speaks to consumers’ digital rights, including the “right to be forgotten,” where one will be able to ask companies to delete personal data for a multitude of reasons, including a company having no legitimate reason to keep it. If companies fail to comply, they face large fines and potential bans on processing data.

There’s A Lot Of Buzz…

The U.S. has yet to follow suit, but there is quite a bit of conversation going on. In November 2018, Fortune magazine published an article entitled “In the Wake of GDPR, Will the U.S. Embrace Data Privacy?” The writer lays out that in July, the White House said it was looking forward to working with Congress on “a consumer privacy protection policy that is the appropriate balance between privacy and prosperity.” Since that time there have been a deluge of data protection bills produced, mostly from Democrats.

In addition, it seems that some of the larger companies in Silicon Valley are on board. The author states, “In September, Apple and Google urged lawmakers to create new federal privacy legislation. A month later, Apple CEO Tim Cook demanded new rights for American consumers. ‘It’s time to face facts,’ he said. ‘We will never achieve technology’s full potential without the full faith and confidence of the people who use it.’”

These issues become more and more relevant to the Insurtech sector, as it continues to grow substantially. Between 2013 and 2017, more than 1,200 Insurtech companies in 14 categories across 61 countries received over $18 billion in funding, driven by automation, machine learning, and using data sources to make better decisions around everything from pricing and better customer service to selling more products. 2018 alone saw nearly $2 billion poured into Insurtech investments. As data is exchanged between users, startups, established carriers (and new carriers) and hosting companies (how much data, for example is housed on AWS) it has never been a more exciting time to tackle some of these challenges and opportunities. So where are some of these opportunities, and what are some things we should expect to see take place?

Big Brother really is watching

…and Big Brother is your insurance company, and the Insurtech startup it has partnered with. But this sibling is friendly, compliant, helpful and wants to support your success. We’ve established that more and more data is being collected and therefore tracked than ever before. Online. Offline. Historical. Archived. Our digital footprint is expanding. As we get more and more connected systems, we will see more and more uses for that data.

In the insurance industry, there is a huge need to collect census data and get it to the proper channels in a clean and seamless way, so you can produce an accurate and timely quote. In addition, once that census is with the underwriter, data sets connected via an API can help better price and recommend products.

Once the product is sold to an employer, then onboarding or enrolling them needs to take place. Both of these processes are onerous. As onboarding solutions are developed that will begin automating the gathering and importing of data, it goes without saying that data privacy and integrity will be a crucial part of any successful platform.

We can only spread our knowledge outwards

API’s (application protocol interfaces) are a beautiful thing. CB Insights has said that 40 manual processes account for 25% of an insurer’s cost of doing business. API’s allow systems to connect together, allow them to talk with one another, share data, and to ‘spread the knowledge outwards’.

Some of the very basic manual processes in the insurance industry that can be significantly improved, thus bringing better user experiences and bringing down costs are:

  • Automating Notifications
  • Building Workflow Between Systems
  • Automating Workflow Actions
  • Creating Tracking and Analytics
  • Marketing Automation
  • Automating RFP’s
  • Tapping data sets for pricing

These may seem basic but this is just the beginning. But automation, API connectivity, and data sets that set pricing are all very new concepts in the group benefits space. Most of these processes are still being done manually. We have to walk before we run, and walking means we need to get the basic infrastructure in place.

The clocks were striking thirteen

Big data is here to stay, whether we like the idea or not. Our digital footprints will not easily be washed away. However, in the Insurtech industry, we can certainly do our part to protect the people we serve by guarding their privacy, being transparent about the ways we use their data, and by developing infrastructure that will keep information safe even as we create ways to streamline and automate the processes that utilize data to grow our businesses. ◊