EU data safety regime to affect sharing plans in insurance sector
Industry reviewing current arrangements for database, says Minister for Justice
Minister for Justice Charlie Flanagan said he had been informed that Insurance Ireland expected to complete a detailed data protection impact assessment by the end of August. Image: Getty Images
The new EU data protection regime will have a “significant impact” on any new plans by the insurance industry to share data between members and with An Garda Síochána, Minister for Justice Charlie Flanagan has said.
Mr Flanagan was responding to a parliamentary question from Fine Gael TD Seán Barrett, who asked what steps were being taken to deal with fraudulent insurance claims.
A report by the Cost of Insurance Working Group, chaired by Minister of State for Finance Michael D’Arcy, published its recommendations on the cost of motor insurance in January last year.
These included actions to address the lack of transparency in the claims area, through the establishment of a national claims information database located in the Central Bank.
It also recommended that to help tackle suspected fraud, a database be established and funded by the industry but held by an independent body, taking into account data protection concerns.
Mr Flanagan said his department had established a working group comprising representatives of the department, An Garda Síochána’s National Economic Crime Bureau, Insurance Ireland and the Motor Insurers’ Bureau of Ireland.
That group had completed a report, which included recommended parameters for the database, who would be responsible for administering it and disseminating data and how the database would be funded. The report was submitted to the Attorney General and the Data Protection Commission (DPC).
In its response, the DPC had “strongly endorsed” the group’s view that detailed data protection impact assessments would be required in order to justify the potential addition of new datasets to the existing Insurance Link database, and the increased sharing of data.
Mr Flanagan said the DPC had also recommended that further work needed to be undertaken “to detail the evidential requirements for the creation of a new database or the enhancement of the existing Insurance Link database”.
“The application of the General Data Protection Regulation (GDPR) last week and the related data protection legislation, which I launched with Minister of State (Pat) Breen in February this year, will have a significant impact on any new data sharing arrangements between industry members and between the industry and An Garda Síochána,” said the Minister.
“As such, the establishment of any new data sharing structures will require careful consideration against the changes to the legislative landscape.”
Mr Flanagan said that as a “starting point”, it was necessary for the insurance industry to undertake a review of the information held on the Insurance Link industry database in the context of GDPR.
“It is also necessary for the industry to assess in more detail what specific additional data is proposed to be shared and in what additional circumstances such data is proposed to be shared,” he added.
“It is essential that a critical balance is identified to ensure that data sharing between insurers is maximised while, at the same time, the data rights of the public are protected. Any changes, therefore, to the existing data-sharing arrangements for the purposes of Insurance Link must be proportional to their effect.”
The Minister said he had been informed that Insurance Ireland expected to complete a detailed data protection impact assessment by the end of August.
In 2010, the Data Protection Commissioner carried out a special investigation into the Insurance Link industry database, which at the time had 2,441,838 claim records on Insurance Link representing details on a large part of the population.
The investigation was prompted by “significant concerns” on the part of the commissioner about the operation and legitimacy of the database and its compliance with data protection legislation.
It found that “far too many individuals in insurance companies had access to the database with little or no oversight of that access”.