Insurtech Data & Privacy in 2019

In this special guest feature, Jason T. Andrew, CEO and co-founder of Limelight Health, discusses how InsurTech is coming of age at just the right time to decide how to use Big Data in a way that protects startups from the pitfalls into which the large social media companies fell. Recognizing the early trend for InsurTech innovation in late 2013, Jason co-founded Limelight Health to deliver better data integration and sales efficiency for insurance carriers, PEO’s, brokers and others in the employee benefits sales ecosystem. As CEO, he has led Limelight through 3 rounds of funding, helped the company close contracts with some of the largest and most well known companies in the U.S and grown the team to over 50 employees. Jason is a serial entrepreneur and has advised numerous Silicon Valley startups as well as volunteering in the industry and community more broadly.

The topic of data seems to be top of mind for most people these days. Seemingly, every time we pick up a phone or open our laptops, we run the risk of being watched in some way. Often, it’s the big five–Apple, Amazon, Google, Facebook, and Microsoft–that are the focus of media attention for collecting our data. In different ways, these companies are tracking our regular habits, our preferences, and more.

A thought leader who has contributed much to the topic of privacy is former FBI Special Agent Chris Tarbell. Tarbell penetrated Anonymous and the Silk Road, both famous for selling people’s personal data on the dark web. He was also involved in the tracking and arrest of Sabu of Anonymous, and Dread Pirate Roberts of Silk Road (Ross Ulbricht). Tarbell recently revealed he personally uses two laptops, one secure for private banking and another for all other activity. He also shared that if a company thinks they haven’t been breached yet, it’s only because they aren’t aware of the breach.

Why does this matter? For starters, there are rigid facts to back up Tarbell’s claims. Ernst & Young released a security survey recently that revealed 59% of respondents had encountered a significant cybersecurity incident within their organization.

Now that we know that privacy is a problem in general, let’s explore what privacy as it relates to the insurance industry. There is actually plenty to be excited about and the overall outlook is not so bleak.

Data and Privacy: Insurance Industry

In Insurtech, when working with data in the employee benefits industry, it is required to comply with HIPAA, SOC 2, and HITRUST, and a number of other pieces of legislation. Why? There are significant considerations to be aware of when working with any insurance company, hospital, or Insurtech vendor. In these partnerships, the companies will be handling protected health information (PHI) or personally-identifiable information (PII), and steps must be taken in order to ensure that people’s privacy is protected.

So, how do we as an industry embrace this new environment? For starters, we need to redefine our expectations around privacy, by advocating for digital transparency.

Some of the protection starts with technology companies and startups. It is critical to start with a philosophy on the executive team and founding team around data and privacy. That has to filter to developers who then consider data protection at the time that technology platforms are built, not afterward, and build better encryption into technology products so that consumers’ data is no longer at great risk. The other way of ensuring that companies are digitally transparent is to enact legislation that empowers consumers and requires companies to protect personal data.

In May 2018, the European Commission began to enforce GDPR, which speaks to consumers’ “right to be forgotten.” Now, a person can ask companies to delete personal data for a multitude of reasons, including a company having no legitimate reason to keep such data. If companies fail to comply with these regulations, they face large fines and potential bans on processing data. This is a great step in the right direction, toward better data and privacy protection for consumers.

The U.S. has not followed suit in the same way, but there are much-needed conversations going on. In August 2018, Bright Local published an article entitled “Is GDPR Coming to the USA?” The writer lays out how something like this would affect US businesses and what it would really look like in America.

In addition, it seems that some of the larger companies in Silicon Valley are on board. In September, Apple and Google urged lawmakers to create new federal privacy legislation. A month later, Apple CEO Tim Cook demanded new rights for American consumers. At the time, Cook said, “It’s time to face facts. We will never achieve technology’s full potential without the full faith and confidence of the people who use it.”

These issues are becoming more relevant to the Insurtech sector. Between 2013 and 2017, more than 1,200 Insurtech companies in 14 categories across 61 countries received over $18 billion in funding, driven by automation, machine learning, and using data sources to make better decisions around everything from pricing and better customer service to selling more products. The industry is in a state of massive growth, and the issues of privacy and big data are at the forefront. Last year alone saw nearly $2 billion poured into Insurtech investments. As data is exchanged between users, startups, carriers and hosting companies,  it has never been a more exciting time to tackle some of these challenges and opportunities.

In the insurance industry, the need to collect census data is non-negotiable. This data is then used to produce an accurate and timely quote. Once that census is with the underwriter, data sets connected via an API can accurately price and recommend products.

Once the insurance plan is sold to an employer, the onboarding process takes place. As on-boarding solutions are developed, automating the gathering and importing of data will retain a lot of personal data. For this reason, privacy and integrity are a critical aspect of any successful platform. CB Insights has said that 40 manual processes account for 25% of an insurer’s cost of doing business. API’s (application protocol interfaces) allow systems to connect together- allowing them to talk with one another, share data, and spread the knowledge outwards.

How Does the Future of Privacy Look?

Big data is here to stay, whether we like the idea or not. Big data is here to stay and our digital footprints will not easily be washed away. But the Insurtech industry can certainly do its part to protect users by guarding privacy, being transparent about the ways data is used, and by developing infrastructure that will keep information safe.

Sign up for the free insideAI News newsletter.