最有看点的互联网金融门户

最有看点的互联网金融门户
专栏国际资讯监管与政策

美国政府或将出台全国性隐私法案,保险公司准备好了吗?

专栏国际资讯监管与政策

美国政府或将出台全国性隐私法案,保险公司准备好了吗?

随着全球数字变革继续进行,数据隐私和保护方面的问题日益增多。基于互联网的社交网络、移动应用、电子商务和商业平台正大量收集和分析市民和消费者数据,并且通常是在消费者不完全知情的情况下进行。

对于许多组织来说,收集个人数据并借此实现盈利是一项核心商业行为。他们利用个人数据来推动销售、提高客户体验并进行定向营销。部分商业模式通过向外部广告商出售此类数据访问权限盈利,而获得此类数据的广告商则会向消费者发送定制广告。

但是,全球每天都会出现许多新型数据隐私侵犯问题的报道,消费者开始愈发关注自己个人数据的存储和处理方式。政策制定者和监管者也通过严格的新型规则和法规表现出对电子隐私社会问题的关注。

2018年5月15日,欧盟《通用数据保护条例》(后文简称GDPR)开始生效。作为全球最严格的数据保护体系,GDPR的影响并不局限在欧盟境内,任何向欧盟居民提供商品或服务或监控欧盟居民行为的公司都受到严格的法规约束。GDPR的核心概念是"同意",也就是说消费者有更多权力来决定自己个人数据的处理方式。例如,消费者拥有被遗忘权,并有权在申请后一个月内访问任何公司拥有的与其相关的信息。

保险行业的过去、现在和未来都与数据息息相关。数据是整个保险价值链的关键组成部分,对于寻找潜在客户、营销、承保、理赔等各环节来说,数据不可或缺。数据是保险行业生存的根本,因此,行业必须谨慎处理数据,并严格遵守全球各地的消费者保护法。

美国财产保险协会(PCIAA)联邦政府关系资深副总裁Nat Wienecke表示:

"对于保险从业人员来说,数据是我们所有业务的根本。新推出的法律可能会阻止我们获取高效承保产品所需的数据,这肯定让我们非常担忧。"

美国目前还没有类似GDPR的联邦隐私法。但是,国会已经开始着手进行全国性隐私法的基础工作。特朗普政府表示,今年夏天当局已经与公司和其他兴趣方会面,希望能够制定出白宫发言人Lindsay Walters所说的寻求"隐私和发展之间的适当平衡"的政策。

目前,各州正在加强自己的隐私保护。2020年,《加利福尼亚消费者隐私法案》(CCPA)将开始生效。据称该法案与GDPR类似,将强制要求公司根据消费者的要求告知所收集的个人数据内容、收集的原因以及接收数据的第三方类型。

据美联社报道,AT&T、亚马逊、苹果、谷歌、Twitter和Charter Communications等公司的高管已呼吁国会解决CCPA等各州隐私法的不一致问题,支持出台统一的联邦提案。

Wienecke表示,

"我认为普通消费者并不了解个人信息的公开程度。通过GDPR,欧洲在个人数据持有者及其合法利用方式方面已经走在了前沿。而美国目前针对这些问题并没有真正的解决方案。

许多消费者都不知道详细的消费者数据是可以购买的,就像从杂货店购买食品一样。这方面的意识尚未普及,全国对此也没有统一的定论,作为保险行业,我们认为我们需要拥有数据才能了解风险。通过此类数据,我们能够了解全球某些真正创新的风险模型,让保险公司能够尝试不同的承保标准,并推动行业进步。"

Clyde & Co高级经理Charlotte Warlock认为,在美国实施类似GDPR的全国性隐私法律可能需要进行大量的文化转变。她说道:"对于许多美国技术公司[和数据依赖型行业]来说,披露个人数据的处理方式这个理念非常具有挑战性。

我最近在加利福尼亚参加了一场保险会议,主要讨论《加利福尼亚消费者隐私法案》。现场一位听众提出了这样的问题:'要是我们不想公布所拥有的个人数据内容呢?如果我不想删除这些数据呢?毕竟我就是靠这些赚钱的。'这就是文化难题,我们需要让公司意识到他们应该保护人民的权利,尤其是隐私权。"

更严格的隐私法不仅会影响保险行业,还会影响保险消费者。保险公司的角色时刻在变化,他们不仅要确保自身遵守隐私法,还要向他人提供最佳实践建议。

Worlock又说道:

"保险公司和经纪人需要鼓励被保险人制定合适的计划,并查看自己获得的数据内容以及处理方式。他们是否落实了对应的程序来应对数据主体的获取请求?是否考虑过制定自己的泄露通知计划?是否考虑过发现泄露后的响应速度,并按时采取措施以减轻监管责任?如果有合适的流程落实到位,将能够减轻许多被保险人这方面的责任。"

As the world progresses down its path of digital evolution, issues around data privacy and protection are increasingly amplified. Internet-enabled social networks, mobile applications, e-commerce and business platforms are collecting and analyzing citizen and consumer data in monumental proportions. This is often without consumers being fully aware of the practice.

For many organizations, the collection and monetization of personal data is a core business practice. They use personal data to boost sales, improve the customer experience and to target their marketing. Some business models rely on selling access to this data to external advertisers who then target consumers with tailored advertising.

However, with a new data privacy breach hitting the global headlines every day, consumers are becoming increasingly concerned about how their personal data is being stored and processed. This great societal shift around the notion of digital privacy has been recognized by policy makers and regulators in the shape of strict new rules and regulations.

On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into effect. As the strongest data protection regime in the world, the GDPR has extra-territorial reach that applies strict regulation upon any company offering goods or services to EU residents or monitoring the behavior of EU residents. The GDPR is built around the concept of ‘consent,’ meaning consumers have more power to determine what happens with their personal data. For example, they have the right to be forgotten and the right to access any information a company holds on them within one month of asking.

Insurance is and always will be a data industry. It’s a vital component across the entire insurance value chain, from prospecting, to marketing, to underwriting, to claims and so on. Data is the air the insurance industry breathes, and yet the industry must be cautious and abide by the consumer protection laws coming into force around the world.

“As insurers, data is the foundation of everything we do. We would certainly be nervous about the introduction of a law that might deny access to the data we need to underwrite our products effectively,” said Nat Wienecke, senior vice president for federal government relations at the Property Casualty Insurers Association of America (PCIAA).

The US does not yet have a GDPR-style federal privacy law. However, Congress has started laying the ground-work for a national privacy law. The Trump White House said this summer that the administration is meeting with companies and other interested parties to hopefully come up with a policy that’s “the appropriate balance between privacy and prosperity,” according to White House spokeswoman Lindsay Walters.

At present, individual states are enacting their own privacy protections. In 2020, the California Consumer Privacy Act (CCPA) will come into effect. It has been described as being similar to GDPR in that it will compel companies to tell customers upon request what personal data they’ve collected, why it was collected and what types of third parties have received it.

However, senior executives at firms like AT&T, Amazon, Apple, Google, Twitter and Charter Communications have appealed to Congress against the inconsistency of state privacy laws like the CCPA and have all come out in support of a federal proposal, according to the Associated Press.

“I think there’s a lack of knowledge among the average consumer about how much information is essentially publicly available on any one individual person,” Wienecke told Insurance Business. “By introducing the GDPR, Europe is at the tip of the sphere in terms of who owns personal data and what can be legally done with it. The US hasn’t really answered some of these questions yet.

“Lots of consumers don’t realize that you can buy specific consumer data in the same way that you can buy food at a grocery store. There’s a lack of awareness around that, and as our country debates what that means, I think our primary view as an insurance industry is that we need to be able to have data in order to understand risk. Because of this data, we’re starting to see some really innovative risk models around the world, which is allowing insurers to experiment with different underwriting criteria and is enabling progression in the industry.”

Enforcement of a GDPR-style national privacy law in the US would require a considerable cultural shift, according to Charlotte Warlock, senior associate at Clyde & Co. She said: “It’s a very challenging concept for some US tech companies [and data-reliant industries] to have to disclose what they’re doing with your personal data.

“I was at an insurance conference recently in California and we were discussing the California Consumer Privacy Act. One of the queries from the audience was: ‘What if I don’t want to tell you what personal data I have on you? And, what if I don’t want to delete it? Surely I should be able to make money from this.’ That’s where it’s going to be culturally quite challenging to get companies to see that they should be protecting people’s rights and people’s privacy rights in particular.”

Stricter privacy laws won’t just impact the insurance industry; they will also impact insurance consumers. Insurers are in a dynamic position where they must comply themselves and also advise others around best practices.

“Insurers and brokers need to encourage insureds to institute a proper plan and to look at what data they’ve got and what they’re doing with it,” Worlock added. “Do they have a proper procedure in place to respond to data subject access requests? Have they considered their breach notification plan? Have they considered how quickly they can respond to the discovery of a breach and mitigate their regulatory liability by making sure they do everything on time? By having proper processes in place, a lot of insureds would reduce that liability.”

本文系未央网专栏作者渺渺发表,属作者个人观点,不代表网站观点,未经许可严禁转载,违者必究!

用微信扫描可以分享至好友和朋友圈

扫描二维码或搜索微信号“iweiyangx”
关注未央网官方微信公众号,获取互联网金融领域前沿资讯。

发表评论

发表评论

您的评论提交后会进行审核,审核通过的留言会展示在下方留言区域,请耐心等待。

评论

您的个人信息不会被公开,请放心填写! 标记为的是必填项

取消

渺渺

38
总文章数

TA还没写个人介绍。。。

2018年美国融资数额前十名,两家金融科技创企榜上有名

Joanna Gla... 12-10

美国:国会议员提出加密货币和ICO联邦监管计划

Adrian Zmu... | 巴比特资讯 12-06

监管不确定性成英国区块链公司最关心的问题之一

Mark Emem | 巴比特资讯 12-04

美国怀俄明州高票通过区块链银行法案

GEORGI GEO... | 巴比特资讯 12-03

美国财政部首次将数字货币地址列入制裁名单

栀航 11-30

版权所有 © 清华大学五道口金融学院互联网金融实验室 | 京ICP备17044750号-1