8 minute read 10 May 2019
How insurers can maintain customer trust while using their data

How insurers can maintain customer trust while using their data


Tapestry Networks

Professional services firm

Tapestry Networks creates an environment where leaders learn from one another, explore new ideas, and collaborate to solve problems.

8 minute read 10 May 2019

Insurers can maximize value from their data assets while maintaining – and even growing – consumer trust and protecting their reputation. 

Competitive pressures are driving insurers to take advantage of the large amounts of data at their disposal. But security and privacy concerns are limiting their ability to do so. As they face challenges in collecting and using that data, regulation and customer expectations are increasing standards for privacy and data governance. 

You need to build privacy requirements into the DNA of how you work as an organization.
IGLN Summit participant

The Insurance Governance Leadership Network (IGLN) met in New York on 5 December to explore how the industry can derive strategic value from data, safeguard consumer rights and retain its reputation. The network is organized and led by Tapestry Networks and supported by the EY organization. Three key themes emerged from these discussions:

  1. Big data and data analytics can generate significant business opportunities
  2. Substantial challenges impede insurers’ efforts to maximize value from their data assets
  3. Privacy and data governance commands executive and board attention
business woman looking on glass wall
(Chapter breaker)

Chapter 1

Big data and analytics can generate significant business opportunities

Insurers with top-down data and analytics strategies will succeed and outperform the industry.

Insurers possess immense amounts of data about their customers and are looking to take greater advantage of it. The stakes are high, as the effective use of data is critical for long-term survival. One IGLN participant said, “This industry, especially life, is at the infancy stage in doing this. The question is, ‘How can we revolutionize life underwriting for the first time in 50 years?’ It may take 10 years to do that. It’s a worthwhile journey, but the journey is just starting.”

IGLN participants identified several areas where new uses of data present significant business opportunities:

  • Improving the customer experience. Insurers are implementing this through customization, tailored solutions and ease of use, all of which require deeper and broader access to customer data. While some customers are reluctant to share personal information, they are more likely to do so when there is clearly a benefit.
  • Targeting products to existing customers. Collected information is used to sell additional products and services to existing customers. As one director described: “If someone buys a cancer policy, what else might that person find useful? What have we seen historically in our product group that would help them? Big data would give us information to do that.”
  • More precise risk identification. New technologies enable better management of risks through superior data analysis. One IGLN participant said that while improving the customer experience is the most immediate application for data analytics, “the 10-year quest for us is how to use data to manage and predict future risk outcomes.” 
  • Broadening coverage. Better data can potentially widen the scope of coverage by generating a more nuanced understanding of risk pools. One participant said, “We may be able to have better data around health issues. There are societal goods that can come from this if people are willing to share their data.”
  • New types of coverage. More data can make possible the development of new product lines for specific types of consumers. For example, by drawing on telematics devices in cars, insurers can offer usage-based policies. One participant noted, “One thing that’s coming is per-kilometer charging. That’s great for me, but not so good for the insurance companies. I don’t drive a lot, I live in the city, I'm absolutely that customer. These technologies are going to change everything.”
Solo Session Climbing Centre
(Chapter breaker)

Chapter 2

Substantial challenges impede efforts to maximize value from data assets

Leaders need to make hard business decisions about the risk versus the benefit of retaining data.

While the proliferation of data affords clear opportunities, insurers face impediments in realizing the value of their data, as well as heightened scrutiny from policymakers, regulators and consumers. Some customers are reluctant to trust insurers with their information, and evolving privacy regulations and norms impose constraints on data use. 

General Data Protection Regulation

In May 2018, the General Data Protection Regulation (GDPR) came into effect across the European Union (EU). This regulation codifies and enshrines new consumer rights and organizational responsibilities, focusing boardroom attention on compliance and readiness. While GDPR applies only to firms that collect personal data on EU residents, it may represent the leading edge of privacy regulation globally. Advocates and critics of GDPR agree that the privacy and data protection principles from which it is derived enjoy broad social acceptance.

US privacy regulations

In the US, insurers face privacy regulations at both federal and state levels. The Federal Trade Commission enforces fair-trade practices in privacy and data use, and different federal laws and regulations govern the use of specific types of data. For example, the US Chamber of Commerce is calling for Congress to adopt a federal privacy framework, and the Business Roundtable released a framework for a national consumer-privacy law, urging lawmakers to pass privacy legislation in 2019. Large technology firms, even those that opposed privacy laws in the past, have also been lobbying for federal privacy legislation.

Privacy regulations constrain organizations’ ability to use data by limiting what they can collect, how they can use it and how long they can retain it. Compliance requires significant investments of money and time that limit firms’ abilities to address strategic questions.

Maintaining consumer trust

A poll conducted in April 2018 found that only 20% of US consumers fully trust large companies to protect their information, while 73% believe that companies put profit ahead of their responsibility to protect consumers’ information. The consequences of this lack of trust are significant. To maintain trust, insurers are communicating more clearly to customers what data a firm collects and how it uses that data. Research and business experience show that privacy is a deeply personal concept that is significantly dependent on context. Regulation, by contrast, often treats privacy as a cognitive issue, regarding consumers as rational actors deciding when and how to barter access to their information. 

The definition of privacy has to start with the individual — a sense of what’s theirs and what they are comfortable with. These are emotional, subjective and individual issues, so it is extremely challenging to regulate, responding to individual perception and emotions
IGLN Summit participant

Navigating evolving norms

There is an inherent tension between maximizing insights and opportunities that can be generated from personal data and protecting individual privacy. Businesses must make trade-offs and recognize that data can be a liability as well as an asset, given the costs of protecting data and the legal, reputational and financial risks associated with failing to protect it. Leaders need “to make hard-nosed business decisions about the risk versus the benefit” of retaining data.

Building the right systems and processes

Insurers are creating systems, processes and procedures to derive meaningful insights from their data. In practice, this is not easy. Many organizations recognize that data is an extremely valuable asset yet struggle to capitalize on it because they lack the necessary infrastructure and internal capabilities. 

It’s not sexy — the shiny penny is artificial intelligence, but AI is being held back by the need to modernize data management processes and practices.
IGLN Summit participant

Inadequate systems and procedures for data can be more challenging than regulation or consumer mistrust. Organizations need to master data management and data engineering tasks before they can capitalize on emerging technologies. One participant said, “Data is the raw material and it is not being managed in a way that prompts speed to market.”

woman virtual shopping Japan
(Chapter breaker)

Chapter 3

Privacy and data governance command executive and board attention

Organizations are increasingly building privacy into their strategic decisions and product design.

A growing number of boards are paying closer attention to privacy and data governance, and companies are developing more robust organizational structures and reporting procedures around privacy. Insurers are also increasingly integrating privacy considerations into business decisions and product design. Organizations often lacked clear executive ownership for privacy, but structures and roles are now evolving. Insurers are increasingly assigning privacy and data governance to a single executive owner with significant clout, and some are developing more cross-functional collaboration to manage issues of privacy and data governance.

We need somebody who is not only playing oversight and traffic cop in implementing data management processes, but also someone who puts their hands on the wheel.
IGLN Summit participant

Participants described the challenge of transforming a compliance-oriented approach into one where privacy informs decision-making throughout the organization. Even with a dedicated executive owner, an emphasis on privacy and data protection must be infused across the organization.

Making privacy a board-level issue

The board’s role in privacy and data varies considerably from company to company. Nonetheless, privacy is moving up the risk agenda and commanding more board attention. Privacy leaders and executives are increasingly reporting to the board. Although privacy risks are sometimes regarded as an element of cybersecurity, one participant said, “Privacy has gone from being a bullet on the enterprise risk dashboard to a headline program.”

Another agreed: “We are treating privacy as more of a stand-alone issue that gets reported to the board — how we go to market and make communication adjustments to customers. We are not there yet but are in the first generation of thinking through it.”

Building privacy into business decisions

Restrictions on the use of collected data need to be recognized early in product and business planning, and the implications of privacy concerns need to be made explicit. One participant noted, “Boards may not be fully aware of the constraints on data, so calculated returns on investment for projects are likely to be off.” In general, senior leaders are asking for privacy impact assessments.


Insurers now understand more of the opportunities and challenges around collection and use of data and the tensions between the strategic use of data and the need to protect users’ information, respect their privacy, and gain their trust. In the words of one participant, senior leaders should “start to focus their questions on information culture and what we are doing to ensure innovation around information. That can lead to a robust and informed conversation about whether you are maximizing or wasting your most important asset.”

This article is based on the Viewpoints from the recent meetings of the Insurance Governance Leadership Network and aims to capture the essence of network discussions and associated research.


Regulation and customer expectations around privacy and data governance standards are increasing. Insurers must have the systems, people and governance in place to meet these standards and ensure data privacy is considered in all business decisions.


About this article


Tapestry Networks

Professional services firm

Tapestry Networks creates an environment where leaders learn from one another, explore new ideas, and collaborate to solve problems.