At the recent Elets BFSI Insurance Innovation Summit & Awards, S.V. Sunder Krishnan, Chief Risk Officer at Reliance Nippon Life Insurance, shared critical insights into the evolving regulatory challenges and security measures within the insurance sector. His discussion highlighted the immediate and future impacts of the Data Privacy and Protection (DPDP) Act on insurers.
He recounted an incident where data leakage occurred not from the insurers themselves but from a third-party training vendor, prompting an inquiry from regulatory bodies. This event underscored the importance of robust data management and security practices, especially as they relate to third-party vendors.
The Impact of DPDP on Insurance With the introduction of the DPDP Act, the definition of personal data has significantly broadened, encompassing all data related to an individual, which poses unique challenges for data handling and compliance. Krishnan emphasized the potential for severe financial penalties under the new act, which could escalate to hundreds of crores, illustrating the act’s emphasis on stringent data governance.
Vendor Management and Compliance Challenges
The discussion highlighted the critical role of vendor management in compliance strategies. Insurers must ensure that their vendors not only comply with high standards such as ISO 2701 but also share the responsibility for data breaches. This aspect of compliance is particularly challenging as the responsibility for leaks often extends beyond the insurers to their vendors.
Regulatory Environment and Industry Comparisons
Krishnan compared the insurance sector’s regulatory environment to that of the banking sector, noting that while banks have advanced in their cybersecurity practices, the insurance industry is swiftly catching up. Recent implementations of the NIST framework and specific cyber audits are examples of how deeply cybersecurity norms are now embedded in insurance operations.
Future of Data Management and Regulatory Compliance in Insurance
Looking forward, Krishnan spoke on the development of industry-specific regulations that may occasionally conflict with the broader DPDP requirements. He discussed the practicalities of data management, such as how long data should be retained and the complications arising from customer requests for data deletion, which are not always legally permissible.
Also Read | Data Protection and Privacy: Imperative to Leveraging Cloud for Enhancing CX
S.V. Sunder Krishnan’s insights from the conference illuminate the complex landscape of regulatory compliance and data security within the insurance sector. As the industry continues to adapt to new regulations, the focus on enhanced cybersecurity measures and robust vendor management will be critical. The next few years will be pivotal in shaping how the industry protects customer data while complying with increasingly stringent regulations.
Elets The Banking and Finance Post Magazine has carved out a niche for itself in the crowded market with exclusive & unique content. Get in-depth insights on trend-setting innovations & transformation in the BFSI sector. Best offers for Print + Digital issues! Subscribe here➔ www.eletsonline.com/subscription/
