By Kish Galappatti, Data Privacy Engineer at Privitar

As GDPR and many other regulations come into play, the conversation about data privacy is coming to the forefront. If your organization is like most enterprises, you’re probably already thinking about securing data and ensuring privacy. But now you need to start thinking about data privacy specifically from a regulatory point of view. In the insurance sector, I think you can start thinking about data privacy as something that can actually enable innovation, rather than a challenge that’s slowing down the adoption of data use and analysis within organizations.

Step 1: Incorporate Privacy

Data Privacy by Design means incorporating technologies, processes, and behaviors, when we process the world’s personal data. Privacy is built into the processing of data – by design. When we do this, we can open up access to data sets, and change how we think and analyze data. So how do we get there? Companies need to move beyond the compliance stage and on to the best practices stage. This is my favorite stage, because at this point your company can think about all of the different uses of data within the organization, and all the different use cases that they have within the organization, and centralize how you can embed privacy into those use cases, and into how you use those data sets.

Step 2: Unlock Your Data

And once you’ve done that, you’re ready to unlock all the data you’ve collected within your organization, data you never thought you’d be able to use at all, because it was just too sensitive, too risky, to use that data. Privacy by Design empowers you to start innovating with those data sets, with those use cases. So we can then move into where privacy’s actually becoming an enabler, and it’s unlocking data sets as well. This is where your organization starts to gain real value by being data centric and using data, and getting great insights from data.

Step 3: Think About Privacy Techniques

When you’ve got a data-centric culture down pat, you are probably starting to think about using different techniques for privacy, and that’s great. A few ways you can enhance the privacy of data as you’re using them include:

Now you’re really thinking about how to use these fundamental building blocks of data privacy to apply them to use cases within your enterprise.

Step 4: The Bigger Data Privacy Picture

Applying different kinds of privacy techniques is clearly a very important step, however, frequently we find that using these techniques in a “one-size fits all” type of approach leads you astray a bit. Basically, it creates a false safe feeling that everything’s fine, but there are actually gaps in that strategy. That’s because you’re probably not using the best techniques, or the best mix of techniques for what you’re trying to do with that data, from a use case perspective. And that’s where you really need to move beyond just using privacy techniques in specific cases to having a more comprehensive privacy strategy. You need to build a plan where you’re thinking about how to centralize all these data sets and how to build the policies for how to use this data for different use cases.

Once you’ve applied the privacy techniques onto your data sets, you need to think about how to safely distribute those data sets. Naturally, you want to make sure that they’re fit for what you’re trying to use them for. But because they’re independently distributed to the different people in a value chain: the carriers, the brokers, and many different stakeholders. If you have to share data across these different stakeholders, it’s important to minimize the data that you’re sending, that it’s fit for purpose, and that you use the right techniques. And another important consideration about these data sets – you need to be sure that they can’t be stitched together to form a picture. Taken separately, these data sets may preserve privacy, but put together, it might be possible to identify individuals in them. So you need to be careful about how that linkage between data sets works as well.

Step 5: The Policy-Based Approach

And that’s where we want to move into the policy-based approach, where we have centralized privacy policies that encapsulate all of the different data sets within our enterprise. This policy set encapsulates all of the different ways that we’re trying to use those data sets, all of the use cases. That enables us to control what policies we apply to those data sets and use cases, and build strong auditing and governance of that whole infrastructure.

Step 6: Automate Your Policies

Automation allows enterprise to be agile when it comes to managing safe data. This is important because you want to deliver data quickly so that it can be used for analytics and other use cases. Also, automation makes the process of managing safe data consistent and less error prone. Automation will really enable a policy-driven approach to safe data management because it will produce consistently safe, usable data sets at scale. As I mentioned, there are a lot of participants in the insurance value chain, and automation can ensure that all these participants can share safe data that was previously too sensitive to use. This will lead to innovation that is enabled by data privacy.

How Can The Insurance Sector Innovate Better With Data?

In the insurance industry, as we all know, there’s a lot of sensitive data. There are also many different players that need to access and use that sensitive data within the insurance value chain. By enabling transparency of how that data is used and providing auditing and data governance around the usage of all that data is critical – both in terms of being compliant with regulations, ensuring that the liability and the risk to your organization is kept to a minimum. But, more importantly in my mind, a policy-based approach allows your organization to be transparent with the end consumer, your customer. This helps you to retain their trust that you’re using their data in a way that it’s protected, but you’re also using it for a legitimate, appropriate purpose. More and more organizations are seeing value in providing that transparency to the consumer.

In the insurance industry, much like banking, there are a lot of smaller insure-techs that are shaking up the industry by using data. Artificial intelligence (AI) and machine learning (ML) are certainly providing very innovative new products in the insurance space, and that’s a trend I expect to continue. The larger insurers are going to have to adapt to that model and start doing business in a more data-driven way. The need to compete with the data-driven insure-techs is going to drive more insurance companies into using privacy techniques so you can get the maximum utility out of your sensitive data, while preserving privacy.

Watch on demand: Accelerating safe data provisioning for Analytics and Machine Learning