Connecticut Insurance Department Issues Guidance on Big Data Use by Insurers

April 15, 2021
Hinshaw Privacy & Cyber Bytes

The State of Connecticut’s Insurance Department (Department) has issued a Notice reminding all entities and persons licensed by the Department to use technology and Big Data responsibly and transparently and in full compliance with Federal and State anti-discrimination laws.

In light of the potentially transformative nature of Big Data, the Department reiterated regulatory concerns with regards to the following three general topics:

  1. Internal Data Deployment: How Big Data is utilized by insurers as a precursor to or as a part of algorithms, predictive models, analytic processes, data gathering, product design, marketing, distribution, management, rating, underwriting an claims activities regardless of whether parties are using their own algorithms, and/or processes or have purchased or contracted for joint development of algorithms, models, or processes from third-party developers or vendors.

    The Department defined the Big Data ecosystem as wide, varied, and rapidly evolving from a diversity of sources, including consumer intelligence, social media, credit and alternative credit information, retail history, geographic location tracking and telematics, mobile, satellite, behavioral monitoring, psychographic, biographic, demographic, and firmographic data, sensors, wearable devices, and RFID.

  2. Internal Data Governance: Governance of Big Data throughout the precursor to its usage within the insurance industry, where such data resides and is used within the insurance industry, and how such data subsequently moves into industry archives, bureaus, data monetization mechanisms, or additional processes within or beyond the insurance ecosystem.

    The Department also emphasized the importance of data accuracy, context, completeness, consistency, timeliness, relevancy, and other critical factors of responsible and secure data governance.

  3. Risk Management and Compliance: How Big Data algorithms, predictive models, and various processes are inventoried, risk assessed/ ranked, risk managed, validated for technical quality, and governed throughout their life cycle to achieve the mandatory compliance.

As a result of the transitory nature of Big Data usage, the Department offered guidance providing examples of the types of information that it may request during the course of examinations specific to the usage of data brokers, with an explicit focus on data source, storage, curation, and documentation.