ProtectionMay 28 2021

Protection products are gaining popularity, but pose data concerns

twitter-iconfacebook-iconlinkedin-iconmail-iconprint-icon
Search supported by
Protection products are gaining popularity, but pose data concerns
Pexels / Pixabay
comment-speech

Over the past couple of years, technology has enabled a radical evolution of the benefits life insurance products deliver to consumers. 

Historically, insurance was something people hoped they would never need to use, as invariably this meant some form of catastrophe had happened.  

But modern protection products offer far more and provide a range of features that can benefit consumers on a day-to-day basis. 

The pandemic has highlighted the benefits of many of these features as the NHS is under unparalleled pressure. 

Features like remote GP services, mental health support, and even annual health checks using finger-prick blood tests give access to primary medical care more quickly and conveniently than it is available from the NHS, while their resources are under considerable strain.  

Having a range of such services, available typically via mobile apps, enables far more regular interaction with insurers and can re-enforce the value customers receive from their plans. 

While overall these products are making life insurance far more suitable for the needs of modern consumers, we do need to be careful that in deploying services promptly we are not putting customers at risk. 

Previously, insurers would contact life insurance customers at most once a year with an annual statement, and many did not even do that.

This means that comparison of products on the basis of price alone is no longer a valid differentiation. Indeed, since the Financial Conduct Authority modified their rules in November 2018 to align with the Insurance Distribution Directive, both advised and non-advised sales are required to include an assessment of suitability based on more than just price. 

It was Vitality who really got the ball rolling in this area, and still to this day offers far more than just about any insurer by way of added-value services, with its comprehensive health and fitness proposition that can provide discounted food, free coffee and even an Apple Watch to customers who exercise regularly.  

Most other insurers have included some added-value services but to date, at least in the UK, no insurer has matched them on health benefits. 

Elsewhere in the world, however, this is starting to happen, and I expect more insurers to take this course going forward. I believe it is a matter of when, rather than if. 

Data risks

While overall these products are making life insurance far more suitable for the needs of modern consumers, we do need to be careful that in deploying services promptly we are not putting customers at risk. 

In this context I have concerns about many virtual GP services. Many contain a serious flaw that exposes users to considerable risks of loss of confidential personal data. 

Rightly, the services usually give the user the ability to notify their NHS GP of the discussion with a virtual GP.  But, in most cases I have seen, this sensitive medical data is sent as an unencrypted email.  

Many systems actually warn the user it is not wise to send information this way and actually disclaim responsibility for any loss as a result, but do not offer an alternative secure way to send the information.

I find it worrying that businesses see this risk and warn people about it but nonetheless are effectively encouraging them to do it anyway. If those building the services recognise the risk, rather the warning about it, why not fix it? 

Usually these services are provided by an outsourced third-party supplier, but invariably they will carry the insurer’s brand. 

Such a supplier may be able to get away with this because they are not FCA-regulated, but is encouraging risky behaviour responsible? 

Thinking about an individual’s obligations under the senior managers and certification regime, could whoever signed this off at an insurer face very difficult questions from the FCA? 

Rightly, the services usually give the user the ability to notify their NHS GP of the discussion with a virtual GP.  But, in most cases I have seen, this sensitive medical data is sent as an unencrypted email.

There are also significant potential brand reputation risks to consider; we do not need stories in the consumer media about ‘my insurance company’s app lost my sensitive data’. 

Such issues do appear something of a problem with insurers. I am aware of a health insurer who also collects extensive data from customers, but again does not supply a secure mechanism for its transmission.  

There is no question that providing additional benefits to complement protection products is having a very positive impact with consumers. The more they engage with their insurers via these services the more they will value their policies.  

That said, there is an urgent need for the protection industry to do more to digitise. The FCA’s recent feedback statement 21/7 on open finance makes it clear that there will be a regulatory requirement for businesses to supply data in line with the open banking consent model, by supplying data to a range of trusted third-party services. 

Advice businesses can deliver such trusted third-party services as part of the way they present holistic financial advice. 

To truly address the protection gap, we need to persuade consumers that the policies they hold are just as valuable to their everyday lives as the coffee they buy or their on-demand media. Providing information is crucial to achieving this. 

Ian McKenna is founder of FTRC and AdviserSoftware.com