The recent enactment of the Digital Personal Data Protection Bill, 2023, has raised concerns not only among tech giants but also within the insurance sector. This new law introduces strict regulations regarding the use of personal data and imposes substantial fines for non-compliance, making insurers uneasy about its implications.
One of the primary worries for insurance companies is the hefty Rs 250 crore fine set for privacy breaches under this new legislation. Insurance firms rely on approximately 30 lakh agents, ranging from ordinary individuals to highly skilled professionals, who handle sensitive personal data. With no previous legal precedents, insurers fear the possibility of numerous unfounded claims arising.
To address this, insurers will need to establish controls on how personal data is used and ensure they obtain specific consent for each purpose of data processing. The main concern is that agents and other intermediaries often possess customer data that is readily available in the market. In the event of a data breach, customers may file complaints with the Data Protection Board, even if the breach was caused by agents employed by the insurance company. In such cases, the insurance firm could be held responsible for the penalty.
The new law applies to both digital and physical data and encompasses personal data, excluding publicly available information or data required by law. It outlines strict guidelines for companies on how they can use personal information, emphasizing the necessity of obtaining consent from individuals before utilizing their data. Non-compliance with these rules can result in significant fines, potentially reaching up to Rs 250 crore. However, individuals who disagree with a decision can appeal to the Telecom Disputes Settlement & Appellate Tribunal (TDSAT).
Meanwhile, there have been reports that medtech companies are facing challenges in getting their technology covered by certain insurance plans. In 2019, the insurance regulatory authority issued a directive requiring modern medical treatments to be included in insurance policies. However, medtech firms argue that this directive is being interpreted as "covered only if medically necessary" rather than based on patient choice. This interpretation is causing insurance companies to reject technologies such as Robotic-assisted surgeries (RAS).
In conclusion, the insurance industry is navigating the complexities of the new data protection law, with a focus on ensuring compliance and safeguarding customer data. Additionally, the interaction between insurance coverage and modern medical treatments is an ongoing concern that requires careful consideration to meet the evolving healthcare needs of the population.
Source: EconomicTimes
Comments