Regulator to draft data security standards for insurance sector

The insurance regulator IRDAI will draw up standards for data security for the insurance industry because of its concerns about the level of security in insurance companies.

IRDAI will form a working group of chief technology officers of insurance companies for this purpose, 

The regulator feels that steps being taken to secure data currently are inadequate, as fraudsters have been able to lay their hands on policy details.

Mr Nilesh Sathe, IRDAI member (life), said that there is evidence to show that there is data pilferage in the insurance sector. "We are receiving complaints of spurious calls where policyholders are being asked to surrender their existing policies and get new ones. These calls cannot take place without details of the insured and the policy details," he said. There are also instances of agents getting policy details of vehicle owners and their motor insurance policies.

IRDAI's data security plan is part of its move to draw up a comprehensive cyber security guideline for the insurance industry.

Earlier this month, IRDAI said that a working group each for the life and non-life sectors, including health, is to be formed to deliberate and decide on the issues related to cyber security.

The working groups will submit recommendations by March 2017 for a broad cyber security framework, to mitigate internal and external threats to insurers; suggest the scope for enhancement of measures against cyber fraud; and propose measures to improve business continuity and disaster recovery.

IRDAI also wants the groups to come up with suggestions for effective and comprehensive cyber security audit related processes.

In addition, the working groups would look at the need for specific legislation relating to data protection and privacy as well as the implications of legal risks arising out of cyber laws.