data protection indian insurance regulations

In the first part of this two part series we discussed about the regulatory frameworks governing insurance companies and insurance intermediaries. In this part we will look at the guidelines applicable to both insurance companies and insurance intermediaries which includes cyber security and ecommerce guidelines.

Guidelines Applicable to Both Insurance Companies as well as Insurance Intermediaries

In addition to the previously-mentioned regulations, the IRDAI has also issued certain guidelines pertaining to data security and protection that are applicable to both insurance companies as well as insurance intermediaries. These are the Guidelines on Information and Cyber Security for Insurers[i] (Cyber Security Guidelines) and the Guidelines on Insurance E-Commerce[ii] (E-commerce Guidelines) and have been discussed below.
Continue Reading

 Data Protection in the Indian Insurance Sector – Regulatory Framework Part I

A shift towards digitisation has been the central theme for the insurance industry in recent years. Digitisation lowers the cost of transacting business, helps increase penetration, and brings higher efficiencies. However, the convenience of digitisation brings with it concerns related to data protection.

The Information Technology Act, 2000 (IT Act) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules) set out the general framework with respect to data protection in India. However, given the nature of the business of insurance companies and intermediaries, the Insurance Regulatory and Development Authority of India (IRDAI) has prescribed an additional framework for the protection of policyholder information and data, which is required to be followed in addition to the general framework under the IT Act.
Continue Reading