Primer on IRDAI Information and Cyber Security Guidelines 2023

Introduction

On September 14, 2023, the Insurance Regulatory and Development Authority of India (“IRDAI”) set up an inter-disciplinary standing committee on cyber security, tasked with regularly reviewing the threats inherent in the existing or emerging technologies and suggest appropriate changes to the IRDAI Information and Cyber Security framework to further strengthen the insurance industry’s cyber security posture and resilience.[1] This is in furtherance to the IRDAI having notified the Information and Cyber Security Guidelines on April 24, 2023 (“CS Guidelines 2023”).Continue Reading Primer on IRDAI Information and Cyber Security Guidelines 2023

Policyholder Data Sharing in India

Introduction

With a vision to transform India into a digitally empowered society and knowledge economy, the Indian government[1] launched the Digital India initiative and mindful of its impact, it has been taking several steps to ensure greater accessibility as well as greater safety around internet based services. This, coupled with heightened internet based services and digital connectivity,[2] led the government to launch several digital services[3] and some are remarkably successful – these range from unified payments interface (UPIs) to DigiLocker[4]. According to India Brand Equity Foundation, the rising use of UPIs strongly indicate that more and more people in India are adopting a digital lifestyle[5] – UPI saw its highest ever number of transactions in April 2022 at 5.58 billon, amounting to INR 9.83 trillion. DigiLocker hit the mark of 101 million users on March 19, 2022, evidencing the adoption and success of this initiative[6].Continue Reading Policyholder – Data Sharing in India – Time for Consent – Based Regime?

data protection indian insurance regulations

In the first part of this two part series we discussed about the regulatory frameworks governing insurance companies and insurance intermediaries. In this part we will look at the guidelines applicable to both insurance companies and insurance intermediaries which includes cyber security and ecommerce guidelines.

Guidelines Applicable to Both Insurance Companies as well as Insurance Intermediaries

In addition to the previously-mentioned regulations, the IRDAI has also issued certain guidelines pertaining to data security and protection that are applicable to both insurance companies as well as insurance intermediaries. These are the Guidelines on Information and Cyber Security for Insurers[i] (Cyber Security Guidelines) and the Guidelines on Insurance E-Commerce[ii] (E-commerce Guidelines) and have been discussed below.
Continue Reading Data Protection in the Indian Insurance Sector – Regulatory Framework Part II