A shift towards digitisation has been the central theme for the insurance industry in recent years. Digitisation lowers the cost of transacting business, helps increase penetration, and brings higher efficiencies. However, the convenience of digitisation brings with it concerns related to data protection.
The Information Technology Act, 2000 (IT Act) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules) set out the general framework with respect to data protection in India. However, given the nature of the business of insurance companies and intermediaries, the Insurance Regulatory and Development Authority of India (IRDAI) has prescribed an additional framework for the protection of policyholder information and data, which is required to be followed in addition to the general framework under the IT Act.