Personal Information and Privacy Requirements
Although telematics devices do not currently have the capability to identify who is driving a vehicle at any particular time, in many circumstances (for example where a vehicle has only one listed driver), the data collected by the device may reasonably be assumed to be about that individual, with the result that the data is personal information as defined in PIPEDA. However, FSCO has taken the position that telematics data should be treated as personal information even if it is not about the driving behaviour of any one identifiable individual.
Personal Telematics Data: Insurer Transparency and Consumer Consent
UBIP programs must be voluntary and enrollment must include the express, informed consent of the policyholder to the collection, use and disclosure of personal information by the insurer or third party provider. Any personal information collected through a UBIP program, or its accompanying devices or software, should not be disclosed to any other party unless expressly consented to by the person or as required by law.
Drivers should be able to enroll in a UBIP program without being required to share their personal information for non-UBIP purposes (e.g., marketing, offering of additional services such as vehicle location services or assistance in emergency situations).
Insurers should, where possible, facilitate drivers using their personal UBIP data for the purposes of entering into a contract with another insurer including enrolling in another insurer’s UBIP program.
A consumer’s enrollment in a UBIP program involves the
agreement by the consumer and insurer to additional legal rights and
obligations outside of those in the standard auto insurance policy. In Ontario the mechanism for amending the standard auto policy
is by way of an endorsement form which must be approved by the Superintendent.
Insurers may also be required to provide the Superintendent with any advertising or promotional material proposed for use in relation to their UBIP programs to ensure that it is clear, fair and not misleading.
Insurers must be sure to provide adequate customer service support and outline appropriate mechanisms, enquiry management, and resolution systems to respond to customer questions, concerns and disputes.
Driver Education and Transparency in Rating and Risk Classification Systems
To encourage safe driving and ensure transparency, it is important that the rating model for a UBIP program be clearly communicated to the consumer at all times, beginning prior to enrollment and continuing through to each policy renewal. The impact that a consumer’s driving data has on the premium must be clearly articulated including a clear explanation of how to qualify for a discount, the period being measured to calculate the discount, the maximum or minimum of that discount, and regular feedback on driving habits to the consumer.
Changes in Rating
Consistent with the existing policy renewal process in Ontario, any change in rating on a policy must be done in accordance with s. 236 of the Insurance Act.
Limitations on Collection and Use of UBIP Data for Insurance Purposes
UBIP programs, including program-provided devices and applications, should collect and use UBIP data solely for discount-setting purposes, and not to decline, cancel or refuse to renew risks or to confirm rating criteria currently used.
General Rate-Filing Information
Any UBIP program must be filed and approved by the Superintendent.
It is recognized that there may be no Ontario-specific data to provide
in a filing. However, FSCO is supportive of innovation
and, as with other rating factors new to the market, is willing to
review data and the amount of the discount charged in other
jurisdictions.UBIP-related rates and risk classification system elements
must be just and reasonable and otherwise satisfy the statutory
standards applicable to all rates and risk classification systems.
UBIP Program Costs and the Impact on Insurer Expenses
To encourage drivers to participate, insurers should cover all costs of enrolling in a UBIP program including the cost of any device installation and any ongoing costs of operation or maintenance. Insurers must clearly demonstrate the up-front or start-up costs associated with developing and introducing a UBIP program, as well as all ongoing maintenance and other expenses associated with offering the program, including but not limited to all costs associated with the UBIP device, data transfer and analysis, marketing and any third party provider contracts.
Reasonability of UBIP assumptions and the provision of adequate support
Proposed UBIP models may first be reviewed and approved by FSCO in principle, following which an insurer would make a formal filing for Superintendent’s approval. Approval of the filing could be made conditional on further filings being required at scheduled intervals to provide the necessary continued support for the UBIP rating system.
General Data Considerations: accuracy, security, storage, at termination
Before any UBIP data is used for rating purposes, reasonable efforts must be made to ensure that the data is accurate.
Insurers must also ensure that the data capture, transmission and analysis are all done within a secure environment.
Insurers and third parties should delete or anonymize personal information once there is no clear business need to retain the data.
Insurers must ensure that no further data is received or accessed after a consumer terminates participation in a UBIP program or terminates the policy.
Roles and Responsibilities: Insurers and Third Party Providers
FSCO expects that insurers will have written contracts with each third party provider to confirm:
- the provider’s ability and commitment to ensure a level of personal information protection equal to or greater than that expected of the insurer, and to comply with all applicable laws and regulations,
- that the service provider has the required service capability, and
- that succession issues are addressed to ensure a smooth transition when ending or varying an agreement with a provider.
No comments:
Post a Comment
Comments are welcome on this blog. However, comments will be moderated and inappropriate and anonymous comments will not be posted. If you wish to have your comments posted please identify yourself. No advertising will be permitted.