Insurance providers that practice data governance focus primarily on data related to structured policy, claims, underwriting, and finance. These types of data are fundamental to the business with respect to claims processing, risk assessment, and policy administration and pricing. At the same time, most insurance organizations overlook effective data governance for both unstructured and third-party/external data. According to a study by Novarica[efn_note]Data Governance: Current State, Objectives, And Challenges, Novarica, October 2019[/efn_note], only 15% of survey respondents indicated that unstructured data from documents and internal systems are part of the data governance program in their respective organizations. As a result, the lack of a comprehensive data governance strategy represents missed opportunities for the insurance industry.
Transform Insurance Operations by Utilizing the Universe of Available Data
External and sensitive data can offer risk-differentiating insights that lead to a significant improvement on the loss ratio. For example, in the small business segment of the Property and Casualty (P&C) insurance market, underwriting has been increasingly challenging, as many small business risks are loss-free and mostly look the same based on the meager information provided in standardized application forms. The good news is that the use of external and sensitive data has served as the leading indicator that paves the way for better underwriting of small business risk. Depending on the different insurance lines, external data sources such as the following can be highly predictive of loss:
However, the enforcement of privacy regulations such as GDPR in Europe, LGPD in Brazil, CCPA and NYPA in the US, and more to come across the state, federal, and international level, has become a major driver of insurers’ data governance strategies to control the use of sensitive information. The privacy mandates formalize insurers’ responsibility for the use of high-value sensitive data as a resource for analysis. Insurers require improved identification and access control of all sensitive data, of which personally identifiable information (PII) is only a subset. A comprehensive data governance solution that encompasses the following aspects would serve the need of understanding the existence, classification, usage, location, and protection of sensitive data:
- Automated data discovery to detect sensitive data for proper classifications
- Granular access controls based on usage, roles, and attributes
- Scalable data masking and encryption to protect PII and other sensitive information
Conquer Your Data Access Governance Challenge with Privacera
At the prime intersection of data privacy, security, access control and governance, Privacera is the data access governance platform that liberates secure data sharing to the universe of available data across all your data environments. Built by the same team that developed Apache Ranger, a proven centralized policy administration that manages security policies across the compute engines of Hadoop data lakes, Privacera has extended Ranger’s foundational access control capability to cloud services and emerged as a leading access governance platform built for the cloud. Integrating data discovery, access control, anonymization, and encryption capabilities in one, Privacera delivers the most comprehensive data access governance platform that empowers:
- data administrators to discover, define, and enforce data access policies across heterogeneous cloud and on-premises data services from a single interface
- data security staff to increase protection for zero-trust networks and reduce risk of data breaches
- data consumers, such as business analysts and data scientists, to quickly access reliable and trusted data for analytical projects and innovation initiatives
- data privacy officers to gain a centralized view of sensitive data across the organization to ensure enterprise-wide privacy for data regulations such as GDPR, CCPA, LGPD, etc.
Case Study: Sun Life Enables Advanced Analytics Without Compromising Data Security
Sun Life, one of the largest global life insurance companies, had a vast amount of on-premises and cloud data stored across its AWS infrastructure (S3 and EMR) that contained sensitive customer data and personally identifiable information (PII). When Sun Life initiated its on-premises to cloud data migration, Privacera Platform offered the insurer a seamless way to leverage its existing Apache Ranger investments in the cloud, securely migrate data without exposing sensitive elements, and implement consistent fine-grained data access controls across its EMR and S3 environments from a single, centralized location.
Sun Life was able to use Privacera for data management, access control, and compliance to process 500,000 requests per day across 200 Amazon EMR nodes. In particular, Privacera helped Sun Life deal with two security access issues that impacted the company’s analytics efforts. First, Privacera created row-level access policies that allow authorized users full access to the database and others limited access according to their clearance level. “Enabling row-level access simplified our data management without compromising security,” said Don Geukers, Director, Cloud Infrastructure & Operations. Second, while Sun Life is permitted to use large datasets for analytics, the company must ensure that PII, such as name and address, is not generally accessible. Privacera enabled column-level access controls that protect this data from unauthorized access and use.
To learn more about our partnership with AWS, please read our latest customer story.
Closing Remarks
Having secure data access has never been as critical to the insurance industry as it is today. To learn more on how Privacera helps our insurance customers transform their business with secure data sharing, please read our latest white paper.
Learn more about Privacera here, or contact us to schedule a call to discuss how we can help your organization meet its dual mandate of balancing data democratization with security to maximize business insights while ensuring privacy and compliance.