The Cambridge Analytica scandal often termed as the “biggest data breach in history” as the firm is accused of harvesting private information from Facebook. Whistle blower and founder Christopher Wylie testified before the UK parliament that the firm had worked in India and the Congress party was one of its clients.
Vulnerabilities in the system
In response to the minister of electronics and information technology’s inquiry to Facebook the company informed the Indian government that data of 5.6 lakh Indians may have been compromised due to the breach, revealing the true expanse of the same. SCL, the parent company that owns Cambridge Analytica, had several projects in India, including Uttar Pradesh (2012, 2011, 2007), Bihar (2007), Kerala (2007), West Bengal (2007), Assam (2007), Jharkhand (2007), Madhya Pradesh (2003), Rajasthan (2003) and 2009 National Elections and had a database of 600 districts and 700 villages in India.
An old project deck revealed that the company helps “clients to identify target key groups” and “influence their behaviour to obtain a desired outcome.” The scandal brought to light the vulnerabilities of the personal data system we have in various industries highlighting that nobody is truly protected.
One of the main criticisms that emerged in the aftermath of the scandal is that Aleksandr Kogan, the academic from Cambridge University, who obtained this data and exploited users could have never been able to do so if Facebook had better consent settings. People were infuriated by the fact that not only did Kogan get access to information about the users who downloaded his app, but also gained access to information about their friends and family.
However, the fact remains that consent has now become a formality in the data age today. We don’t even glance over the terms of conditions and consent and blindly agree to them when we sign on to services, contracts and schemes. While most people were shocked at the vulnerabilities of the consent mechanism protecting our private data, these terms and conditions are usually quite comprehensive in detailing the risks to our data and the information we are sharing.
Consent in modern day data security has been reduced to “take it or leave it” contracts, and shouldn’t be the only line which protects us from data misuse. Data protection experts instead advice for an audit based system, where our autonomy can be preserved. Consent no longer serves the purpose of protecting our personal data and in fact, several experts recommend doing away with it entirely and instead introducing a private data protection law, whereby, the personal information shared by users can be protecting by an overarching general set of rules and guidelines that companies must follow. Given the extent of data we share with companies online, it is paramount to develop a privacy law that helps customers feel secure.
Data protection in the insurance industry
The extent of the Cambridge Analytica scandal has shown us how vulnerable we are to data breach in various sectors and industries. The issue of secure data is of even more importance in the insurance industry as we often buy insurance online and insurance companies have information to very personal information for purposes of underwriting, fraud prevention and claims management, amongst other things. However, in a sigh of relief for users, often insurance companies are the most cautious about such vulnerabilities to your data and prioritise data protection and safety before anything else.
Insurance companies such as Aegon Life, which offers a variety of web based services to help customer service, including web based premium calculators, quotes for life insurance services make cyber security a key priority. The company also offers various tax calculators which requires customers to input sensitive and personal information. However, customers do not have to worry as data breaches in the insurance industry are low as companies need to ensure data is highly protected to maintain and retain customers, as well as protect their profitability. Additionally, if insurance companies do not prioritise data security, they are also at legal and regulatory risk as governments highly regulate the terms and conditions with which insurance companies and operate and access data.
As the new saying goes “with big data comes big responsibility.” While, the technological information and immersion into the insurance industry has made it extremely efficient, user friendly and dynamic, allowing them to provide services to customers that are tailored to their needs, it also holds a huge amount of their personal data. Insurance companies worldwide prioritise cyber security and personal data protection to ensure their data is secure and safe.
Advt. no.: IA/Jul 2018/4258