At a recent insurance seminar, Maria Philippides, director at law firm Norton Rose Fulbright, raised the question of whether an insurer could use information collected from your social-media posts to assess your risk profile and verify claims, which highlights the fact that we give up our right to privacy when we take to social media.
According to Philippides, big data, which is made up of all the public information available about us, provides companies with a great deal of information about their clients. They can assess where we shop, where we drive, what medication we take and how much we exercise. When we sign up for loyalty or incentive programmes, this is effectively the information we hand over. When we start posting on social media, that information moves quickly into the public domain and we have very little control over its dissemination.
Although much of this information is available to insurers, South African law does apply certain limits. Philippides says the Equality Act prevents an insurer from unfairly discriminating against someone based on gender, pregnancy or age, for example, “so an insurer can only use big data to tailor-make usage-based, on-demand and object-specific insurance products that are specifically targeted to individual lifestyles and activities”.
What this means is that, if the information the insurer collects on you shows that you are a low-risk client, they can offer you a reduced premium as an incentive to sign up with them. As the use of big data becomes more widespread, we can expect insurance companies to start directly targeting low-risk individuals by offering better premium rates to entice them to make the switch.
“Insurers face a balancing act where they can use data to differentiate, but they have to be cognisant of the principle of pooling risk,” says Philippides, who argues that, while an insurer cannot decline an application or load a premium using big data, they can by law use the information to decline a claim if fraud is suspected.
She uses an example of a South African short-term insurer that declined a claim after its client had a car accident because it found a post on social media by the client’s teenage son. The post showed a picture of her BMW after it hit a tree, along with the caption: “Crashed mum’s BMW after a night on the town, but don’t worry it’s insured.”
Unfortunately for the mum, she lied about who the driver was that night and how the crash happened, so the claim was rejected.
In a case in the US, a woman’s claim for a lost wedding ring was declined when a photograph of her wearing the ring was posted on Facebook after she made the claim.
So, where is the line between private and public information? Do insurers have the right to use information on people’s personal social-media accounts to refuse a claim?
Philippides believes the law is on the side of the insurers as the Constitution states that “every person has the right to access information held by another when that information is required for the exercise or the protection of rights”.
Philippides argues that the insurer has the right to protect itself against fraud.
She adds that, under the Protection of Personal Information Act, this information can be used if you have given the insurer your consent.
“In most insurance policies, the client agrees that, when they submit a claim, they will provide all proof and information relating to the claim, so consent is implied,” says Philippides, although she emphasises that the insurer still needs to follow due process when dealing with a claim – the insurer must obtain consent to investigate a claim fully and analyse factual and medical information first.
Information in the public domain is to be used to substantiate the information provided, and the insurer is obliged to ensure clarity, authenticity and accuracy of the information.
While companies have a duty to use data responsibly, the reality is that, when you use a smartphone or sign up for a loyalty programme, you no longer have the complete right to privacy.