The Insurance Council of Australia (ICA) has responded to a discussion paper by the Attorney-General Department on potential changes to the Privacy Act, outlining areas where it may have an impact on the industry.

ICA says it agrees with the exceptions made for right to erasure of personal information proposal, one of several recommendations listed in the discussion paper.

The exceptions include situations where the personal information relates to a child and erasure is requested by a child, parent or authorised guardian; the entity is required by or under an Australian law, or a court/tribunal order, to destroy the information, and the personal information has been collected, used or disclosed unlawfully.

But it suggests that any “right to erasure” would need to be carefully considered and worded so as not to impact legitimate business purposes that do not materially impact on privacy concerns.

“The proposal for a consumer right to erasure would not extend to situations where the information is needed for the performance of a contract or in ongoing litigation,” the ICA submission said.

ICA identified some examples where potential impacts could arise from overly broad wordings. These include risk mitigation activities where insurers may use information as part of risk management/mitigation activities.

“A right to erasure could create obligations to cease use of this material, however de-identified, and attempting to identify where it has been used some time later may be very difficult,” the submission said.

ICA says reinsurance is another example, pointing out insurers often seek reinsurance to mitigate against their own portfolio risks. For some product lines, the reinsurer may require insurers to provide information about high value claims.

In the examples cited, there is no material impact on privacy concerns but they “clearly illustrate” the potential business impacts arising from overly broad wordings, ICA said.

“Consumers should be given clear advance notice of the impacts of erasure,” the ICA submission said.

“For example, it could limit the ability for the insurer (or other entity) to provide information to the customer in future.

“Alternatively, erasure of data could also limit the insurer’s ability to perform other tasks that may otherwise be to the benefit to the consumer such as remediation.”

ICA says clear advance warning would enable consumers to make informed decisions.

It also further recommends that more detailed consideration is needed on operational questions such as who will have the right to apply for erasure of information.

ICA says for the insurance industry, data is a crucial input to identifying, measuring and pricing risk and paying claims made by customers.

“Data is used in all facets of the insurance product life cycle including product design, underwriting and claims handling,” the submission said.

“Any proposed changes to privacy regulation will need to consider real-world impacts and should be tailored in such a way as to effectively address clearly identified problem statements.”

Click here for more from the submission.