Privacy by design

Jonathan Buck
Jonathan Buck
Jonathan Buck
April 27, 2020
0 min read
Copy to clipboardLinkedin LogoTwitter logoFacebook logo
Woman talking to team member

What you share, and who you share it with, should be up to you. Here we look at how we design and architect for privacy, and give users control over their information.

It’s not PII

There’s no way it’s PII

It was PII

a twitter data privacy haiku

Without data, what is insurance?

Insurance is an information business. It always has been; in the past, underwriters and actuaries would elicit information from potential customers, and then refer to huge tables to help them decide which risks to cover, and how to set premiums. While this manual work still goes on today in large parts of the insurance world, these days the same process is conducted electronically for the majority of retail insurance products. In order to get a price for something as simple as travel or car insurance, prospective customers are asked to divulge great swathes of information about themselves, their family, their history and assets; and sometimes this includes extremely personal details, such as their medical history.

And it’s not just when policies are taken out that information is the name of the game. The same is true when it comes to claims time, where large quantities of customer information are again requested, pored over, verified, and then filed away.

From the insurer’s perspective, this is understandable: they want to know as much as they can about the risk they’re taking on before coming up with a price. And then before paying out, they want to make sure any claim is legitimate.

But what about all that data? Who will it be shared with? Who will have access to it? How long will it be kept? How securely will it be stored? Might it be sold to third parties like advertisers that will then hound those customers with “relevant offers”?

Privacy is the responsibility of the entire organisation

At many companies, privacy and data security often fall under the remit of a particular person or department, and they get to decide how customer data is managed.

At Open, we believe that rather than rely solely on a small number of experts, our customers’ privacy is everyone’s responsibility. What this means in practice, is that whenever a decision needs to be made about data or privacy, everyone gets to speak up and say what feels right or wrong. Frequently, this results in a healthy debate that influences the decision that is made.

These debates highlight how complex some of the issues are in this space. And while it’s always tempting to codify our stance on a particular topic, when faced with complexity, it tends to be difficult to do this exhaustively. Instead, we try to define and agree on a small set of principles that guide our thinking and decision-making in the space.

At Open, we use 3 core principles to inform data architecture and privacy design

1. Users must be in control

Settings must be carefully designed to put users in control of their data. This means they should not only understand, but also be allowed to choose, what happens to their information, how it’s used and with whom it’s shared. They should always be able to adjust these settings. And, of course, they must also be able to review, amend, and delete information whenever they wish.

2. End-to-end security

We follow the core idea of privacy by design. This means having privacy and security embedded into the system prior to the first element of information being collected, and extending securely throughout the entire lifecycle of the data involved.

3. Regularly test privacy designs against community expectations

We’ve seen countless examples of businesses operating within the law, yet failing to meet community expectations when it comes to privacy. This is why we believe it’s imperative to regularly test the way that we apply our privacy policy with customers and stakeholders, and regularly ask the question “just because we can, does it mean we should?”.

Where to from here?

We don’t profess to have solved all of the problems and issues that plague the privacy space. Instead, as with many challenges we try to overcome at Open, we are on a journey. A journey of continual self-examination, questioning and collaboration, a journey that hopefully continues on a positive trajectory as more answers become clear, and as the expectations of the wider community evolve.

We’d love to hear how other businesses are engaging with communities to understand changing expectations. Let us know about your views and if you have any questions please let us know.

Copy to clipboardLinkedin LogoTwitter logoFacebook logo

You might also like

Woman with curly hair on a laptop

Here's why embedded car, home and travel insurance is wonderful for everyday consumers

At some point in time, everyone needs great car, home and travel insurance. But insurance can be hard to find, annoying to buy and expensive. What are some challenges with insurance now, and what does embedded insurance look like in practice for customers?
Read more
woman with blue hair on her mobile phone

We've all seen the neobanks. Now prepare for neoinsurance.

Five years ago, if you wanted to open up a bank account you had to get in your car, drive to your nearest branch and fill out a tiresome amount of paperwork. You’d be given introductory savings rates that would fizzle away to practically nothing after a few months.
Read more
Black Open Logo o white background

Introducing Open, the new stack for insurance

Insurance can be complicated. Here we explain the case for simplicity and the new stack that makes it all possible.
Read more

Sign up for our newsletter

Register your information to receive all the latest news and updates from Open

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

By clicking Subscribe you're confirming that you agree with our Terms and Conditions.