1 / 42

Topic 5

Topic 5. LEGAL ASPECTS OF I.T. WITHIN THE INSURANCE DOMAIN An Introduction to Legal aspects of information technology. Topic 5: Legal Aspects of IT within the Insurance Domain. Topic O verview

blade
Download Presentation

Topic 5

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Topic 5 LEGAL ASPECTS OF I.T. WITHIN THE INSURANCE DOMAINAn Introduction to Legal aspects of information technology

  2. Topic 5: Legal Aspects of IT within the Insurance Domain Topic Overview In this topic we will take a look of any legal aspects with a special focus on those aspects relating to IT and its uses within the Insurance industry

  3. Topic 5: Legal Aspects of IT within the Insurance Domain Introducing the MFSA

  4. Topic 5: Legal Aspects of IT within the Insurance Domain MFSA – Malta Financial Services Authority • The Malta Financial Services Authority (MFSA) was established by law on 23 July 2002. It is a fully autonomous public institution and reports to Parliament on an annual basis. • The MFSA has taken over supervisory functions previously carried out by the Central Bank of Malta, the Malta Stock Exchange and the Malta Financial Services Centre and is the single regulator for financial services. The sector incorporates all financial activity including banking, investment and insurance. 

  5. Topic 5: Legal Aspects of IT within the Insurance Domain MFSA – Malta Financial Services Authority Key Functions: • Regulate and supervise the conduct of the financial services industry in Malta. • Help protect the interests of consumers and investors. • Encourage the highest possible standards of behaviour in the financial services industry. • Encourage and support initiatives to improve standards of education and training in Malta’s financial services industry – Example: MITC • Carry out due diligence prior to issuing licenses to businesses involved in banking, investments, insurance, pensions and stock broking. • Carry out regular and proper inspections of licensed financial services business.

  6. Topic 5: Legal Aspects of IT within the Insurance Domain MFSA – Malta Financial Services Authority • Publish guidance notes and directives to the financial services industry and to professional advisers to it. • Communicate and liaise with national, international and supranational organisations involved in combating financial crime. • Communicate with and advise with national and international media in order to demonstrate Malta’s commitment to global best practice and enhance its international reputation. • Propose the improvement of existing legislation or the creation of new legislation. • Manage Malta’s Registry of Companies.   Source: http://mfsa.com.mt/

  7. Topic 5: Legal Aspects of IT within the Insurance Domain Under which law(s) is Insurance regulated in Malta?

  8. Topic 5: Legal Aspects of IT within the Insurance Domain MFSA – Malta Financial Services Authority Insurance Business Regulation in Malta • Insurance Business in Malta is regulated under the Insurance Business Act, 1998. • It provides for the authorisation and supervision of insurance companies and the MFSA is the CompetentAuthority for the purposes of the Act. • There is also the Insurance Intermediaries Act, 2006 • The MFSA has the power and the duty to ensure that companiesauthorised to carry on the business of insurance comply with: • the provisions of the Act; • the requirements determined by any Insurance Rule

  9. Topic 5: Legal Aspects of IT within the Insurance Domain MFSA – Insurance Rules What are Insurance Rules? (previously known as Insurance Directives) • The MFSA makes Insurance & Intermediaries Rules as may be required for carrying into effect any of the provisions of the Act. • Insurers Rules (29 in total) • Intermediaries Rules (24 in total) Can be downloaded from the MFSA Website under the Insurance Section Rules referred to in this lecture will also be included on the ITinInsurance.com site

  10. Topic 5: Legal Aspects of IT within the Insurance Domain The following are some Rules that are related to IT within the Insurance Industry

  11. Topic 5: Legal Aspects of IT within the Insurance Domain MFSA – Insurance Rules • Rules of Interest: Insurance Intermediaries Rule 23 of 2008 Insurance Intermediaries carrying out InsuranceIntermediaries Activities through the Internet Applies to: This Rule applies to a person enrolled in the Agents List, Managers List , Brokers List or the Tied InsuranceIntermediaries List and carrying out insurance intermediariesactivities Scope: The scope of this Rule is to determine the conditionswhich the enrolled person or tied insurance intermediary isrequired to comply with when operating an internet site and theinformation which is to be included on an internet site operatedby an enrolled person or tied insurance intermediary.

  12. Topic 5: Legal Aspects of IT within the Insurance Domain Insurance Intermediaries carrying out InsuranceIntermediaries Activities through the Internet Important Points: Where insurance intermediaries activities arecarried out through theinternet, the following conditions shall besatisfied at all times: • The Intermediary includes appropriate statementsthat the policyholder or prospective policyholder is leavingthe internet site and accessing another in cases where theinternet site of the enrolled person is hyperlinked to othersites. • With regards to a tied insurance intermediary, it shall not carry ontied insurance intermediaries activities through the internet,except with the consent of the authorised company.

  13. Topic 5: Legal Aspects of IT within the Insurance Domain Important Points Continued: • The internet site, shall, as a minimum, include thefollowing information: • the name, address and contact details of theenrolled person; • statements as to whom the website is targeted, forexample, residents in Malta or for risks situated in Malta. • a statement that the enrolled person is enrolled tocarry out insurance intermediaries activities in terms of theAct; • Example:

  14. Topic 5: Legal Aspects of IT within the Insurance Domain The next rule we will be discussing applies to “Computer Link Arrangements” between Insurers and Intermediares

  15. Topic 5: Legal Aspects of IT within the Insurance Domain MFSA – Insurance Rules • What are Computer Links? • “Computer Links” is referring to a computerised infrastructure which is capable of allowing an insurance intermediay to: • transmit proposals for the covering of a risk or acommitment to the authorised company; • receive the acceptance of the authorised company to such aproposal;

  16. Topic 5: Legal Aspects of IT within the Insurance Domain Think... How are computer links set up? Loads of methods...Refer to Topic 2 & 3 Virtual Private Network (VPN) between and Insurer and Intermediary Web applications (using Web Forms to interact with Databases) Etc....

  17. Topic 5: Legal Aspects of IT within the Insurance Domain MFSA – Insurance Rules • Rules of Interest: Insurance Intermediaries Rule 22 of 2008 Computer Link Arrangements Applies to: A person enrolled in the Brokers List and carrying onbusiness as insurance broker and a person enrolled in the Tied Insurance Intermediaries Listof the Authority and carrying out tied insurance intermediariesactivities Scope: • the provisions to be included in and excluded from acomputer link arrangement; • the information which an authorised company is requiredto submit to the Authority when notifying it of a computer linkarrangement; • the manner in which an authorised company is to notify theAuthority of a computer link arrangement.

  18. Topic 5: Legal Aspects of IT within the Insurance Domain MFSA – Insurance Rules • Rules of Interest: Insurance Intermediaries Rule 22 of 2008 Computer Link Arrangements Important Points: • Notify MFSA within 20 days from when the Computer Link Arrangement was made • No business is to start prior to informing the MFSA • The Rule also states the manner on how to inform the MFSA • In the event of discontinuation or alteration to the arrangement inform the MFSA within 20 days in writing

  19. Topic 5: Legal Aspects of IT within the Insurance Domain MFSA – Insurance Rules • Rules of Interest: Insurance Intermediaries Rule 22 of 2008 Computer Link Arrangements Important Points: • in the event of discontinuation of the computer linkarrangement, the enrolled person shall return promptly to the Insurerall unusedcertificates of insurance and other documentation or material in itspossession in connection with the computer link arrangementwhich might be used as evidence of the insurance and which bearthe name of, or refer to, the authorised company; • that access to such link shall be exclusive to the enrolledperson, and shall be conditional upon prior, individual authorisationfrom the authorised company through password or similar means.

  20. Topic 5: Legal Aspects of IT within the Insurance Domain Other laws that apply to all businesses including those in the Insurance Industry in relation to IT

  21. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act, 2001

  22. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act, 2001 • Freedom to process data vs. privacy of individuals. Definitions • “data controller” refers to the person who alone or jointlydetermines the means and purposes of the processing of personal data; • inthe insurance sector this is usually the insurance company, the insuranceagent, the insurance sub-agent, the insurance manager or the insurancebroker. Detailed info found at: http://www.dataprotection.gov.mt/

  23. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act, 2001 Definitions • “data subject” refers to a natural person to whom the personal data relates; • inthe insurance context this includes the policyholder and the insured asdefined in the Insurance Business Act (Cap 403) and the proposer • Data Protection Commissioner

  24. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act, 2001 - Information • Distinction between “personal information” and“sensitive personal information”, where thetreatment ofthe latter is more closely prescribed.

  25. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act - Personal Information • means any information relating to an identified or identifiable natural person; • an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. 

  26. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act - Sensitive Personal Information • Racial or ethnic origin • Political opinions • Religious/similar beliefs • Trade Union Membership • Health • Sexual Life • Offences

  27. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act - Sensitive Personal Information • May only be held if one of the below is met: • Explicit and informed consent • Employment Law • Vital Interests of Subject • Legal Proceedings • Medical Purposes (by medical professionals) • Equal opportunities monitoring

  28. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act - Consent • “Freely given specific and informed indication of wishes by which the data subject signifies agreement to personal data relating to him/her being processed.” • Can’t use implied consent – must get forms back. • Can’t use blanket consent as condition of entry • Personal data processing requires theunambiguous consent of the data subject, and sensitive personal data requires explicit consent. In either case consent must be freely given, specific andinformed.

  29. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act – Consent (in Insurance) • Generally consent is sought at each of the following stages: • Proposal / Underwriting • Claims • At claims stage, the claimant is consenting to the processing ofadditional personal data that is relevant to his claim.

  30. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act – Consent Example Notice The following Data Protection note can be found on all claim forms used by GasanMamo Insurance

  31. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act – Right To Information • Data subjects must at all times be able to access the following information: • the identity and habitual residence or principal place of business of thecontroller; • the purpose of processing; • the recipients or categories of recipients; • whether replies to any questions are obligatory or voluntary, as well thepossible consequences of failure to reply; • the possibility of transfer to third parties; • the right to access, to rectify and to oppose.

  32. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act – Right Of Access • In the absence of exceptional circumstances, the data subject has the right to accesshis own personal data • Upon receipt of a signed request in writing by the data subject, the data controller isobliged to confirm whether any personal data is processed about that individual. Thereply must be given: • in writing; • without excessive delay; • without expense; and • in an intelligible form.

  33. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act – Principles of the act • Personal data may not be kept for any longer than is necessary for its stated purpose(s). • This potentially creates a problem with old staff/members data. • Consent from all new staff/members to keep their data after they have left as this is a different purpose to keeping it while they are here.

  34. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act – Principles of the act • Personal data must be adequate, relevant and not excessive. • Must not stock up on data without a reason that can be justified – consent! • Personal data shall be accurate and up-to-date. • This is an ongoing requirement and means data needs to be kept under constant review.

  35. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act – Principles of the act • Data must be obtained only for one or more specified lawful purposes. • Must not use data for a new incompatible purpose without subject’s consent. • Have a data protection statement explaining what data will be held and why and get consent from new students/staff as they arrive.

  36. Topic 5: Legal Aspects of IT within the Insurance Domain Data Protection Act – Sharing of Information within the Insurance Industry • The processing of personal data for the purpose of preventing, detecting orsuppressing insurance fraud may involve the sharing of information between differentdata controllers in the insurance sector. • Such sharing of information is allowed underthe Insurance Business Act and thus deemed to be in conformity with the Act wheresuch information sharing is undertaken: • amongst companies authorised to carry on the business of insurance; • amongst companies or persons registered or enrolled under the InsuranceBrokers and Other Intermediaries Act; • between insurers and intermediaries; and • between insurers, or intermediaries, or insurers and intermediaries, and theCommissioner of Police,

  37. Topic 5: Legal Aspects of IT within the Insurance Domain Newsletter Mailshots Laws and Ethics

  38. Topic 5: Legal Aspects of IT within the Insurance Domain Newsletter Laws • The laws regarding mailshots vary immensely from Country to Country although the ethics are essentially the same and a very simple interpretation of the situation is as follows. • The law now states that all electronic communication must now include the full registered name and office address of your company, as well as country of registration, on all email marketing • There must be a clearly displayed opt-out link on every email allowing recipients to opt-out of receiving future email messages and any opt out request must be honoured

  39. Topic 5: Legal Aspects of IT within the Insurance Domain Newsletter Laws • It is illegal to reveal recipients' details on any emails, by adding email addresses in a 'CC' list for instance. This should not be a problem if you are using a professional emailing software, as all information will be referenced from a database, not entered into the email itself as each message will be sent separately • The law states that consent is needed from the recipient before sending unsolicited e-mail marketing to individual subscribers but this does not apply to making contact with companies or contact details shown on websites.

  40. Topic 5: Legal Aspects of IT within the Insurance Domain Recap • Understand what the MFSA is and its role • Understand the applicable laws relating to the Insurance Market • Understand what are Rules • Which Insurance & Intermediaries Rules are applicable to IT • Identify important points from each rule • Data Protection Act, 2001 • Understand main definitions • Understand the main principles of the act • Special consideration given to the Insurance Industry

  41. IMPORTANT REMINDER Notes are being uploaded to the following website: www.ITinInsurance.com

  42. Thank You! Any Questions???

More Related