The Data Protection Commissioner is to introduce a new code of practice to address the issue of sensitive customer information being shared between life assurance companies.
Currently, if an individual is turned down for life assurance on health grounds, this information is stored on a central register maintained by the Insurance Industry Federation (IIF).
If that person subsequently makes an application to another life assurance provider, that company can access their details on the register.
This is to prevent fraudulent applications where an individual suppresses relevant information about their health.
The Data Protection Commissioner is to carry out a selective audit of the insurance industry this year and will be examining how the issue of sharing such data is handled.
Currently, individuals sign their consent when applying for life assurance, but a spokesman for the commissioner said concerns had been raised that this was not sufficient for the "amount of very sensitive personal data that can be shared".
"There's a right way and a wrong way to share this information," he said.
The code of practice will ensure that due regard is given to people's rights under the Data Protection Act, he added.
While it is unlikely that the register will be abolished, it is possible that companies may be required to request the individual's consent for a second time when specific information is being handed over to a third party.