INSURANCE COMPANIES are being investigated by the Office of the Data Protection Commissioner over the sharing of data of thousands of people who have never made a claim.
Dozens of insurance companies and self-insurers share the information of hundreds of thousands of customers through an industry-wide database known as Insurance Link, which was set up in 1992 with the intention of preventing fraud.
The practice of storing and sharing the details of people who make an official claim is legal, however storing the details of those that have not made a claim is against data protection laws.
People who consulted an insurer, but never actually pursued an official claim, have had their details passed on to insurance companies that have illegally placed them on to the database.
The commissioner’s office is also concerned by the unregulated access to the database, which is used by hundreds of company employees to obtain background information on individuals applying for a quotations.
Some of the companies that use the database include Axa Ireland, Aviva, FBD, Quinn insurance and Allianz.
It is understood that the database is accessed about 20,000 times each month on average and a significant number of entries on to the system are not for claim-related purposes.
The database is being used to provide what the insurance industry has termed “pre-claim notification”, whereby the insured entity informs their insurance company of a possible claim, following an accident. The individual’s details are then registered on to the database without the consent of the individual. Many insurance companies apply this practice as a condition on their policies.
The investigation is one of the largest ever undertaken by the office and began in 2008 following failed negotiations between the office and the sector’s representative body, the Irish Insurance Federation.
The negotiations centred on creating a new code of practice in the sector, but some details relating to the use of the Insurance Link database could not be agreed upon.
The commissioner’s office requested that insurance firms account for all their entries to the database, for one specific month of this year. However, many of the companies could not prove that the database was always accessed for legitimate reasons.
Gary Davis, the deputy data commissioner, confirmed a “significant investigation” is under way into the insurance sector, which was initiated following a large number of audits that gave the office “cause for concern.”
The commissioner’s office has been in communication with the federation and individual insurance firms for two years regarding the issue and has received their full co-operation, said Mr Davis.
Insurance federation chief executive Michael Kemp said the use of Insurance Link is a practical necessity for companies and is used solely as a guidance mechanism to prevent against fraud.
“There is no issue with the amount of people that are authorised to use the database,” he said. “There is no impact on an individual if their information is put on the database.”