There’s not a very clear picture about what insurance companies actively share in terms of information. On one hand, privacy laws in Canada mean that your personal information is protected in most cases, but on the other general statistical information is used by all insurers to build their underwriting policies, so in essence the companies each draw from common pools of information such as accident statistics, crime reports and other types of information that provide an actuarial basis for operations.

Digital Privacy Law

Passed into law in June 2015, Bill S-4, also known as the Digital Privacy Law, has some provisions that may impact how insurance companies share data, particularly when investigating car insurance fraud. Fraud is one factor that is thought to be behind the reasons car insurance premiums are so high in many provinces, particularly Ontario.

There are points in the legislation that allow insurance companies to exchange clients’ personal information without obtaining consent. The Personal Information and Protection of Electronic Documents Act prohibits the disclosing of personal information without an individual’s consent in all but specific cases.

Bill S-4 allows information disclosure without consent or other oversight if there’s a reasonable suspicion of illegal activity, particularly where the action of obtaining consent might compromise the ability to detect the fraudulent activity.

The Insurance Bureau of Canada, the country’s private insurance industry association, supports these provisions of the bill. The IBC supports the removal of restrictions that interfere with prompt investigation of fraudulent activity by allowing companies to disclose information without the creation of an investigative group, in “limited circumstances,” taken to mean only when there is a strong suspicion of, in this case, activities that defraud insurance companies.

Criticism of the Law

The bill was opposed by New Democrats, since it opens the doors for information sharing without individuals’ knowledge, a direct contravention of the spirit of PIPEDA. The IBC feels that the insurance industry as a whole is restricted in its ability to combat fraud, and that this information sharing will contribute to the public interest by identifying factors that could reduce insurance premiums on a broad scale.

Examples of Shared Information

digital privacy

It is expected that insurers will use new access to information to identify patterns in the claims history of individuals in suspected cases of fraud. Previously, if a driver deliberately caused an accident or submitted excessive claims beyond real damages, once that driver moved to a different insurer, only information on the public record, such as a driving abstract, would be available to the new insurer. Any patterns of inflated claims made by that driver were not identifiable due to privacy restrictions.

The IBC suggests that sharing of general insurance history of a driver could prevent the new insurance company from discovering fraudulent activity until long after funds are paid to settle the most recent incident involving this driver and false claims.

Currently, amendments are being considered and regulations covering the Digital Privacy Act are not yet in place.