Data–specifically information about our customers–is the very lifeblood of the insurance enterprise. Not surprisingly, then, the subject of who owns the data and where it should be stored is of critical importance.
Let's deal with the question of ownership first. Customer data is truly a precious commodity, because without it, how would we ever know how to underwrite personal risks? As such, this information must be carefully handled and doggedly protected if insurers and agents hope to keep doing business.
So, what exactly are we talking about when we mention data? According to Webopedia.com, "data can exist in a variety of forms–as numbers or text on pieces of paper, as bits and bytes stored in electronic memory, or as facts stored in a person's mind."
Numbers or text on paper are tangible assets that can be held, used–and misused or stolen, so they certainly can be owned. Bits and bytes, on the other hand, depend on the positioning of electrons on a chip–somewhat harder to get one's arms (or fingertips) around. The best we can do here is to say that someone owns access to the bits and bytes stored on one or more devices in one or more locations.
Facts stored in one's mind, of course, are owned by the thinker–until and unless that cogitator decides to express those facts in some reproducible way that can, at least in theory, be stolen. I will also allow for theft via telepathy, although some readers may doubt my psychic abilities, or my sanity, on that score. Nevertheless, I would hold that this form of data is not of great concern to the insurance enterprise.
Several insurance experts I talked to believe–correctly–that the customer owns his or her own information. As one agent put it, "It's their information, just as in every other HIPAA system. They allow us access to it, but it is their information. In some cases, the agency and the carrier both store copies of that data, but it is still [the customer's] and we are responsible to protect it."
Where, then, should that data reside? This may be the hot potato no one wants to fully grasp, because holding the data means you are responsible for its safety. Some agents tell me they would rather not store customer data on their own systems, presumably because they do not have the IS or financial resources to store the information securely. More likely, however, those particular agents just don't want to assume the risks of keeping such a precious commodity.
There are other agents, however, who insist that the data on their customers belongs on their systems. They want control over the data and–more importantly–its usage. These agents see insurers who want to keep the data as impinging on business the agents have worked hard to develop.
