Life (Insurance) and Privacy
Privacy and data security are inexorably intertwined. While you can violate privacy in a secure manner, you can’t protect privacy without security. And you can’t understand privacy unless you understand basic security concepts such as authentication, access control, auditing and monitoring, anomaly detection, breach reporting and so forth. In many ways, security protects privacy. In some ways, security invades privacy. Security logs, IP logs, browser history files, cookies, tracking, anomaly detection and forensics … All essential parts of data security are also terribly invasive of privacy—especially if misused.
But privacy is generally about voluntarily giving up personal information in return for some benefit. You want a brand new Bluetooth headphone shipped to you from China, you need to give some Chinese merchant (or intermediary) your name, your contact information, payment and shipping information, at the least. It’s an inherent part of the deal.
John Hancock Insurance recently changed its policies with respect to issuing life insurance. Now, to get life insurance, like a criminal with an ankle bracelet you will have to wear a device that allows the insurer to obtain a continuous stream of information about your health, diet, exercise and sleep pattern. Reuters reports the insurer, which originally gave insured customers the option to provide this kind of data from an Apple Watch or Fitbit or similar device, has decided to make it mandatory as a condition of obtaining—and keeping—life insurance. Thus, even if you pay your premiums every month, if you don’t wear your Fitbit and die, John Hancock can deny your family a claim. And, the company can change your premiums based on the risk that you are going to die, and that can be measured through data collected from the device—including, for example, the new Apple Watch 4’s ECG, pulse oximeter, pulse and calories-burned measurements.
We can anticipate the same trend in car insurance and other insurance. While some insurers such as Progressive offer behavior-based pricing, and promising customers lower rates based on their safe driving habits, the flip side of big data also applies: Bad drivers get both higher rates and potentially denial of claims.
Is this good or bad? Well, insurers have always wanted to peg pricing and policy limits to actual risk, and the more things you measure the more you can asses risk. This allows for better pricing of insurance. But it also is antithetical to the concept of pooling risk for insurance. What you end up with is “good” drivers or “good” exercisers getting insurance and the rest being left out or paying exorbitant rates. Rather than pooling risk, it Balkanizes risk. Sure, under the current system, low-risk individuals overpay and high risk individuals underpay. That’s the nature of pooled risk. By selectively targeting, you don’t have “insurance,” per se, you have what amounts to a personal annuity based on risk. It’s fine, but it’s not insurance.
What’s worse is that massive amount of personal data being collected (and then which must be securely transmitted, stored and analyzed) is subject to attack, theft, misappropriation and misuse. My health band (from Alibaba—yeah, I know) measures activity, blood pressure, pulse, pulse ox and ECG, as well as links my Bluetooth to my phone to receive texts and alerts. What could go wrong if third parties had access to all of that data?
Add to this the fact that health data is protected under U.S. law in the hands of “covered entities” and their business associates—not in the hands of life insurers, Apple, Fitbit or my carrier. Once we have granular data, it can be used—and rarely to our advantage. Our phone can reveal that we were texting at the time of a crash. A Fitbit might reveal that we were too sedentary or too active. Integrate other data, social media, Alexa and Siri, and we have few secrets.
In that respect, we must remember the wise words of a Founding Father. “Resistance to tyranny becomes the Christian and social duty of each individual … Continue steadfast and, with a proper sense of your dependence on God, nobly defend those rights which heaven gave, and no man ought to take from us.”
And that founding father, of course, was John Hancock.
