The days of sending a saucy postcard from Brighton may be gone but even in those times, including sensitive personal information for all to read would have been inappropriate . . . .
Postcards were the territory of …………….‘The sun is here, wish you were beautiful!
And yet, every day, millions of people do exactly that, electronically publishing information via email that they would never dream of sharing openly with others on a postcard. Email content can so easily be read by those that might use the information to disadvantage us and medical underwriting information, in particular, should remain sacrosanct !
In the insurance world medical information relating to an identifiable individual should be held securely, in accordance with the Data Protection Act 1998 and General Medical Council guidance on confidentiality – The Medical Protection Society
Confidentiality is a fundamental professional value but the DPA can so easily be contravened with significant consequences. An underlying responsibility exists to keep personal information protected against improper disclosure at all times, and the Act imposes a Civil Monetary Penalty of up to £500,000 if contravened in a deliberate or reckless way, or a way likely to cause substantial distress or damages to an individual.
Professional indemnity insurances may not ‘carry the can’ – how many businesses have the financial strength to withstand such a hefty fine and how many are taking steps to ensure that they are safeguarding their email communications and their clients’ data?
UK Identity theft increased by almost 1/3 in the first quarter of this year with more than 80% perpetrated online – the number of consumers using the power of the internet to gain access to the very best deals will only rise so this statistic is unlikely to improve any time soon!
Email is only slightly more private than a billboard, a slight exaggeration, but you get the point! Taking action to protect valuable data leakage, where your competitors fail to do so, can offer distinct commercial advantage, imparting a sense of value upon your clients in the context of their precious data and identities, assuming the DPA fines themselves don’t force a behavioral change.