The Chartered Insurance Institute (CII) has published new guidance to support insurance and personal finance firms in managing data relating to customers in vulnerable circumstances. The Data Privacy for Customers in Vulnerable Circumstances guide clarifies in practical terms how customer vulnerability-related data can be managed in compliance with UK data protection requirements and the Financial Conduct Authority’s (FCA) Consumer Duty.
The guidance was launched at an event today in London to an audience of press, stakeholders, and sector leaders, featuring a panel discussion and Q&A with Laura Leng, Lead Associate of Consumer Policy at the FCA; Dominique Azid, Principal Policy Advisor at the ICO; Johnny Timpson, OBE Chairman at MorganAsh; Robert Bell, CEO of RB Compliance Consultancy and co-author of the guide; and Adam Harper, Executive Director, Strategy, Advocacy and Professional Standards at the CII Group.
There are three distinct and interconnected purposes for processing vulnerability data. Firstly, to provide appropriate support and to prevent harm. Secondly, to meet reporting requirements. Thirdly, to drive product and service improvements. Organisations can too often be hesitant to process vulnerability-related data due to a perceived risk of infringing data protection law. The guidance has been developed to address this perception, building on joint communications from the FCA and ICO, which clarify that UK data protection laws and the requirement for processing vulnerability-related are not in conflict.
Developed for compliance officers, data protection specialists, operations managers, the guide is intended to act as a practical foundation for embedding effective vulnerability data management across the sector. By clarifying how firms can collect, store and use vulnerability-related information responsibly, the CII aims to support a more consistent, confident and customer-centred approach across insurance and personal finance.
Commenting on the guidance, Matthew Hill, CII Chief Exec, said: "Too often data protection is used as an excuse not to do the right thing. Our new guidance should give insurance professionals the confidence to make data work for better consumer outcomes".
Robert Bell, Coauthor of the guide and Director at RB Compliance Consultancy, said: “We live in a world where health and support needs are increasingly openly discussed, as reflected in expanding regulatory expectations meaning firms have to be laser focused on supporting customers who find themselves in vulnerable circumstances. It is also important to use this data to amend the product design as part of the expectations of the Consumer Duty. However, none of this is possible without data and this is where many organisations believe they run into a barrier - UK GDPR. The CII identified this problem and the need to form a clear set of standards to guide firms through recording vulnerability data whilst maintaining compliance with UK GDPR. It has been a pleasure to be involved in creating this important guidance document which I hope proves useful for the industry.”