Article
Establishing a framework for practical data governance in the insurance industry
Dec. 4, 2023 · Authored by Russell Sommers, Nathan Olson
Data governance tends to be thought of as an information technology (IT) responsibility, when in reality, it’s a business issue. Many insurers have found success by harnessing and using data, enabling leaders to make data-driven business decisions to better serve policy holders and execute strategy. As insurance organizations continue to increasingly use data, there is a heightened regulatory focus on the handling of sensitive information.
Up until recently, many have focused on implementing a cybersecurity program designed to identify and protect non-public information and maintain the integrity of information systems, as well as the ability to detect, respond to and recover from cybersecurity events in a timely manner. From there, they would respond to and recover from those events. A new area of focus is the governance and use of business data, with a specific emphasis on the types of data being collected and used, the purpose behind the collection of that data, how access to that data is controlled and the controls in place to ensure that the use of data doesn’t introduce bias into decision making and/or create disparate impact to groups of users.
Why is data governance so important within the insurance industry?
In 2022, nearly 422 million individuals were impacted by U.S.-based data compromises/breaches. Despite this, the use of data globally is increasing rapidly. By 2025, global data is predicted to increase to 175 zettabytes – up from only 33 zettabytes in 2018. The majority of our clients have access to more data than they can effectively utilize, and they seek insights to learn more about the different actions they should take to better handle and analyze that data to add value to their organization.
In the insurance industry, data governance is an important component of ensuring the consistent treatment of data to uphold compliance responsibilities and support strategy execution. It is the process of managing the availability, usability, integrity and security of an organization’s data. Developing a strong data governance framework involves defining policies, procedures and standards for proper data management while also assigning roles and responsibilities across your team to ensure that data is properly managed throughout its lifecycle, as well as, the tooling and metrics to assess efficacy.
Two important components of establishing a data governance framework are data literacy and data ownership. By focusing on data literacy, your organization will be able to identify opportunities to enable better information access, stewardship and security. Everything that helps your organization engage better with data to better understand it from a knowledge perspective, as well as finding the data from a resource perspective, is a part of data literacy. This will enable you to drive data decisions on a consistent basis and it is a key part of a data governance framework. It is also important to ensure that the individuals working within your organization understand the data they are using and how to properly analyze it. From a change management perspective, any new policies or procedures you attempt to implement will not be effective without an adequate level of data literacy.
It is also important to establish a framework for data ownership to align business stakeholders with information technology, therefore providing guidance and resources for key data assets. This side of the data management spectrum focuses on accountability and visibility into who ‘owns’ certain data assets within your organization. Specific individuals and teams need to police how data is used, managed, viewed and analyzed to ensure accountability and to be considerate of the proper handling of sensitive information. Similar to data literacy, for data ownership, it is essential that everyone within your organization knows who is responsible for certain data assets and who they can reach out to when necessary.
Data governance covers a broad area, including everything from policies, standards and strategy to management and support, data quality control and privacy, compliance and security. It is crucial that insurance organizations practice data governance in order to increase data volume, improve self-service reporting and data analytics and stay on top of regulatory and compliance requirements.
As the use of data becomes more necessary to execute strategy, the opportunities to harness your organization’s data to further grow your business will grow exponentially. Technologies like machine learning (ML) and artificial intelligence (AI) are playing bigger roles in how we use data, and they represent significant opportunities and areas for growth for insurance companies. A strong data governance framework needs to be established before your organization starts to delve into these new technologies.
At Baker Tilly, our data governance framework goes hand in hand with our overall data strategy. Having one standard policy in place across the entire organization concerning the handling of data is the best way to ensure we are taking accountability and ownership over our data. Ultimately, we feel that the ownership of data governance should be held within the hands of the business instead of the IT team so that it is properly represented by stakeholders who have detailed ownership and accountability over those assets.
