A report from the Office of the Data Protection Commissioner (ODPC) has identified instances of insurance company staff breaching data protection law by inappropriately accessing information. The report examined the use of Insurance Link, a claims database shared by insurers, which currently holds the details of 2.4 million cases.

Breaches included the improper accessing of the claim histories of celebrities, relatives and friends and the use of “pre-claim” data available on the database in the calculation of insurance quotes. “Pre-claim” data relate to the preliminary queries of a customer who may or may not actually proceed with the claim. The ODPC has directed insurers to remove “pre-claim” and other types of illegitimate data from their records, to delete data kept for longer than ten years and files that have been inactive for five years. The ODPC has further directed that insurers place stricter controls on the use of Insurance Link by staff.

The report suggests that confusion in the insurance industry about the correct use of Insurance Link has led to many of the data protection breaches. The Irish Insurance Federation has expressed plans to develop a code of practice for the use of Insurance Link that would enable insurers to view a customer’s previous claims in a manner compatible with data protection rules when an application for insurance is made. The Irish Insurance Federation has also stated that it plans to increase public awareness about the use of Insurance Link by insurers and the type of data kept on the database.