Have you stopped speeding your car? Insurance companies and data protection.

 

clip_image002I went on a Speed Awareness Course recently. I was not alone as 1,207,570 people did in 2015 and the numbers for 2016 will certainly be higher. There was a wonderful cross section of the population there and two trainers there as well. It was a good course with plenty of information about reading the road, hazards, speed limits quizzes and video.

My first reaction to the Notice of Intended Prosecution was that I’d start accumulating points and points (in car insurance terms) means price hikes so to be offered a course in lieu of points was a fantastic result. The cost of the course (£90) was irrelevant in fact I’d have paid much more to avoid the points. The cost of the Fixed penalty (£100) was also not an issue even though I didn’t pay it. It was the points on my licence that was at the forefront of my mind.

Not everyone is offered a course however

clip_image004

This says in plain English that you may be caught at 35mph but will avoid a prosecution but between 36mph & 42mph you will be offered a course. So just over the limit is OK; medium level speeding means a course but over the top speeding means a prosecution or fixed penalty. That’s why you see lines of executive cars chugging down the motorway with cruise control set at 78mph. This chart effectively raises all speed limits by 10% to 20% and could even be said to be an inducement to ignore posted speed limits but work with the generous grey area speeds the police allow.

While researching this article I found that some countries base the size of a fine for speeding on the income of the speeder. Finland fined a highly paid (£4.7m a year) businessman £50,000. See more detail here http://www.bbc.co.uk/news/blogs-news-from-elsewhere-31709454

And also there are stories of people asking other people to “take’ points in return for money. An interesting concept worth investigating…

http://www.dailymail.co.uk/femail/article-1390586/Would-ask-loved-speeding-points-I-did-I-live-consequences.html

The big question that came up halfway through the course was

“Should I tell my insurers that I’ve been on the course?”

The trainer was clear.

“Your details will be held on a database so other police forces who may catch you speeding will not offer you a course. This will last for 3 years. The Police will not pass this information to anyone else”

Searching the web will find plenty of discussion on this subject. Here’s what the AA (which provides Speed Awareness Courses) says

“Your personal details are protected by the Data Protection Act 1998. If you elect to participate, you agree to your details being checked by us against the ACPO national database to establish if you have completed a similar course within the last 3 years of this offence.

If you complete a “National” course, your details relating to the course will remain on file with the ACPO national database for road safety research purposes for a further 7 years from the date of the offence, after which any personal reference to you will be erased. These details will not be released to any other party apart from other UK Police Forces if they are considering making an offer of a course in the future.”

ACPO has disappeared and NPCC (National Police Chiefs Council) has sprung up but it’s logical to assume that the data is still there but the name of the Data Controller has changed.

Ndors is the national body that oversees the courses. They say

“Once a person has been on the course then no further action will be taken, there is no fine to pay and they will not have any points put onto their licence.”

A generally held point of view is that there is no conviction so no requirement to inform insurance companies. However some insurance companies (largely the Admiral group) have started to ask potential customers if they have been on a Speed Awareness Course as in their view that person although not convicted have shown an inclination to speed and this would affect any insurance premium.

The web has plenty of forums where this issue is discussed and opinions of insurance companies range from infuriated to incensed. A typical comment is

“Insurance companies will use any excuse to weasel out of paying a claim because they are cheating bastards.”

But who is right in this matter? Is there a data protection angle? We think so.

If anyone approached the police database and asked to see if a person was on that database because they had been on a Speed Awareness Course I would expect the answer to be no you’re not getting it – it’s confidential. Even using the Freedom of Information Act would elicit this response and it seems the right response. There are other exemptions that might apply

However the Insurance companies are not going down that route as they know they don’t have a right of access. They are asking people to voluntarily inform them that they have been on such a course so that they can increase their insurance premium. They point to a general catch-all in their small print that customers must inform them of anything that might affect their insurance. Can insurance companies ask this? Can they ask a question that they know the person doesn’t want to answer because it invades their privacy?

  • Do you have cancer?
  • Do you smoke?
  • Do you walk 5,000 steps a day
  • Have you dropped litter and been fined?
  • Have you separated from your partner?

They say that if you withhold such information it may invalidate the policy but they can’t collect it lawfully unless they obtain it from the customer as they have no lawful means of obtaining it. If you have a massive claim and they see a £25,000 payout in prospect they might just use a private investigator to look into the claim and see if they can find some fault with it. He may stray outside the law and find evidence of your course…

But if you voluntarily answer the question that they may not be able to ask you haven’t you consented to giving the answer?

Consent hits the first button in Schedule 2 so the Insurance companies are processing fairly and lawfully. Or are they? If you are asked to consent to a disclosure that will have an adverse effect on your life is that a true consent or an enforced consent?

Consent isn’t defined in the Data Protection Act so it has its ordinary meaning. A quick web search says consent is “permission for something to happen or agreement to do something”. Do you think customers are agreeing that Admiral can hold their Course attendance and increase premiums as a result? Or are they reluctantly disclosing for fear of losing their insurance?

Other parts of Schedule 2 don’t seem to apply except for old faithful paragraph 6 – the legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject. Whoever inserted the tiny word prejudice here many years ago may have done the nation an immense service. Of course it will prejudice the rights and freedoms of someone who hasn’t been convicted of a speeding offence yet is in danger of being penalised for doing so.

And if you’re thinking of diving into schedule 3 think again. It’s not sensitive data. It’s a training course not a conviction.

So on balance it’s probably unlawful for Insurance companies to ask the question as it’s not a freely given consent; they have no access to the police database of course attendees and if they do set a data hound on the case he probably can’t access the information lawfully either.

But there’s also a left field solution. All seasoned FOI professionals know that there’s a way of answering a request without actually answering it. Yes you’re remembering it now aren’t you – it’s the Neither Confirm nor Deny option.

Section 1(1)(a) of the FOI Act allows this where confirming would in itself disclose sensitive or potentially damaging information that falls under an exemption.

So when the Insurance company asks the question you Neither Confirm nor Deny that you have been on a course. They can’t make any further decisions on your premium. They can’t say “well it’s obvious that he’s done a course” as they have no evidence of it.

Good luck with that one.

Finally if you do find yourself being asked the question and any of the solutions here are a bit too drastic you can always swap insurers to one that doesn’t ask the question. But as you do remember that all the individuals who were coerced into unfairly disclosing Speed Awareness courses to Admiral may find that Admiral shares the data anyway. Big Brother (or Big Insurer) is not far away.

 In the vanguard of forced consent is Admiral. Not content with asking up about speed awareness courses you’ve been on they now want to trawl through your facebook posts to make decisions on what type of person you are so they can adjust premiums of party animals. See http://www.bbc.co.uk/news/business-37847647 Fortunately Facebook has declined to give Admiral access.  But questions have to be asked as to how far Admiral or other insurers will go to into your personal affairs to work out a suitable premium especially for you. A word trending in DP circles as GDPR approaches is Profiling. Maybe it’s time you found out what it will mean for your company in the future.

Image credit http://jimllpaintit.tumblr.com

Act Now has a full programme of Data Protection workshops including full day GDPR workshopsWe also run the Act Now Data Protection Practitioner Certificate which is ideal for those preparing for the role of Data Protection Officer under GDPR.

This entry was posted in Data Protection, Privacy and tagged , . Bookmark the permalink.

2 Responses to Have you stopped speeding your car? Insurance companies and data protection.

  1. confused of north london says:

    cryptic!!

  2. Ganesh Sittampalam says:

    Can’t they just hike premiums for everyone but offer a discount to anyone willing to explicitly state they haven’t been on a course?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s