John
Some observations
One of the first things to analyse is the Loss Adjusters (LA) relationship
to the various data subjects ie an insurance claimant, witnesses, third
party opinion etc, and the LA legal relation to their customer eg. Insurers.
A loss adjuster can be working for either a data subject or for an insurance
company, most commonly the insurer. A loss adjuster may exercise a
professional independence in their task but the work it conducts is
generally paid for by the insurer so is therefore undertaken under contract
as agent of the insurer. Do data subjects know this? Loss adjusters tend
to obtain personal data about data subjects initially from the insurers, who
themselves collected from the data subject either directly or through
agents. The insurer data is added to during LA investigations but has the
data subject understood who is the controller of this additional data?
Presumably this is advised at first contact by LA either reiterating the
insurers Fair obtaining notice if actining as agent or delivering a new
notice if the LA can claim data controller status.
If working for an insurance company then by default the data LA collect
would appear to be by way as a data processor for the insurer. If not why
would a data subject supply any data given they have no direct contractual
relationship to the adjuster?.
Given this relationship any subject access requests should be referred to
the insurers data protection office. The controller has the obligation to
manage the data security aspects which includes subject access control, so
should be directing the LA via a written contract on these points.
Under DPA the insurer as a data controller should be controlling the
adjusters data collection and use processes this should include the
obligation to deliver first principle notices during collection. The
Insurers proposal forms and claims forms should be outlining their
disclosure / data obtaining via LA's given many now outsource much claims
investigative work to LA's. Whilst an insurer cannot transfer data
controller status to the adjuster it could delegate (via the services
contract) some of the related admin it is subject to under the Act.
Other considerations for the services contract between LA and Insurer are
what happens to the data when the insurer and loss adjusters contractual
relationship ends, is it returned to the Insurer, destroyed or does the LA
retain. If retained what is the LA relationship to the data subject and its
current purposes for holding the data. As you are aware there is much
sensitive personal data in what LA collate during investigations some being
fact some being professional opinion.
I recall a number of discussions in the past between the Association of
British Insurers and the OIC re Loss Adjuster relationships. Have you
approached the OIC or ABI for views / guidance.
David Wyatt
----- Original Message -----
From: "John Keates" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, June 02, 2004 3:20 PM
Subject: [data-protection] Subject Access Query and Loss Adjusters Reports
I would like any advice anyone can give on an issue we have with regard
supplying copies of reports prepared by Loss Adjusters.
Loss adjusters are independent of our claims function and they prepare
reports dealing with, among other things, how claims should be paid and why
particular payments are to be made. The front sheet of all their reports
contain the following wording:
Confidentiality Notice
This communication & the information it contains :- (A) is intended for the
person(s) or oganisation(s) named above & for no other person or
organisation &, (B) may be confidential, legally privileged & protected by
law.
Unauthorised use, copying, or disclosure of any of it may be unlawful if you
received this communication in error, please contact us immediately by
telephone or by fax on the numbers given above. We will be happy to accept a
reversed charge call (call connect).
When we receive Subject Access Requests from customers for a copy of their
claims files I am unsure of the impact the above notice has in terms of
providing loss adjusters reports which may be part of the claim file.
The loss adjusters reports often contain information about our negotiation
stance and would have prejudice those negotiations. Therefore, when
negotiations are in process reports are not released.
Are there any other grounds for not releasing a loss adjusters report that
anyone knows of?
John Keates
> Assistant Manager - Data Protection and Anti-Money Laundering
> HGISL G I RISK
> Email: [log in to unmask]
> This Message represents the personal view of the sender and is not
attributable to the HBOS Group or any division therein. This e-mail is
intended for this group only and I do not wish to opt-in to any marketing of
any kind.
>
>
>
>
>
>
>
>
>
>
>
--
----------------------------------------------------------------------------
--
Halifax plc, Registered in England No. 2367076. Registered Office: Trinity
Road, Halifax, West Yorkshire HX1 2RG. Regulated by the Financial Services
Authority. Represents only the Halifax Financial Services Marketing Group
for the purposes of advising on and selling life assurance, pensions and
collective investment scheme business.
===========================================================================
==
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|