Re Gender Recognition Act 2004

Is everyone aware of this resource link :

http://www.grp.gov.uk/about/useful.htm

An interesting question for Insurers is how their actuarial rating processes 
work. Male and Female genders generally tend to be given different life 
expectancy.

If you change gender under an existing contract then how are the contract 
premiums to be treated. This decision being relevant to a need for 
transaction history on the contract given other statutes and regulations 
applying to maintenance of contract accuracy.

If an individual advises you of the potential damage of retaining a history 
of a gender change and seeks data erasure, as is possible under DPA, then 
the insurer will need clear and consistent arguments as to why a history of 
the change is required. Any successful argument on their part will come hand 
in hand with ensuring security of the data is maintained ie deciding who 
really needs to see such data. such as employees, data procressors, 
auditors, regulators etc. The wider the audience the more likelihood of 
security failure in the eyes of the individual..

I recall gender identity itself was not argued as 'sensitive' data however 
the information that a gender change has occurred is arguable as 'sensitive' 
data and would therefore need a schedule 2 and 3 condition to support its 
processing. This may mean that informed consent of the individual needs to 
exist. Such consent from individuals could go hand in hand with obtaining 
security guarantees from Insurers.

I also believe that insurers are resticted at law from simply terminating 
life contracts unless they were mis-led when entering into the contract. 
This could give rise to some interesting challenges on contract management 
where new processing of sensitive data begins mid term.

I do not recall seeing any recent debate about these issues but could well 
believe that it may well take a determined individual to test the water over 
fairness of insurance contract and related data processing .

Anyone in the insurance industry past or present aware of any sector 
discussions on this Act and its impacts on Insurance contracts.?

David Wyatt

----- Original Message ----- 
From: "Christopher Spray" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Monday, January 16, 2006 8:07 PM
Subject: Re: [data-protection] Request for advice - DPA vs Gender 
Recognition Act


> Hi Emma, happy new year.  You could do worse than check out Les's
> presentation on the Dpforum website ( not that I have looked at the slides
> there, just saw the presentation).
>
> Basically, I believe you are not required to expunge the original sex (and
> it wouldn't be right to do so, making records inaccurate), but one must
> record from now on the correct sex, name etc in the normal fields, not as
> comments.  The old data could be stored as comments?  If need be I don't 
> see
> why you couldn't set up a new record provided it was very clear that the 
> old
> record is just that and no annual statements, correspondence etc. is sent
> from it.  Perhaps not a risk worth taking??
>
> Chris
>
>
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Emma Bothamley
> Sent: Monday, January 16, 2006 3:30 PM
> To: [log in to unmask]
> Subject: [data-protection] Request for advice - DPA vs Gender Recognition
> Act
>
> Dear all,
>
> Question on the Gender Recognition Act.  What should we do if we receive
> notice from one of our customers that they have swapped gender?  How 
> should
> we go about capturing the information for that individual on our systems 
> to
> ensure compliance with the Gender Recognition Act and DPA?  Should we:
>
>   Remove all reference to the individual's original gender from all our
>   computer systems?
>   Set up a new computer record for the individual, linked to the old one,
>   thereby ensuring there was an audit of trail of when genders changed?
>   Make a note on the system that the individual has changed gender, update
>   their new name and salutation but leave the underlying record unchanged?
>
> The view here is that we should ensure that all our computer records show
> the new acquired gender and name for the individual concerned.  Their view
> is that all records would need to be amended, rather than just putting a
> note on the system.  This is because it is always open to the individual 
> to
> make a SAR.  If a SAR was made, we would need to disclose all information
> about that person.  If our records still showed the original name and
> gender, even for audit trail purposes, this could be a breach of the Data
> Protection Act for failing to ensure that we maintain accurate information
> on our records.
>
> I'm not sure I agree with this.  As we are a Life Assurance company, I
> would have thought it would be necessary and legitimate to keep some
> historical record of the previous gender.   I was wondering how others 
> were
> approaching this issue?
>
> I'd be grateful for your views / comments / thoughts.
>
> Many thanks in advance,
> Emma
>
>
>
> Emma Bothamley
> Data Protection Consultant
>
> 01733 471226
>
> [log in to unmask]
>
>
> Pearl Group Ltd No.05282342 and Pearl Group Services Ltd  No. 05549998. 
> The
> following companies are subsidiary companies of Pearl Group Ltd and are
> authorised and regulated by the Financial Services Authority:  Pearl
> Assurance plc No. 1419, Pearl Assurance (Unit Funds) Ltd No. 1027138, 
> Pearl
> Assurance (Unit Linked Pensions) Ltd No. 1122485, Pearl ISA Ltd No. 
> 3597973,
> London Life Ltd No. 1179800, London Life Linked Assurances Ltd No. 
> 1396188,
> NPI Ltd No. 3725037, National Provident Life Ltd No. 3641947, UKLS 
> Financial
> Services Ltd No. 3715118.  All companies are registered in England at The
> Pearl Centre, Lynch Wood, Peterborough PE2 6FY. Tel. 01733 470470. We may
> record or monitor telephone calls to improve service and for our mutual
> protection.
>
> The information in this e-mail is confidential and may be legally
> privileged. It is intended solely for the addressee and access to this
> e-mail by anyone else is unauthorised. Although this message and any
> attachments are believed to be free of any virus or other defect that 
> might
> affect any computer system into which it is received and opened, it is the
> responsibility of the recipient to ensure that it is virus free and no
> responsibility is accepted by any of the companies of Pearl Group Limited
> for any loss or damage in any way arising from its use.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>       All archives of messages are stored permanently and are
>      available to the world wide web community at large at
>      http://www.jiscmail.ac.uk/lists/data-protection.html
>      If you wish to leave this list please send the command
>       leave data-protection to [log in to unmask]
>            All user commands can be found at : -
>        http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list 
> owner
>              [log in to unmask]
>  (all commands go to [log in to unmask] not the list please)
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>       All archives of messages are stored permanently and are
>      available to the world wide web community at large at
>      http://www.jiscmail.ac.uk/lists/data-protection.html
>      If you wish to leave this list please send the command
>       leave data-protection to [log in to unmask]
>            All user commands can be found at : -
>        http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list 
> owner
>              [log in to unmask]
>  (all commands go to [log in to unmask] not the list please)
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^