Fraud investigations are being hindered by companies misusing the Data Protection Act to share data, according to the findings of the Chartered Insurance Institute (CII).
The CII's New Generation Claims Group found inter-company data requests in the insurance industry made under section 29(3) of the act - designed for the sharing of data to prevent and detect crime - are happening in unmanageably high volumes, are often non-compliant and are adding little to counter fraud investigations.
The New Generation Claims Group is one of four groups (alongside broking, underwriting and London Market) established by CII Faculties to research ways of improving industry practices.
Jenny Neale, risk manager at Ecclesiastical and spokesperson for the group, said: "Our stakeholder questionnaire told us that there were over 21,000 requests going out per year and that was across just 10 of the organisations who responded."
"A large number of these requests just aren't dealt with and even when they are the response time to these requests varied anywhere from a week to 12 weeks."
The CII will release an industry protocol setting out how Section 29(3) should be used, complete with templates for data sharing and specified timeframes in which to respond.
It is scheduled for launch in autumn 2013.
Principal problems with the use of section 29(3) identified by the group's work include:
•High volume and poor quality data requests
•Lack of industry consistency for presenting requests
•Confusion over what makes a compliant request
•Lack of centralised management information regarding Section 29(3)
•Poor response rate to requests
•Data requests being ignored altogether
