Case Study Vitality Justin Skinner Group Chief Risk Officer

Transcription

1 Case Study Vitality Justin Skinner Group Chief Risk Officer

2 Our core purpose Our core purpose is to Make people MAKE PEOPLE HEALTHIER healthier AND ENHANCE AND and enhance and PROTECT THEIR LIVES protect their lives 2

3 Our Shared-Value model is the vehicle that delivers validated outcomes that are powerful for members and society 3

4 The nature of insurance risk is increasingly based on lifestyle choices Physical inactivity, poor nutrition, smoking Physical inactivity, poor nutrition, smoking, alcohol 4 3 Diptheria Pneumonia & tuberculosis 1 Together caused 30% of all deaths 2 Diarrhoea and enteritis 50% of deaths worldwide Cancer, diabetes, heart and lung diseases Source: Oxford Alliance Group 60% of deaths worldwide 60 4 Cancer, diabetes, heart and lung diseases Source: The Vitality Group Source: CDC

5 This is made worse by a number of human biases that prevents us from acting in our best interest when it comes to decisions about our health Present bias and hyperbolic discounting Over optimism about health % of members rating their health good Expectation Benefits are immediate, price is hidden Benefits are hidden, price is immediate 49% 60% 65% 61% 52% HEALTHCARE WELLNESS Number of chronic conditions

6 The Vitality programme is designed to address these human biases for members, the largest evidencebased wellness programme globally, draws off the latest insights from behaviour economics to make it easier & cheaper to lead a healthy lifestyle and motivates members with tangible incentives to stimulate sustained behaviour change 3 GET REWARDED 2 GET HEALTHY 1 UNDERSTAND YOUR HEALTH 6

7 Vitality GDPR Programme Design the framework to ensure ongoing GDPR compliance, and publish Corporate policies and standards as appropriate. Compliance Framework Design Delivery of GDPR compliant Privacy Notices published on Corporate websites and in printed stationery. Privacy Notices Remediate existing third party suppliers and partners to ensure the contracts are GDPR compliant and update existing processes to ensure any new contracts meet the same standards. Third Parties & Partners Ensure technology controls align with risk appetite to control and mitigate the risk of loss of personal information Information Security Specify and deliver changes to business process, IT systems and data management to ensure the organisation can efficiently deliver the GDPR specified data subject rights for both customers and staff Information Processing Update the existing Incident Management process to ensure privacy/data security incidents are managed and any identified data breaches are reported effectively to ICO within 72 hours Data Breach Management Design and implement a process, tool and reporting mechanism to ensure privacy impact assessment is carried out for projects. Specify how Vitality will use customer data for analytics while complying with the GDPR requirements. Create and maintain a Single View of the Customer across the group companies Privacy by Design Big Data & Profiling Single Customer View Design and deliver training and communications to ensure staff are aware of their GDPR responsibilities pre and post May 2018 when the regulation takes effect.. Employee Training and Awareness Specify and deliver a group wide consent solution for new and existing business. Consent

8 Customer Trust & Transparency Process & Controls enhancements Marketing Communication Customer data and Partner Network 1. To support delivery of rights 1. Enhanced Marketing platform to manage Customer communications, supported by appropriate consent 2. Supported by a robust data management platform to create a single view of the customer 1. Vitality Value Statement 1.A Right of Subject Access 2.A Right of Correction 3. A Right to Prevent Damage or Distress (prevent processing) 4. A Right to Prevent Direct Marketing 5. A Right to Prevent Automatic Decisions 6. A Right of Complaint to the Information Commissioner 7. A Right to Compensation 2. Risk-based prioritisation and planning 2. Contract remediation for data clauses 3. ISO certification, enhanced Information security, encryption and anonymisation of data

9 Customer Trust GDPR will make us more trustworthy. We can demonstrate our integrity, our ethics and our values to our customers. Giving them the confidence that we will put them at the heart of what we do and that we will only do what is in their best interest - Vitality Group Head of Data Protection

10 How do you make the most of GDPR? Make data useful to yourself The member is everything! Make data useful and interesting to members Treat member data like it is your own