Innovation Stage - The future of data and the implications for insurance


Transforming the control and use of data to add value to customers and insurance companies.


Advert promoting the TINtech 2022 real world event



In the video Zohar presents his vision for transforming the control and use of data to add value to customers and insurance companies. The video covers:

  • Flipping the dynamics of data ownership & use into the hands of customers
  • How organisations can embed privacy, trust and control to build trust in their brands?
  • What are the implications for insurance?


Innovation Stage – The future of data and the implications for insurance

Zohar: Thank you everyone and good afternoon. My name is Zohar Hod and I'm the founder of One Creation. The story of One Creation actually starts with a personal story of mine - at age 11, my son was diagnosed with type one diabetes. Right after going to the hospital several times, we started getting a massive inflow of adverts related to his condition from medical device companies. I was really shocked and upset about that, so I wanted to do something about it and started mapping. Exactly where are the points that my son's data was leaking? It wasn't really leaking, but there were AI companies that basically tried to match conditions with addresses and found my son and managed to target him from a marketing perspective. That's wrong and I wanted to do something about it and hence created One Creation to help companies embed privacy through transparency and control and create trust for their brand. So basically, you know, the story starts where we realise that we don't really know too much about what's being done with our data, but we really care. Actually, only 3% of us think that we know what's being done with our data and companies realise that when people are faced with the privacy notice they, you know, they click. It's maybe less than a minute, less than a second. That means that they don't really know or care or it seems to care about what's being done with their data. But the statistics actually say otherwise. We do care about what's being done with our data. We just don't feel that we have control over it. So 96% of all Apple users have blocked at least one app since to download the new privacy features. That means that people do care at all ages, but you as companies have to deal with the overhead of this privacy changing. You have to deal with 120 different privacy laws, and you have to deal with a curve that's going from a regulatory perspective to towards giving much more control and sovereignty to your clients. So basically, this issue creates a little tension when you think about if you're the chief digital officer of the of the company, you're interested in bringing much more business insights into the corporation. You're if you're the CSR or chief security officer of the corporation, you're interested in finding how to control and protect the data that the Chief Digital Officer has been collecting. That tension creates a lack of trust both from the customer and internally. One Creation changes that by providing full transparency and control over where the customer's data is being used, under which conditions exactly controlling the consent that was collected from the customer all the way to preserving the privacy downstream. That tension, you know, could be solved by providing the customer with a trusted environment to share his data. So One Creation has decided to change the business model or to allow corporations to change the business model as it relates to collecting and sharing their customers most precious data. So here you can see that we're trying allowing the corporation, you can see the citizens view of our technology. This is an app that gets or a mobile library that gets installed inside your mobile environment and tells the client very clearly, what are we going to use your data for? How are we going to use the data for? Who are we going to share the data with, and most importantly, rewarding you with some sort of a value in this sort of in the notion of a trust token that's branded by the corporation just for your sharing of sensitive data. And in return the corporation can then started offering much better services, targeted services to its clients. Customers can actually remote destruct their data. They can set the timing on how the data is going to be shared and for how long. And after that time, the data will expire when the customer decides to opt out, that any time we actually cache that data and allow you to have a much more robust open banking environment where you can actually move not just your account information but your preferences as well from one organisation to another. So you as the organisation, what do you get for this? You basically get firsthand business insights, much better serve ability to provide better services to your organisation. Your brand increases tremendously in terms of the trust, which is a big, big crisis today in terms of our trust in brands. And finally, your company would become a lot more investable from an ESG score because on the G side, you're really maintaining a high secure environment for your clients data to be shared with internally and with partners. So it's a win-win situation both for the client and for you as the organisation. So if there's any questions further than that, please feel free to contact me at info at onecreation.com. I'll be happy to answer any queries.

Jeremy: Zohar that was a brilliant presentation. Thank you very much. A couple of questions spring to mind immediately. The first one been, what do you think the primary implications are for the insurance industry?

Zohar: So thank you, Jeremy. The basic notion here is, you know, the philosophy of who owns your data. And any industry, you know, that thinks currently that they're the owners of personal data for their customers. Behaviour revealed for the customers is taking the wrong approach because both the regulators and the technology itself is moving towards a self-sovereign model, which means I need to have a lot more control over my data. Companies need to take this liability and turn it into an opportunity, meaning privacy and the laws related to it can become an opportunity. Number one, give and be ahead of the regulation and give your clients more control over their data. It will immediately increase brand trust. And brand trust is a very important pillar of the insurance company. So from an operational perspective as well today, the fact that you are signing a privacy notice from some perspectives, companies might think that this is reducing their liability. But if you get hacked, there's no reduction of liability, actually, on average $1.6 billion just to deal with the hacking, not to talk about your reputational risk. So there is a lot of advantages to actually any industry to start moving more towards giving more skin in the game to their clients in relation to their data, meaning changing the business model as relates to that. Now let's think about, for instance, the previous show that we had here around digital claims. What we're seeing in digital claims is that the lot will be brought into the to the user to control, to upload documents, very sensitive documents. The relationship is starting to be peer to peer between you as the claim, the claim or and then the insurance company that deals with that. All of that includes private sensitive information. If you allow the customer to feel like he's in the centre of this of this process, customers will feel more trust trusting in the process. And you can also deal with less issues around misuse of customer data because it's all centralised, it's all encrypted, and the customer becomes the centre of the claim and the insurance company can become the arbitrator between different points of information that are coming towards that claim. I believe that that provides the insurance company a lot more information, the customer, the security that he can bring a lot of sources of data together without worrying. And it could be even your medical NHS data, for example, that you decided to share, but you are the one that decided to share and control that data. So he changes the whole, you know, perspective and business model as it relates to what the customer is for you as an insurance company.

Jeremy: Yeah. And so that's really interesting, and it brings me to my next question, which is around what you actually mentioned in the in the presentation around open banking. And I wondered how you felt about kind of this platform. Do you see it as an enabler of open insurance or how will it kind of what is its role going to be as we move into kind of that kind of ecosystem?

Zohar: As we look to the UK as being the leader in open banking and you know, a lot of the rules around open banking tried to form into one standardised API, I believe they call it the Berlin standard. And basically the problem of why open banking has not been adopted, let's say it at 100% in the UK market, but only 28% from what I heard last is because of the problem of trying to take your legacy technology and adhering it all into a new API standard. We also believe that the amount of data that you collect in the open API is just too account information. And yes, it does serve a great purpose. Saying it's similar to your phone number as you move between vendors to be able to take that with you. But what about your behavioural data? What about your preferences, your concerns and all of that? Why shouldn't that transfer between one vendor and another? We believe that in order to do that, it's going to be hard to just standardise on one API because concerns and behaviours are a lot more difficult to collect and standardised. And therefore this model allows you to actually give the client the ability at any time to opt out of all of the data that he's shared with you. Remote destruct the data that you share, you mean meaning the right to be forgotten under GDPR, a real right to be forgotten, and then the ability to cache that information and wait for your next decision of a vendor. That way, the new vendor automatically gets your behaviours, your patterns, your consents, and the old vendor is not liable for data that was remaining on his system because you were the one that decided to destroy it. So for us, it's a much better, a much more robust way of dealing with any open industry type of migration of data. Again, putting the customer at the centre of the data model.

Jeremy: I know. Final question was around kind of fraud, I suppose, and within insurance fraud is is an issue, obviously. And I wondered if somebody was able to put in a fraudulent claim and then wipe the data straight away. Whether that would pose a problem in the platform, would you say ... are the safeguards in there?

Zohar: Yeah. So the way that the platform works, it actually connects to the corporation's existing Active Directory, meaning we don't do the authentication of the client. That's a separate part of the business and we connect to the authentication and then authorised. There's a difference in the technical jargon that's called off and in off - we don't do the authentication, we do the authorisation. So once you've been authenticated, then we authorise which data pieces, including attributes, could the organisation use and then we encrypt those data so you could remote destructive. So we cannot solve the authentication problem if somebody is already went through your two factor authentication and managed to to mimic Jeremy, yes, he can theoretically destruct the data, but the notion of getting to Jeremy's data is all about is all about the benefits of, you know, you controlling it. And if somebody deleted your data, that's unfortunate, but it's not taking advantage of your data. The data doesn't reside within the identity, resides inside the corporation. So, yes, you can theoretically mimic Jeremy and then instruct the corporation to destroy Jeremy's data, but you're not getting any benefit as a hacker from that. So first of all, better authentication. I would recommend that everyone goes through multi-factor authentication, but once that authentication is done, we use cryptographic homomorphic encryption that is very, very difficult in terms of making sense of that data. So the data is always going to be encrypted. The rights to do forget it. Yes, you might be able to forget my data and delete Zohar from an insurance company. I just don't see the benefit from a hacking perspective that that any hacker can gain from just annoying annoyingly deleting your data. But generally, you know if all data is encrypted all the time that reduces the attack vectors does not increase.

Jeremy: Zohar - thank you ever so much for the presentation and answering those questions and look forward to seeing you at a future event.

Zohar: Thank you very much for your time and for the opportunity to speak to your audience.

Advert promoting the TINtech 2022 real world event

TIN youtalk weBlog Icon


Authored by myComply Co-Founder & Chief Operating Officer Neil Reddekopp and AXA XL Senior Construction Risk Engineer James Stengel