IRDA mandates insurance data to be held within India

It is reported that the Insurance Regulatory and Development Authority of India (IRDA) has mandated that the Indian Insurance companies should store all critical customer data in domestic servers within the next 3 to 6 months. (See article here)

This would mean that many of the Insurance companies which have joint ventures and are storing their data in foreign servers (or on the cloud) will now be required to set up new data centers in India so that Customer data does not move out of India.

It is expected that this move would require substantial investments from these insurance companies such as Tata AIG, Bharti AXA, ICICI Lombard, Birla Sunlife, Bajaj Alliance etc.

The decision follows the issue of the Outsourcing guidelines which inter alia indicate the following norms.

According to the guidelines, only Indian companies can be the outsource agents though there is a provision to approve any other authority that may be approved by IRDA.

The guidelines also suggest that the Insurance company has to ensure that the outsourcing agency has adequate information security measures and also conduct periodical audit of the outsourcing arrangement.

A detailed guideline of the clauses that the outsourcing contract must have has also been indicated in the exposure draft.

Though the guideline only reiterates some of the known principles of Information security for management of outsourcing agencies which are already in place in case of other regulated industries such as the Banks, it brings in a new focus on the Insurance companies and the need for storing the data within India.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

1 Response to IRDA mandates insurance data to be held within India

  1. Pingback: Do you Need a Hosting Company in India? - WP-Tweaks

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.