In the 1990s, large insurers kept their pertinent record-keepinginformation in folders filed away in huge cabinets lined up at theend of the office.

In those days, insurers were able to destroy their documents — typically the lawwould allow for their destruction after a five to seven-yearperiod.

But even if a lawsuit was presented during this period,discovery would be limited to the files a carrier could produce athand, since there was no way to trace any other form of papertrail.

Related: Discoverability of attorney-generated documents ininsurance

This problem created huge discovery sanctions and increaseddefense costs for the insurer. When a carrier wasn't able toproduce records, the court could sanction them, and by default,might find the carrier in the wrong in any given lawsuit.

Information storage: Then and now…

Litigation in the e-discovery era has hitinsurers hard in terms of fees and costs.

But the use of advanced data management tools has allowedinsurers access to more efficient ways to electronically file andrecord their documentation.

In 2007, the federal rules regarding e-discovery required thepreservation and producing of e-mails and any other ElectronicallyStored Information (ESI) to be available through the litigationdiscovery process.

This started a snowballing challenge for the insurance industry,because stored data needed to be available andsearchable.

Recent case laws have increased the obligation of a plaintiff ordefendant to preserve documentation in pending lawsuits. These canbe emails, text messages, word documents, spreadsheet reports andany data filing and maintenance software that the insurer uses.

Anyone in the tech world knows that once something is submitted electronically, it canbe retrieved but cannot be deleted. Many insurers have seenhuge costs in dealing with e-discovery requirements. Thus, theirtechnology requirements have increased their financialresponsibilities.

But eventually, once they improve their data management systems,these costs should start to decline, helping also to reduce costlydefense expenses and prevent potential sanctions andspoliation.

Related: 5 big cybersecurity lessons to learn from theEquifax data breach

According to a recent article in Bloomberg BNA, the issues and legal disputesaround preservation of ESI have been in the spotlight for severalyears, and laws around this are still in the development stage.

Insurer insights

Here, I want to discuss some best practices for the insurer to help reducethese defense costs, but first a bit of background.

Most people in insurance are aware that E-discovery is theupdated, automated electronic version of pulling files to support alegal claim.

Instead of paper files filled with contracts andother documents bearing “wet” signatures, however, e-discoveryfeatures a digitized version of these files, with infinitely easierand deeper accessibility.

This innovation has emerged as an area where manyinsurance organizations are examining their processes and ITsystems to reduce costs and make budgeting more predictable. It canalso prevent a significant portion of unexpected litigationcosts.

Being able to cut costs should be a priority for insurers, butbecause it requires heavy investment in expensive technology,insurers are slow to take advantage of it. So carriers first needto understand their role in compliance data management.

The most recent and important compliance law enacted in theUnited States was the Patriot Act of 2001, which came in responseto the terrorist acts of September 11, 2001. The Patriot Actallowed the government the right to force companies to provide dataas an essential part of their investigations, and the data could beheld indefinitely. This caused an uproar from consumers about theabuse of their privacy, and since 2005 many lawsuits have beenfiled against the Patriot Act, declaring it unconstitutional. Todate, Congress is still trying to keep parts of the Act alive.

But since 2001, how successful have congressional reform actsbeen at reducing security control and corruption in how informationis stored and reported? According to Westlaw: There is no single, comprehensivefederal law — nor even a general one — regulating the collectionand use of personal data.

So the U.S. is at the mercy of a ragtag assemblage of federaland state laws that can overlap, agree, or contradict eachother.

Related: GDPR noncompliance poses a real insurancerisk

Without proper congressional acts, technology companies havecome to rely heavily on best practices — industry-specificguidelines — to determine how best to collect data and preserveit.

Steps toward successful e-discovery

The information that is routinely asked for in e-discovery forlawsuit support are many of the same datapoints that carriers are already in the process of automating.

An insurance company might need to pull any or all of thefollowing information:

• Contracts between agent and carrier
• That your agent was licensed
• That your agent was appointed for the state in question
• A declaration page or policy in its entirety
• Any emails or correspondence
• Anything that was used to make a claim about a product ordescribe it
• Marketing materials
• Applications for coverage signed by the client
• DOL disclosure of commission (for FINRA)

With that roundup, it's easy to see that once all those filesare digitized, the key issue becomes storing it all and being ableto access it at will.

Carriers can take steps toward better and easier handling andstorage of their data, first by ceasing manualprocesses of current documentation handling — those grey filingcabinets we discussed at the beginning of this article.

They can do this, first, by making the investment in internaldata management tools that have built in security processes. It's abig decision but, as time has shown, the data only gets morecomplicated and unwieldy with time, not less, and the insuranceindustry is heavily reliant on up-to-date data. Most carriers firstneed to figure out how to store their old records, unless they'vereached the statute of limitations and the originals can bedestroyed. Many companies just store them physically, but a betterapproach down the line is to have all those folders scanned andthus digitized.

Next, carriers should evaluate their IT Infrastructure and solutions, and begindeveloping retention policies on how data will be retrieved,preserved, collected and analyzed. With new data managementsoftware, you can compartmentalize the data, with multiple ways oftracking it including by the date the contract was signed, or bythe date of a claim that falls within that policy period. Carrierscan set this up in any way that's familiar and the easiest for themto track it, using a code, or alphabetical order, or by a contractor client name.

Related: 5 questions and answers about litigationholds

Using these data management systems, companies will need toimplement appropriate data preservation and management standards,in anticipation of any possible future litigation. This will smoothand ease the process of e-discovery when it happens. And to dothis, one best practice is to designate and identify the role of astaff person to lead an e-discovery team in responding toe-discovery requests. This person would then be responsible for theorganization's e-discovery infrastructure.

Challenges for compliance datamanagement

Of the many challenges facing compliance datamanagement, one of the largest is data retention. New laws areconstantly being passed that require data to be retained for longerperiods of time. But any law regarding data retention firstrequires companies to have technological systems in place tomonitor the retention of these records. Do we, asconsumers, expect our data to remain in a system for longer periodsof time?

Some companies have failed to consider that consumers may preferto have their data removed as soon as possible. Data retention lawsand regulations require companies to retain records far in excessof what is necessary for business operations.

The reason, according to lawmakers, is to improve security.Simply explained, this allows our government to have access torecords that may be used to provide law enforcement agencies withthe information they need to find and convict criminals.

The compliance data management industry needs to carve out abetter role in finding ways to store and protect data. In a societythat has grown to rely on software, this technology has provided uswith a false sense of security.

So in a way, technology itself has contributed to the need forbetter compliance data management approaches.

Technology companies still have a long way to go in figuring outhow to keep our data safe. And insurance carriers and techcompanies alike need to take the necessary steps to manage datamore efficiently, instead of waiting for Congress to provide theanswers.

Most importantly, we need the capability to balance the types ofdata we're required to retain for sake of defense and cost inlawsuits, while ensuring that consumers feel some sense ofsecurity. It's a tall order.

Gloria Camacho is Licensing and Compliance Managerat VUESoftware, where she reviews regulatory mandates and advises oncompliance strategies. She can be reached at [email protected].

The opinions expressed here are the writer's own.

See also:

Your mandate: Embrace, leverage insurance dataanalytics

Insurers with EU clients face workflow challengesunder GDPR