The sensitive nature of the data
Due to the sensitive nature of the data they collect, insurance companies are subject to strict data protection regulations, often more so than other businesses. Under the EU’s General Data Protection Regulation (GDPR), a significant chunk of the customer data they need to collect for insurance purposes is part of its special category data. In the US, a lot of insurance data falls under the scope of specialized laws such as the Health Insurance Portability and Accountability Act (HIPAA), the Graham-Leach-Bliley Act (GLBA) or Sarbanes-Oxley Act (SOX). These regulations bring with them considerable fines in case of noncompliance.