In short
On 11 March 2025, the Insurance coverage Fee (IC) and the Nationwide Privateness Fee (NPC) issued Joint Advisory No. 2025-001 (“Joint Advisory“), or Issues on the Use of Privateness Enhancing Applied sciences (PETs) within the Insurance coverage Trade.
The Joint Advisory values the adoption of PETs within the insurance coverage trade, which can complement present privacy-preserving practices to mitigate information privateness dangers and guarantee safety of private information processed by private info controllers (PICs) and private info processors (PIPs).
The Joint Advisory applies to insurance coverage suppliers, insurance coverage and pre-need firms, well being upkeep organizations, mutual profit associations, their respective brokers, brokers, adjusters, intermediaries, all different entities underneath the regulatory management and supervision of the IC, and PIPs of the foregoing entities.1
I. Definition and classes of PETs
PETs are outlined as follows:
A set of digital applied sciences, approaches and instruments that let information processing and evaluation whereas defending the confidentiality, and in some circumstances additionally the integrity and availability, of the information and thus the privateness of the information topics and business pursuits of PICs.2
PETs could also be categorized as follows:3
- Knowledge obfuscation instruments, resembling anonymization, pseudonymization, artificial information, differential privateness and zero-knowledge proofs
- Encrypted information processing instruments, resembling homomorphic encryption, multiparty computation and trusted execution environments
- Federated and distributed analytics, resembling federated studying and distributed analytics
- Knowledge accountability instruments, resembling threshold secret sharing and private information shops
II. Obligations in relation to using PETs
The next obligations apply when a coated entity makes use of PETs:
- It should be sure that its use of PETs is compliant with the Knowledge Privateness Act, is Implementing Guidelines and Laws, and the issuances of the NPC (collectively, “Knowledge Privateness Laws“). PICs are answerable for the processing of private information utilizing PETs, together with cases when the processing is outsourced or subcontracted to a PIP.
- It should guarantee steady compliance with its personal obligations underneath the Knowledge Privateness Laws, resembling, however not restricted to, implementing affordable and applicable safety measures, registration of the information processing system(s) with the NPC (if relevant), and compliance with guidelines on private information breach administration, together with breach notification.
- Previous to the adoption of PETs and thereafter as could also be essential, it should conduct a privateness affect evaluation on the information processing system.
- It could take into account trade requirements and finest practices, technical compatibility, prices, and effectivity in assessing which PETs are most fitted for its enterprise functions. A coated entity might make the most of multiple PET.
Purchasers coated by the Joint Advisory are suggested to be aware of the concerns and obligations when choosing and/or adopting PETs within the processing of private information.
Quisumbing Torres’ Mental Property, Knowledge and Know-how Apply Group could also be reached for additional info on the Joint Advisory.
1 Part 1, Joint Advisory.
2 Part 3, Joint Advisory.
3 Part 3, Joint Advisory.
* * * * *
Please contact QTInfoDesk@quisumbingtorres.com for inquiries.
In short
On 11 March 2025, the Insurance coverage Fee (IC) and the Nationwide Privateness Fee (NPC) issued Joint Advisory No. 2025-001 (“Joint Advisory“), or Issues on the Use of Privateness Enhancing Applied sciences (PETs) within the Insurance coverage Trade.
The Joint Advisory values the adoption of PETs within the insurance coverage trade, which can complement present privacy-preserving practices to mitigate information privateness dangers and guarantee safety of private information processed by private info controllers (PICs) and private info processors (PIPs).
The Joint Advisory applies to insurance coverage suppliers, insurance coverage and pre-need firms, well being upkeep organizations, mutual profit associations, their respective brokers, brokers, adjusters, intermediaries, all different entities underneath the regulatory management and supervision of the IC, and PIPs of the foregoing entities.1
I. Definition and classes of PETs
PETs are outlined as follows:
A set of digital applied sciences, approaches and instruments that let information processing and evaluation whereas defending the confidentiality, and in some circumstances additionally the integrity and availability, of the information and thus the privateness of the information topics and business pursuits of PICs.2
PETs could also be categorized as follows:3
- Knowledge obfuscation instruments, resembling anonymization, pseudonymization, artificial information, differential privateness and zero-knowledge proofs
- Encrypted information processing instruments, resembling homomorphic encryption, multiparty computation and trusted execution environments
- Federated and distributed analytics, resembling federated studying and distributed analytics
- Knowledge accountability instruments, resembling threshold secret sharing and private information shops
II. Obligations in relation to using PETs
The next obligations apply when a coated entity makes use of PETs:
- It should be sure that its use of PETs is compliant with the Knowledge Privateness Act, is Implementing Guidelines and Laws, and the issuances of the NPC (collectively, “Knowledge Privateness Laws“). PICs are answerable for the processing of private information utilizing PETs, together with cases when the processing is outsourced or subcontracted to a PIP.
- It should guarantee steady compliance with its personal obligations underneath the Knowledge Privateness Laws, resembling, however not restricted to, implementing affordable and applicable safety measures, registration of the information processing system(s) with the NPC (if relevant), and compliance with guidelines on private information breach administration, together with breach notification.
- Previous to the adoption of PETs and thereafter as could also be essential, it should conduct a privateness affect evaluation on the information processing system.
- It could take into account trade requirements and finest practices, technical compatibility, prices, and effectivity in assessing which PETs are most fitted for its enterprise functions. A coated entity might make the most of multiple PET.
Purchasers coated by the Joint Advisory are suggested to be aware of the concerns and obligations when choosing and/or adopting PETs within the processing of private information.
Quisumbing Torres’ Mental Property, Knowledge and Know-how Apply Group could also be reached for additional info on the Joint Advisory.
1 Part 1, Joint Advisory.
2 Part 3, Joint Advisory.
3 Part 3, Joint Advisory.
* * * * *
Please contact QTInfoDesk@quisumbingtorres.com for inquiries.
