The CII has launched a Best Practice Guide relating to requests made under section 29(3) of the Data Protection Act. Section 29(3) allows entities to share data with a third party to prevent and detect financial crime within the insurance industry. The Best Practice Guide sets out industry best practice for making and responding to requests made under section 29(3). Issuance of the guidance follows two years of work with the Insurance Fraud Bureau (IFB), and the IFB will administer the guidelines going forward.

Alongside the Best Practice Guide, the CII has issued a press release which sets out certain things which entities agreeing to embrace the model must do. In particular, entities must ensure that requests are made by employees only where necessary and appropriate, ensure that due consideration is given to requests received, provide a detailed response to the requestor in circumstances where the entity is unwilling to disclose personal data, ensure that staff are appropriately trained in respect of section 29(3), and ensure that a representative attends and participates regular forums to be held by the IFB.

A copy of the Best Practice Guide can be found here:https://www.insurancefraudbureau.org/media/1091/best-practice-guidance-version-5-0.pdf.