Insurance Contracts CP - Law Reform Commission
Insurance Contracts CP - Law Reform Commission
Insurance Contracts CP - Law Reform Commission
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
in Coleman accords with data protection law, there are other situations where the ‗disconnects‘ between<br />
privacy considerations and contract law are more evident.<br />
1.14 Take the possible dilemma facing Mrs Lambert in the English case Lambert v Co-operative<br />
<strong>Insurance</strong> 8 . While on the facts of Lambert the issue of disclosure did not arise because Mrs Lambert did<br />
not consider it relevant, the point is this: should the disclosure be made, even if the personal data relates<br />
to a third party? Data protection law, especially rules 1 to 4, are probably relevant but, at an intuitive<br />
level, one could be excused for seeing the privacy consideration as being somewhat artificial.<br />
Nevertheless, it is possible to envisage cases where a previous conviction would not be disclosed, on<br />
privacy grounds, the effect being that the insurance policy might be avoided. While a Spent Convcitions<br />
Act 9 might answer this situation, the same may not be true of other sensitive personal data material such<br />
as health conditions or sexual history. The leading English decision on this is undoubtedly Horne v<br />
Poland, 10 in which an insurer was able to avoid payment on a burglary insurance policy on the basis that<br />
the proposer had failed to declare that he was born in Romania and had lived there until his teens,<br />
matters of importance to an underwriter assessing risk apparently.<br />
1.15 The decisions of the Data Protection <strong>Commission</strong>er also demonstrate how the data protection<br />
principles may cut across insurance contract law. Case Study 2 of 1999 for example 11 illustrates the fact<br />
that breach of any implied contractual duty of confidence in relation to personal data will also constitute a<br />
breach of the security principle (rule 4 above). Case Study 1 of 2001 also censored an insurer that<br />
collected irrelevant data on the marital status of a person seeking motor insurance, 12 and Case Study 8 of<br />
2009 also drew attention to an insurer collating excessive information on penalty points imposed on<br />
drivers. There are also situations where the sharing of personal data with trade bodies or other insurers<br />
may be problematical. Such practices were held by the Data Protection <strong>Commission</strong>er, in a decision<br />
relating to disclosure to the <strong>Insurance</strong> Industry Federation (IIF) of personal data on health insurance<br />
applicants, to be understandable from the insurer‘s perspective, but the <strong>Commission</strong>er felt that ―explicit<br />
consent‖ to disclosure of medical data should be the necessary standard, albeit at the cost of having any<br />
proposal declined or the contract avoided, should the proposer fail to make the disclosure. 13<br />
1.16 These matters have led the Data Protection <strong>Commission</strong>er, in consultation with the insurance<br />
industry, to formulate the Code of Practice on Data Protection for the <strong>Insurance</strong> Sector. Many of the<br />
requirements set by the code have a direct impact on data capture requirements and recalibrate the<br />
existing balance vis-à-vis the duty of disclosure, for example, further undermining the notion that the onus<br />
lies upon the proposer to volunteer information unprompted by the insurer.<br />
1.17 The fair obtaining and processing principle (rule 1) is said to require the insurer, on an<br />
application form, to, inter alia, advise the ―applicant‖ about the purpose of collecting the data, to whom it<br />
may be disclosed and any other relevant information necessary to ensure that all processing meets the<br />
requirements of fair processing. This obligation is reinforced by a requirement that insurers have a<br />
written privacy policy ―setting out clearly for what purposes personal data is processed‖, a privacy<br />
statement also being required for any insurer website. Rule 1 also has further implications should an<br />
insurance company as a matter of course seek personal data about an applicant from a third party, such<br />
8<br />
9<br />
10<br />
11<br />
12<br />
13<br />
[1975] 2 Lloyd‘s Rep. 485. In this case, the Court of Appeal ―reluctantly‖ held in favour of the insurer in the<br />
context of an policy for ―all risks,‖ because the proposer failed to reveal that her husband had been convicted<br />
of receiving stolen goods (McKenna J noting at p.191 that ―[s]he is not an underwriter‖).<br />
See <strong>Law</strong> <strong>Reform</strong> <strong>Commission</strong>, Report on Spent Convictions (LRC 84-2007). The Government Legislaton<br />
Programme, Autumn Session 2011 (September 2011), available at www.taoiseach.ie, proposes to publish a<br />
Spent Convictions Bill in 2012. The issue is discussed further below.<br />
[1922] KB 364.<br />
Case studies are found in the Annual Reports of the Data Protection <strong>Commission</strong>er and can be found also at<br />
www.dataprivacy.ie.<br />
But see Dunn v Ocean Accident and Guarantee Corporation (1933) 45 Lloyd‘s Rep 276 where concealment of<br />
marital status was deemed concealment of a material fact.<br />
Case Study 13/2006.<br />
12