It’s no secret that data privacy and security are becoming increasingly important for both the major and minor participants in today’s hyper-connected world. Google, for one, was recently under fire for allegedly deceiving users about location tracking - and we can add that to a slew of other renowned allegations against tech giants for violating consumer privacy laws.
Within the automotive space, the rise of connected and automated cars and more advanced usage-based insurance programs, for example, have led to consumer concerns and emerging data privacy regulations for OEMs.
But Deloitte’s 2022 insurance industry outlook suggests that this pandemic presents an opportunity for carriers (and, might we add, their network of tech partners and providers) to strengthen stakeholder trust by being more transparent around customers’ data.
“On a more fundamental level, many carriers can consider taking steps to bolster trust among stakeholders to boost retention and profitability. This might be achieved in part through greater transparency in how insurers collect and utilize personal data.” - Deloitte, 2022
As a trusted tech partner for insurers, we couldn’t agree more. So we’re honing in on how Zendrive shares, collects, and stores data, and how that benefits our customers and partners - particularly the app publishers who are part of our Insurance Qualified Leads (IQL) program.
Data privacy and security are paramount to Zendrive’s Mobility Risk Intelligence platform, which handles massive amounts of driver data.
Our platform architecture is built to keep data safe - we use one of the largest and most secure cloud platforms available and regularly benchmark our data security protocols against industry best practices. To really understand data security at Zendrive, let’s look under the hood.
Zendrive’s SDK begins data collection based on a small sample provided by the customer. All data processing takes place within your mobile application, which integrates with our SDK. Data is then uploaded to Zendrive’s cloud server without any personally identifiable information like email, name, or phone number.
Zendrive uses Amazon Web Services (AWS). Data collected via our SDK is stored in the regionally appropriate AWS hub in the US. We can accommodate all data residency requirements for our international customers. It’s important to note that only the data collected by our SDK is stored on our AWS servers, which benefit from top-tier data protection (AICPA SOC, GDPR, and CCPA compliance).
To receive data from Zendrive, customers (who are not using our white-labeled application) have two options. They may opt to receive data instantaneously from the mobile application or from a webhook that connects our AWS cloud server directly to your back-office systems.
Zendrive’s Insurance Qualified Leads (IQL) program involves an extensive network of insurers and app publishers with tens of millions of users. These app publishers send digital prompts to their users who meet specific criteria (determined by the insurer), asking them to participate in a test drive experience that, based on their Zendrive score, would potentially lead to substantial savings on their auto insurance.
Of course, all of Zendrive’s partners and customers can benefit from our above explanation of how we collect, store, and share data. But how do our policies and procedures directly benefit app publishers in our IQL network?
Zendrive doesn’t collect or store PII or any other data without the app publisher’s, or user’s explicit permission; we are contracted specifically by the publisher to handle their data if requested.
Zendrive utilizes an internal driver ID that is not tied to any user-level data outside of their driving behavior. By doing this in a privacy-centric way, we are able to perform our comprehensive driver safety and risk analyses without collecting any PII.
When prompting users to participate in test-drive experiences, Zendrive always requires that users opt-in for the program.
For a quick refresher, different countries and regions have specific “opt-in” or “opt-out” legal frameworks, or regimes, which significantly affect the data value exchange between consumers and companies. While both opt-in and opt-out regimes determine consent status, “under an opt-in regime, consumers are opted-out by default and must take action to opt-in prior to data collection,” writes data privacy expert Lauren Kaufman. On the contrary, data collection occurs automatically under opt-out regimes.
Zendrive clearly asks users to opt-in for test drives, with the tangible incentive being the win-win-win IQL program: insurers acquire preferred risk, app publishers benefit from increased retention and revenue, and drivers get better, fairer insurance rates.
The Zendrive SDK uses edge-based computing. Edge computing is “the practice of capturing, storing, processing, and analyzing data near the client, where the data is generated, instead of in a centralized data-processing warehouse.”
The SDK, therefore, keeps most of the algorithms and AI models running locally on the smartphone itself and does not require constant network connectivity during a trip.
With growing consumer confidence around controlling personal data and the simultaneous expansion of the connected world, comes the opportunity for companies - from publishers to tech providers to insurers and beyond - to build trust with their customers and gain a competitive advantage.
That starts with asking for consent to collect data and continues with keeping promises to keep data private and secure, to only collect and store what’s necessary, and much more.
“Consent is the key to unlocking the use of data, and as a first step, [we] must provide well-designed consent experiences and privacy dashboards. But, for these investments to translate into sustainable competitive advantage, [we] need to look beyond mechanics and the ‘value exchange,’ ensuring users get perceived fairness and respect alongside the provision of on/off toggles.” - Chad Wallen, IAPP
For most forward-thinking companies looking to collaborate with fellow ‘data collectors’, achieving this means moving forward with the right strategic tech partner that puts data protection at the core of each of their solutions.