Chapter 19: Data

Question 1

What is personal data?

Answer 1

Personal data relates to information in respect of an individual where the individual can be identified, or where the data combined with other information could allow the individual to be identified.

Question 2

What are the 8 principles covering the lawful processing of personal information by individuals and companies in POPIA?

Answer 2

1. Accountability: The party responsible for processing the data is also responsible for compliance with POPIA
2. Processing limitation: Information must be processed in a fair, lawful and relevant manner, after consent is given by the data subject
3. Purpose specification: Personal information must be collected for a specific purpose. Record keeping to be destroyed when personal data is no longer relevant or authorised to be held
4. Further processing limitation: Further processing must be compatible with the initial collection purpose
5. Information quality: Data completeness, accuracy and updates to be ensured by holder of the data
6. Openness: Documentation to be maintained on all processing operations and maintaining transparency on data use
7. Security safeguards: Integrity and confidentiality of personal data must be secured and all processing done only by authorised operator.
8. Data subject participation: The data subject may request confirmation of personal data held and request correction or deletion of any inaccurate, misleading or outdated information held.

Question 3

What are some of the competition laws which may also limit the uses to which data can be put?

Answer 3

1. Anti-competitive agreements - e.g. data could be shared among a small number of companies to fix prices in a particular market
2. Abuse of dominant market position - e.g. imposing unfair trading terms, such as exclusivity.

Exclusivity means imposing restrictions on the use of a product originator’s data to approve new products.

The consequences of non-compliance with competition laws, include:
* Fines
* Awards for damages
* Disqualification of company directors

Question 4

What are some examples that might count as “sensitive personal data”?

Answer 4

Sensitive personal data can include information related to:
* Racial or ethnic origin
* Political opinions
* Religious or other similar beliefs
* Membership of trade unions
* Physical or mental health condition
* Sexual orientation
* Convictions, proceedings and criminal acts

Question 5

Give some examples of circumstances when sensitive personal information may be legitimately processed

Answer 5

1. The data subject has given explicit consent
2. It is required by law for employment purposes
3. It is needed in order to protect the vital interests of the individual or another person
4. It is needed in connection with the administration of justice or legal proceedings

Question 6

State the characteristics of “big data”

Answer 6

Big data can be characterised by:
* very large data sets
* data brought together from different sources
* data which can be analysed very quickly - such as in real time

Question 7

What is “big data analytics”?

Answer 7

“Big data analytics” is the process of analysing the large data sets to uncover patterns, trends, correlations and other details that can be used to inform decision-making within the organisation.

Question 8

State the 4 risks to a company not having adequate data governance procedures

Answer 8

1. Legal and regulatory non-compliance
2. Inability to rely on data for decision making
3. Reputational issues, leading to loss of business
4. Incurring additional costs such as fines and legal costs

Question 9

Define “data governance” and list the guidelines that a data governance policy may cover

Answer 9

Data governance is the term used to describe the overall management of the availability, usability, integrity and security of data employed in an organisation.

A data governance policy is a documented set of guidelines for ensuring the proper management of an organisation’s data

A data governance policy will set out guidelines with regards to:
1. The specific roles and responsibilities of individuals in the organisation with regards to data
2. How an organisation will capture, analyse and process data
3. Issues with respect to data security and privacy
4. The controls that will be put in place to ensure that the required data standards are applied
5. How the adequacy of controls will be monitored on an ongoing basis with respect to data usability, accessibility, integrity and security
6. Ensuring that the relevant legal and regulatory requirements in relation to data management are met by the organisation.

Question 10

What are examples of risks associated with using data?

Answer 10

1. Data might contain errors or omissions, which leads to erroneous results
2. Insufficient historical data, leading to a lack of credibility
3. There may be insufficient data to provide a credible estimate of a risk in very adverse circumstances.
4. Using data from other sources carries the risk of not being a sufficiently good proxy for the risk.
5. Historical data may not be a good reflection of future experience.
6. Homogenous groups are too small for credibility or to obtain credibility merge groups, but then groups lack homogeneity
7. Data is not in the appropriate form for the purpose required.
8. If data is collected for a purpose, it is not appropriate for a different purpose
9. A lack of confidence in the data reduces the confidence in an actuary’s conclusions.

Summarised:
* The data are inaccurate or incomplete
* The data are not credible due to being of insufficient volume, particularly for the estimation of extreme outcomes
* The data are not sufficiently relevant to the intended purpose
* Past data may not reflect what will happen in the future
* Chosen data groups may not be optimal
* The data are not available in an appropriate form for the intended purpose.

Question 11

What is “Algorithmic trading”?

Answer 11

Algorithmic trading is a form of automated trading that involves buying or selling financial securities electronically to capitalise on price discrepancies for the same stock or asset in different markets.

Question 12

What are the risks involved with algorithmic trading?

Answer 12

1. Erros in the algorithm or data used to parameterise the model, leading to losses
2. The algorithm may not operate properly in adverse conditions
3. In very turbulent conditions, trading in individual stocks or markets may be suspended before algorithmic trade can be completed
4. Possible impacts on the financial system - failure of one market could impact other markets and asset classes.

Question 13

List the main sources of data

Answer 13

TRAINERS

• Tables
• Reinsurers
• Abroad (data from overseas contracts)
• Industry data
• National statistics
• Experience investigations on the existing contract
• Regulatory reports and company accounts
• Similar contracts

Question 14

What is the overriding principle in relation to all the different uses of data?

Answer 14

There should be one single, integrated data system so that the data used for different applications is consistent

Question 15

What are the advantages of using one single, integraded system for data?

Answer 15

1. There is a reduced chance of existing data being corrupted
2. There is a reduced chance of inconsistent treatment of information, between products or over time
3. There is likely to be a better level of control over those who may enter information or amend information
4. Information will be easier to access, as it will not involve collating information from several systems
5. Time will not need to be spent reconciling data from different systems

Question 16

What are some of the problems arising due to heterogeneity from industry-wide data?

Answer 16

• Companies operate in different geographical or socio-economic sections of the market
• The policies sold by different companies are not identical
• Sales methods are not identical
• The companies will have different practices, e.g. underwriting or claim settlement standards
• The nature of the data stored by different companies will not always be the same
• The coding used for the risk factors may vary from organisation to organisation.

Question 17

What other problems may arise with industry-wide data?

Answer 17

• The data will usually be less detailed, or less flexible, than those available internally
• External data are often much more out of date than internal data
• The data quality will depend on the quality of the data systems of all of its contributors
• Not all organisations contribute, and the organisations that do conribute are not representative of the market as a whole

Question 18

What are the 2 main factors that cause data to be of poor quality and quantity?

Answer 18

1. Poor management control of data recording and checking
2. Poor design of data systems

Question 19

How can good quality data be ensured from an insurance proposal and claims form?

Answer 19

1. Questions should be well designed and unambiguous so that full information is given and so that applications / claims can be easily processed
2. Use question with quantitative or tick-box answers wherever possible
3. Questions should be in the same order as the input into the administration systems, for quick processing of applications / claims
4. Ask the policyholder to verify the key information
5. All rating factors should be readily indentifiable so that the composition of the final premium can be determined
6. Underwriting results should be added to the proposal form
7. Forms should be designed so that information can be easily analysed, and cross checks made between the two sources

Question 20

Why is it important, at the time of the claim, to have access to the information given on the proposal form?

Answer 20

1. To check the validity of the claim
2. To update policy information

Question 21

Why is it important that the insurance company retains a past history of policy and claim records?

Answer 21

Past records must be held since future data analysis is likely to look at several years of records in order to have sufficient credible data

Question 22

What is the key problem with data for employee benefit schemes?

Answer 22

The actuary may not have full control over the data available

Question 23

Outline the checks that can be done on data

Answer 23

1. Verifying current data: Any equivalent data used when previously valuing benefits will be useful to the actuary as it will enable reconciliations to be performed that help to indicate the validity of the current data
2. Use of accounting data: This will provide information about the total value of the assets held and perhaps information relating to recent benefit outgo and premium / contribution income. This information will be useful in verifying other data or in considering the assumptions to be used.
3. Asset data: To place a value on assets that is reliable and consistent with a value placed on future benefits, it is necessary to obtain a full listing of the individual assets held. These individual holdings should then be checked to determine whether they are permitted or are subject to valuation restrictions imposed by regulation or legislation.

Question 24

What are some assertions that an actuary will make and check about the data?

Answer 24

• That a liability or asset exists on a given date
• That a liability is held or an asset is owned on a given date
• That when an event is recorded, the time of the event and the associated income or expenditure are allocated to the correct accounting period
• That the data is complete, i.e. there are no unrecorded liabilities, assets or events
• That the appropriate value of an asset or liability has been recorded

Question 25

How can these assertions then be checked?

Answer 25

Possible checks could include: * Reconciliation of the total number of members / policies and changes in membership / policies, using previous data and movement data * Reconciliation of the total benefit amounts and premiums and changes in them, using previous data and movement data * The movement data should be checked against any appropriate accounting data, especially with regard to benefit payments * Checks should be made for any unusual values, such as impossible dates of birth, retirement ages or start dates * Consistency between salary-related contributions and in-payment benefit levels indicated by membership data and the corresponding figures in the accounts * Consistency between the average sum assured or premium for each class of business should be sensible, and consistent with the figure for the previous investigation * Consistency between investment income implied by the asset data and the corresponding totals in the accounts * Where assets are held by a third party, reconciliation between the beneficial owner's and the custodian's records * Full deed audit for certain assets, such as checking the title deeds to large real property assets * Consistency between shareholdings at the start and end of the period, adjusted for sales and purchases, and also bonus issues, etc. * Random spot checks on data for individual members / policies or assets

Question 26

What are the main circumstances in which ideal data is not available?

Answer 26

* There is insufficient volume of relevant data to be credible * There is insufficient detail captured within the data, i.e. the data available are not in an appropriate form for the intended purpose

Question 27

Discuss the usage of summarised data

Answer 27

When valuing benefits it may be appropriate to use summarised data instead of detailed membership data in some circumstances. However, it should be recognised that the reliability of the values will be reduced, as full validation of the data will be impossible. Additionally, the summarised data may miss significant differences between the nature of benefits that have been grouped together. It is also unlikely that summarised data could be used to value options or guarantees that may or may not apply on an individual basis. Summarised data is therefore only suitable if such inaccuracy is recognised by the users of the results of the calculations.