IRDAI urges insurance firms to establish social media guidelines for employees

• ByStartupStory     |    May 1, 2023

To prevent the dissemination of unverified or confidential information via social media platforms, the Insurance Regulatory and Development Authority of India (IRDAI) has directed insurance firms to establish social media guidelines for their staff. The IRDAI notes that an organisation’s reputation is closely tied to the conduct of its workers and advises that social media be used in a manner that benefits the company’s operations.

The IRDAI has mandated all insurance companies to adhere to the Information and Cyber Security Guidelines, which include a section on the “Acceptable usage of social media.” The guidelines prohibit employees from sharing unverified or confidential information on “any Blogs/Chat forums/Discussion forums/Messenger sites/Social networking sites.” The IRDAI emphasises that social media should be used in a manner that benefits the company’s business operations and advises insurers to establish social media guidelines for their staff.

The IRDAI’s Information and Cyber Security Guidelines prohibit employees from disseminating any information received, accessed, or obtained via official or personal mail or any other means on social media without prior approval from the compliance team and corporate communication team. 

The guidelines advise against using media forums to report service faults or file complaints. The IRDAI emphasises the importance of using social media to benefit the organisation’s business operations and recommends that insurers establish social media guidelines for their staff.

In its Information and Cyber Security Guidelines, the IRDAI directs insurance companies to include a visible disclaimer in any personal internet postings or communication that implies the employee is affiliated with the organisation. The disclaimer should indicate that “the postings on this service are my own personal views and not those of the organisation and are not intended to be interpreted as such.” 

The guidelines warn that an individual’s personal image projected on social media can have an impact on their reputation and may also affect the reputation of the organisation. The guidelines prohibit any critique or comment on the company or its business on personal websites or social networking platforms.

The IRDAI emphasises the importance of implementing an Information and Cyber Security Policy (ICSP) to safeguard an organisation’s critical data and information assets from unauthorised disclosure, modification, destruction, delay, or misuse. The policy should establish clear responsibilities and goals for ensuring consistent and appropriate protection of information assets, including data or information recorded in various systems, as well as the systems themselves. By implementing an ICSP, the risk of data breaches and other cyber threats can be mitigated.

The IRDAI has extended the social media guidelines to all insurers, including foreign re-insurance branches and intermediaries operating under its regulation. The regulator had initially issued guidelines for Information and Cyber Security for insurers in 2017, which were subsequently extended to intermediaries in 2022. 

With the rise in cyber security incidents and the growing adoption of digital technologies, the IRDAI has revised the guidelines to establish a governance mechanism that enables the insurance industry to enhance its defences and deal with emerging cyber threats more effectively.

Follow Startup Story