IRDAI asks insurance companies to lay down social media guidelines

In accordance with the Information and Cyber Security Guidelines issued by Irdai, employees are restricted from disseminating unverified and confidential information on blogs, chat forums, discussion forums, messenger sites, or social networking sites. The guidelines also include a section on 'Acceptable usage of social media'.".

"Any information received, accessed or obtained by an employee, either in his/her official mail/personal mail/Media Forums or in any other manner, if proposed to be disseminated or shared in any Media Forum, should be forwarded to the Organisation's Compliance team and corporate communication team for prior approval," it said.

According to Irdai, any post on the internet or communication that implies that you work for an organization must include a simple and visible disclaimer that says 'these postings are my own personal views and not those of the organization. They should not be interpreted as such.

"The personal image projected in social media affects an individual's reputation and may affect the reputation of Organisation.

"No form of critique or comment on an Organisation or its business should be made on personal websites or social networking platforms," said the section on guidelines for the usage of social media by employees for personal purposes.

As part of the organization's Information and Cyber Security Policy (ICSP), responsibilities are identified and goals are set for the protection of key data and information assets. Implementing this policy shall reduce the risk of accidental or intentional disclosure, modification, destruction, delay, or misuse of information assets, the regulator said.

Information assets comprise data or information recorded in electronic, printed, written, facsimile or other systems and the 'system' itself.

All insurers, including FRBs and Irdai-regulated insurance intermediaries, are required to comply with the guidelines.

Insurance regulators issued guidelines on Cybersecurity in 2017 and extended them to intermediaries in 2022.

Irdai has revised its guidelines in order to help the insurance industry strengthen its defences and a related governance mechanism to deal with emerging cyber threats in light of widespread adoption of digital technologies and an increase in cyber security incidents.