The IRDAI has asked insurance companies to set out social media guidelines for their employees to ensure that no unverified or confidential information relating to the organization is disseminated to the public through these platforms.
An organization's reputation is closely linked to the behaviour of its employees, the IRDAI says, adding "Social media should be used in a way that adds value to the organization's business".
The Information and Cyber Security Guidelines 2023, issued by the IRDAI to all insurers last month, contain a specific section on “Acceptable usage of social media”—which states that employees should refrain from disseminating any unverified and confidential information on "any blogs/chat forums/discussion forums/Messenger sites/social networking sites", reported Press Trust of India.
"Any information received, accessed or obtained by an employee, either in his/her official mail/personal mail/media forums or in any other manner, if proposed to be disseminated or shared in any media forum, should be forwarded to the organization's compliance team and corporate communications team for prior approval," the guidelines say.
In addition, no critique or comment on an organization or its business should be made on personal websites or social networking platforms, says the section on guidelines for using social media by employees for personal purposes.
Cyber Security Policy
The organization's Information and Cyber Security Policy (ICSP) identifies responsibilities and establishes the goals for consistent and appropriate protection of the organization's critical data and information assets. Implementing this policy shall reduce the risk of accidental or intentional disclosure, modification, destruction, delay, or misuse of information assets, the IRDAI says. Information assets comprise data or information recorded in electronic, printed, written, facsimile or other systems and the 'system' itself.
The guidelines apply to all insurers, including foreign reinsurance branches (FRBs) and insurance intermediaries regulated by the IRDAI. In 2017, the regulator issued guidelines on Information and Cyber Security for Insurers, which were later extended to all intermediaries in 2022.
Considering the widespread adoption of digital technologies and the increase in cyber security incidents, the IRDAI has revised the guidelines to enable the insurance industry to strengthen its cyber defenses and a related governance mechanism to deal with emerging cyber threats.