Regulator IRDAI (Insurance Regulatory and Development Authority of India) has asked insurance companies to set social media guidelines for their employees to ensure that no unverified or confidential information related to the organization is disclosed to the public through these platforms. is not broadcast.
IRDAI said that an organization’s reputation is closely linked to the behavior of its employees, adding “social media should be used in a way that adds value to the organization’s business.”
The information and cyber security guidelines issued by IRDAI to all insurers have a specific clause on ‘acceptable use of social media’ – which states that employees should not post any unverified and confidential information on “any blog/chat forum”. Avoid spreading. /discussion forum/messenger site/social networking site”.
“Any information received, accessed or received by an employee through his official mail/personal mail/media forum or in any other manner, if proposed to be disseminated or shared in any media forum, shall be forwarded to the Organization’s compliance team and the Corporate Communications team for prior approval,” it said.
It added that media forums should not be used for reporting or complaining about the fault of a service.
carry a disclaimer
IRDAI further said that any personal Internet posting or communication that implies that you work for an organization must include a simple and visible disclaimer such as ‘Postings on this service are my own personal views and not those of the organization’ And it doesn’t mean ‘so’.
“The personal image projected on social media affects the reputation of an individual and may affect the reputation of the organization. Criticism or comment of any kind on an organization or its business should not be made on personal websites or social networking platforms should,” said the section on guidelines for use of social media by employees for personal purposes.
The organization’s information and cyber security policy (ICSP) identifies responsibilities and establishes goals for the continuous and appropriate protection of the organization’s critical data and information assets. The regulator said that implementing this policy will reduce the risk of accidental or intentional disclosure, modification, destruction, delay or misuse of information assets.
Information assets include data or information recorded in electronic, printed, written, facsimile or other systems and the ‘system’ itself.
universally applicable
The guidelines apply to all insurers including foreign reinsurance branches (FRBs) and insurance intermediaries regulated by IRDAI.
In 2017, the regulator issued guidelines on information and cyber security for insurers, which were later extended to all intermediaries in 2022.
Keeping in view the widespread adoption of digital technologies and the concurrent rise in cyber security incidents, IRDAI has revised the guidelines to enable the insurance industry to strengthen its defenses and related governance mechanisms to deal with such emerging cyber threats. Have done