Regulator demands insurance companies improve protection of personal data of their clients in Kazakhstan

The Agency for Regulation and Development of the Financial Market (ARDFM) wants insurance companies to ensure that the confidential data of their customers is safe. The corresponding draft regulation will be available on legalacts.egov.kz for public consideration until May 28.

If the new regulation is adopted, the agency will oblige insurance companies to follow banks and microfinance organizations and embrace the same security measures.

For instance, any registration in a mobile or web application should be conducted with the help of biometric authentication. The same procedure must be applied during the password change, while two-stage authentication is expected to be a mandatory practice.

The new rule is going to introduce different requirements for mobile and web apps. If the system understands that perpetrators have gamed security mechanisms and control the program remotely, the functionality of the app will be blocked.

In addition, any client will be informed about authorizations under his account, password changes and restorations and changes of a mobile phone number linked to the app.

Confidential data of the customers must be kept in the secured container of a mobile app or the login details storage. It shouldn’t be stored as cached data or a backup version of the app. Concerning money transfers insurance companies will obtain mobile device geolocation data if a client has given permission for this.