The Insurance Regulatory and Development Authority of India (Irdai) has directed insurance companies to establish social media guidelines for their staff to prevent the dissemination of unverified or confidential information about the organization through these channels.

Irdai emphasized that an organization's image is closely tied to the conduct of its employees and urged them adding" Social media should be used in a way that adds value to the organisation's business".

Irdai has issued the Information and Cyber Security Guidelines to all insurers, which includes a section focused on 'Acceptable usage of social media'. This section outlines that employees must avoid sharing any unverified or confidential information on "any Blogs/Chat forums/Discussion forums/Messenger sites/Social networking sites"

"Any information received, accessed or obtained by an employee, either in his/her official mail/personal mail/Media Forums or in any other manner, if proposed to be disseminated or shared in any Media Forum, should be forwarded to the Organisation's Compliance team and corporate communication team for prior approval," it said.

According to Irdai, utilizing media platforms to report service fault or filing complaints is not appropriate. The regulatory authority also emphasized that if an individual posts or communicates anything on the internet that suggests they are affiliated with an organization, they must include a clear and noticeable disclaimer such as 'the postings on this service are my own personal views and not those of organisation and are not intended to be interpreted as such'.

"The personal image projected in social media affects an individual's reputation and may affect the reputation of Organisation. "No form of critique or comment on an Organisation or its business should be made on personal websites or social networking platforms," said the section on guidelines for the usage of social media by employees for personal purposes.

The Information and Cyber Security Policy (ICSP) of the organization outlines the responsibilities and objectives for safeguarding critical data and information assets in a consistent and appropriate manner. According to the regulator, implementing this policy can mitigate the potential risks of unintentional or deliberate disclosure, modification, destruction, delay, or misuse of information assets. These assets can include electronic, printed, written, facsimile or other recorded data or information, as well as the systems used to manage them.

The Irdai's guidelines regarding Information and Cyber Security for Insurers are to be followed by all insurance companies, including foreign re-insurance branches (FRBs) and insurance intermediaries under its regulation. Initially introduced in 2017 for insurers, these guidelines were later extended to cover all intermediaries in 2022. With the growing use of digital technologies and the consequent rise in cyber security incidents, the Irdai has updated the guidelines to help the insurance industry bolster its defences and establish a related governance mechanism to address the increasing cyber threats.