HemantShah (3)
Hemant Shah, RMS CEO

Two months after RMS announced the launch of RMS(one)—a cloud-based platform for catastrophe models, exposure measurement tools and related data—RMS’s leader took to the blogosphere to address potential data-privacy questions head on.

In a June 27 blog posting titled Privacy Principles and an accompanying video, RMS Co-founder and Chief Executive Officer Hemant Shah assured customers that RMS will provide “the most secure, the most private and the safest way in the industry” for carriers and reinsurers to manage their data.

In the video, Shah said that the data-protection strategy would include “a range of technology, such as encryption at rest” along with “a variety of processes and protocols.”

He stressed the fact that users will be in control of their data and their modeling environments on RMS(one).

“Your results are your results,” even those that might be generated by an RMS model, Shah said, suggesting that some unnamed competitors “view the results of their models as their output” and that they “are seeking to put restrictions” on how customers can access and use the output.

RMS won’t have access to your data. I won’t even be able to see your data that is residing in RMS(one),” RMS CEO Shah says.

Promising to publish a privacy policy at the end of July, Shah told customers the policy will ensure “that your data is only accessible to you and those you choose to share it with.”

“RMS won’t have access to your data. I won’t even be able to see your data that is residing in RMS(one),” he said.

Giving a preview of the privacy policy to come, Shah wrote in the blog post that it rests on three principles:

  • That client data loaded into RMS(one), including modeling assumptions and results, remain within the clients’ control.
  • That RMS will not repurpose nor reuse client data, even in aggregate.
  • That only RMS system data, such as the log data needed to determine utilization-based fees, will be accessed by a limited number of employees who will treat it as highly confidential.

The only exceptions to these principles, he wrote, would relate to events like viruses or malicious code embedded within client data—when RMS might need to take emergency measures to address systemwide threats or to comply with the requirements of law.

On July 31,RMS posted a second blog item, this one featuring a video of RMS General Counsel Eric Drattell, who officially unveiled the privacy policy.