An unnamed life insurer has been sanctioned for failing to obtain proper consent from customers to collect their medical details during underwriting.

“Collecting medical information without valid consent is a serious failure of a fundamental customer protection under the code [of practice],” Life Insurance Code Compliance Committee chair Jan McClelland said.

“Customers must clearly understand what medical information is being requested, how it will be used and how it will be protected. That transparency is central to informed consent.”

The committee says the breach occurred after the insurer temporarily reassigned staff from a business area where consent was automatically obtained in the application process.

“This meant that when these staff made requests for medical information, they were unaware valid consent had not already been obtained.”

The matter affected 2171 applications and more than 2000 customers, and was identified when a customer lodged a complaint in early 2024.

Ms McClelland says the case “highlights the need for strong oversight and monitoring, especially where manual steps are introduced.

“Operational changes must not compromise core compliance safeguards.”

The committee decided not to name the insurer after weighing factors including the company’s remediation efforts.

“Having considered the seriousness and duration of the breach … the Life CCC determined that a formal warning was the appropriate and proportionate sanction.

“A formal warning holds the insurer accountable for its non-compliance and reinforces the expectation that insurers must consistently meet fundamental consent requirements.”