Skip to main content
Back to Blog

What if your biggest data risk isn’t a breach, but not knowing who can see what?

Data is everywhere in insurance agencies.

Policy details. Client records. Claims history. Financial performance. Renewal pipelines.

It flows across systems, teams, and reports every single day. And as that data grows, so does a challenge that many agencies underestimate:

Who has access to what, and can you trust how that data is being used?

This is where data governance either protects the business or quietly puts it at risk.

Why Data Governance Has Become a Business-Critical Priority

Insurance has always been a data-driven industry, but today’s environment has raised the stakes significantly.

Agencies are no longer just managing internal data. They are operating within a complex regulatory landscape shaped by frameworks like CCPA, and a growing set of industry-specific and state-level requirements. These regulations demand strict control over personal information, financial records, and claims data, while also enforcing clear rules around data retention, access, and reporting.

This means data governance is no longer optional. It is essential for:

  • Compliance with evolving privacy regulations
  • Risk mitigation against data exposure and breaches
  • Operational continuity as agencies scale

At the same time, agencies must manage vast volumes of sensitive information across multiple systems, often including legacy platforms, third-party integrations, and evolving digital tools. Maintaining consistency, accuracy, and accountability across these environments is not easy.

And yet, it is critical. Because when data cannot be trusted, neither can the decisions built on it.

Because when data cannot be trusted, neither can the decisions built on it.

When Governance Breaks Down, So Does Trust

One of the most common symptoms of weak data governance is overexposure.

Reports are shared broadly. Dashboards are built for multiple audiences. Teams access data that may not be relevant, or appropriate, for their role.

At first, this feels efficient. But over time, it creates confusion.

Consider what happens in practice:

Shadow processes emerge when official systems can’t keep pace. An underwriter frustrated with turnaround times creates an Excel quotation workaround, not as a bad actor, but as a businessperson faced with a real problem. This is often where governance fails most quietly: the business routes around friction, the workaround becomes normal, and governance controls don’t cover what is actually happening day-to-day.

Manual coordination becomes the bottleneck. The team begins by reviewing upcoming renewals from their master spreadsheet. Renewal dates are filtered manually, while follow-up lists are created separately. Commission statements from the insurer are downloaded and reconciled in another file. Updated claims are tracked in a separate sheet. Policy documents are stored across shared folders.

Operationally, nothing is truly broken, but structurally, every single action depends on manual coordination. As policy volume increases, even small data errors (an incorrect formula, missed entry, or outdated version) can affect renewal follow-ups or revenue calculations.

Trust erodes across the organization. Producers see more data than they need. Operations teams interpret metrics differently. Leadership questions whether the numbers are aligned.

Without clear controls, governance becomes reactive instead of proactive. And when trust in data begins to erode, decision-making slows down.

Why Governance Requires More Than Policy

They define access rules. They outline best practices. They communicate expectations.

But policies alone are not enough.

The reality is that without the right systems in place, governance becomes difficult to enforce consistently. Common challenges include:

Manual workarounds that bypass controls. When official processes are too slow or cumbersome, teams create spreadsheets, share files via email, or export data to work around the system.

Multiple versions of the same report. Different teams need different views, so agencies create separate dashboards for each role, leading to version control nightmares and conflicting numbers.

No visibility into who accessed what. Without audit trails, agencies can’t prove compliance or track down the source of a data exposure issue.

Time-consuming access requests. Every time someone needs a new report or different data permissions, IT has to manually intervene.

This is where governance strategies often fail. Because data governance isn’t just about defining rules. It’s about embedding those rules into how data is accessed, shared, and used every day.

How Informer Embeds Governance into Reporting

Informer takes a fundamentally different approach by building governance directly into the reporting layer through a comprehensive security framework that works at multiple levels.

Through row-level security, Informer ensures employees only see the data that’s relevant to their roles. It’s not just about restricting access; it’s about providing clarity. With row-level security, the system automatically filters data based on the user’s role, region, or permissions, without complex IT interventions or coding.

Related article: Why Row-Level Security Matters for Insurance Agencies 

The Foundation: Teams and Roles

Informer utilizes a Teams security model designed to mirror real-world business operations.

A Team within Informer represents a logical business unit within an organization—think departments, regions, or functional groups. Users are assigned to Teams based on their business role, and their capabilities within Informer are determined by their Role within that Team.

Roles control what users can do:

  • Member – View shared content
  • Designer – Create reports and dashboards
  • Data Wizard – Build and manage datasets
  • Publisher – Share content across teams
  • Team Admin – Manage team membership and permissions

Your organization’s existing structure and security requirements map directly into Informer’s Teams and Roles—no need to rebuild organizational logic or work around rigid permission models.

Layered Data Security

Once the Team structure is in place, Informer applies additional controls at the data level.

When sharing a Dataset, you can apply two layers of security:

Row-level security uses saved filters to limit what data a User or Team can see. When a filter is applied, the shared Dataset appears to contain only the filtered records.

Field-level security controls which fields are visible, either allowing access to all fields or restricting access based on Datasource security settings.

These controls work together to ensure users see only the data they’re authorized to access—automatically enforced every time they access a report or dataset.

Three Users, Three Views, One Report

A producer logging in only sees data related to their own book of business, so commission discussions stay private and competitive tension is avoided.

An account manager sees data tied to their assigned clients, preventing accidental exposure of client information across accounts.

Leadership accesses a broader, aggregated view of agency performance, without needing separate reports or manual filtering.

All from the same report.

Data-level security controls access in Informer, allowing only certain Team members to manage and restrict data visibility. Users with the roles of Team Admin, Publisher, or Data Wizard can restrict access to the data in Informer with Mapping Sets and Restricted Fields for Datasources, Dataset-level filters, and row-level security.

The Result

There is no need to:

  • Create multiple versions of dashboards
  • Manually filter data before sharing it
  • Risk exposing information beyond what a user is authorized to see

Governance becomes automatic, consistent, and scalable. And for agencies preparing for audits, Informer’s System Audit feature tracks user activity and query usage, creating the documentation trail regulators expect.

From Data Exposure to Data Confidence

By centralizing reporting and applying role-based access controls, Informer helps agencies solve multiple governance challenges at once:

Sensitive data is protected through controlled access. Data governance and security lie at the heart of Informer by incorporating organizational governance policies at the data level, content level, and functional level security. Informer strikes a balance between enabling self-service analysis and protecting your organization’s sensitive business intelligence information.

Data definitions remain consistent across the organization. Fundamental principles of Ownership and Sharing in Informer allow Owners to curate content and control the complete lifecycle of data they own, manage processes and standards for how content updates are applied, and who has what level of access.

Teams work from a single, trusted source of truth. No more reconciling conflicting reports or questioning which version of a dashboard is correct.

Employees navigate less complexity. They see only what is relevant to their role, which improves focus, reduces confusion, and increases productivity.

This allows every business function to report on key areas consistently and make decisions using the same, foundational understanding. The result is an increase in data trust as well as faster data delivery.

This is where governance begins to feel less like a restriction and more like an enabler.

Ready to turn data governance from a compliance burden into a competitive advantage? Let’s talk.

Scott Allen
Written by
Scott Allen