Data Protection / Security - Banking Sector
The Trust Challenge

Key obligations in brief

The Information Technology Act 2000 as amended by the Information Technology (Amendment) Act 2008 (IT Act and IT Amendment Act), along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) rules 2011, define the data protection regulations in India. If any entity collects or processes sensitive personal data pertaining to an individual, it must establish a privacy policy.

Furthermore, the central bank of India, that is, the Reserve Bank of India (RBI) has issued master directions pertaining to Cyber Security Framework (or CSF) and customer data protection (or KYC protection) applicable to all banking organizations in India. Key highlights pertaining to KYC / customer data protection are as follows:

Pointer

The risks posed by cyber threats, as well as the actions to manage or reduce these risks, must be highlighted in a cyber-security strategy.

Pointer

Banks must implement a cyber-security policy outlining a plan for combating cyber threats in light of the business's complexity and acceptable levels of risk.

Pointer

Establish a cyber security testing/assessment program to identify vulnerabilities/ security flaws in Bank’s infrastructure/applications on a periodic basis.

Pointer

Total confidentiality, privacy, and security of customer information (“Know Your Data)”.

Pointer

Data storage in centers located & maintained in India, that is, the RBI has issued directions that require all banks and payment system providers to localize payment transaction data in India (“Data Localization”).

Pointer

Outsourcing of activities by Banking companies: Customer information is to be protected, by following appropriate practices to mitigate the risk involved with outsourcing / third parties (“Third-party data sharing/Privacy Intelligence”).

Pointer

Handing Data Subject Requests (referred to as “DSR’s” - correction, updation, deletion, etc.,).

The Trust Challenge

Challenges

Pointer

Data Discovery (Personally Identifiable Information /Sensitive Personal Information)

Pointer

Localization / Adaptation of Cloud-Native.

Pointer

Data Subject Rights fulfillment.

Pointer

Outsourcing–Third-Party Data Sharing.

Pointer

Retention / Data Deletion / Data Purging.

TurtleShield’s capabilities

Ardent Privacy’s patented technology product “TurtleShield” is an ML and AI- powered enterprise software platform, that helps businesses discover, identify, inventory, map, minimize, and securely delete personal data. With TurtleShield, a business enterprise can turn a “Privacy Program” into a “Profit Centre":

This is achieved by a nimble and oil drilling-like approach to discovery: We create a global map of organizational data, which is subject to “data protection/privacy regulations”.

Globally data localization or sovereignty is becoming a standard regulatory requirement. We can create a global data inventory, to facilitate a single pane of glass of personal or sensitive data based on geographies, to enable you to take necessary action on a proactive basis.

Often there are silos within entities or business and IT teams, and it is challenging to secure a holistic view of the data flow outside the organization and the data flow into the organization, especially when the data is shared with the third parties, like vendors, business partners and many more. We can create a data map, based on the data sharing, to facilitate you to take remedial actions, on the same.

Search capability in large datasets to fulfill data subject requests in totality and at a rapid speed. The assumption that data only exists in databases and nowhere else is often not a reality, as customer data exists in many sources. Using ML & AI we crawl across data sources and predict where PII can exist.

Assists organizations in minimizing excess data by scanning huge data sets for excess data using Machine Learning and identifying excess data, including personal data. Thus, decreasing operational inefficiencies and saving money by deleting useless data and the legal costs associated with having it for regulatory compliance.

Problems Addresses

Featured News, Blogs

India DPDPA 2023 - All You Need to Know
Ardent Privacy at AISS 2024: A Recap
Understanding NYDFS Rules: A Comprehensive Guide to Financial Regulation in New York

Be the first to catch our latest updates,
happenings and more.

Follow us