Insurance Regulatory and Development Authority of India | IRDAI

IRDAI concentrates on customer data, which is what an insurance industry operates on, and any breach of the same would put consumers' personal data at risk.

The Trust Challenge

IRDAI Guidelines

Highlights of the IRDAI Guidelines:

Pointer

Third party processing

According to the guidelines, insurers are responsible for ensuring suitable data protection procedures to preserve data confidentially in the event that personal data of the customer is exchanged with a third party.

Pointer

Designated Chief Information security officer (CISO)

IRDAI states that all insurers should choose a suitable and experienced professional as CISO, who would be in charge of enforcing all data security standards and creating an Information Security Committee involving all stakeholders (ISC).

Pointer

GAP Analysis Report

IRDAI mandates that entities undertake gap analyses and report on their findings. This is a method for assessing the performance of current software/applications, providing a simple summary of current state and also provide a future state roadmap to improve the current state.

Pointer

Cyber Crisis Management Plan (CCMP)

IRDAI has given insurers guidance for defining and documenting a Cyber Crisis Management Plan, which describes the necessary efforts to detect and resolve data security vulnerabilities and network architecture to safeguard sensitive data from any external or internal threat.

The Trust Challenge

Challenges

The following are the issues created by the guidelines that the majority of organizations face:

Pointer

Manually managing data mapping and inventory to fulfil legal standards, as well as the organization's inability to centrally handle customer data in order to be controlled.

Pointer

Although the guidelines do not mandate the requirements for data destruction, one of the security precautions that must be followed is to erase sensitive data once the purpose has been accomplished.

Pointer

Organizations do not have a mechanism in place to generate record of assurance that provide the proof of permanent deletion.

Pointer

Organizations lack the ability to detect and filter out data that is part of a breach and has been shared to unauthorized persons.

Win-Win Situation

Solutions

Ardent Privacy’s Solutions relating to the above mentioned challenges:

Pointer

Data discovery, inventory and mapping: Our AI-based, patented solution, TurtleShield PI (Privacy Intelligence) discovers all personal and sensitive data in structured and unstructured data systems across on-premises and multi-cloud environments.
TurtleShield DI (Data Inventory) enables organizations to inventory & map their entire “Data footprint”, enabling them to protect what matters the most.

Pointer

Third party “Privacy Intelligence” (monitors third party sharing): Often there are silos within entities or business and IT teams and it is challenging to get a full picture of data going outside organization and which is coming into organization, especially when data is shared with third parties, vendors, business partners and much more. Our TurtleShield PI (Privacy Intelligence) creates a data map based on your “data sharing”, to facilitate you to take action on it.

Pointer

“Data Minimization”: TurtleShield DM (Data Minimization) helps businesses minimize excess data and adhere to data minimization principle. This is data hygiene control and we are approaching it from a risk reduction and compliance perspective. We scan large data sets to scan for excess data using Machine Learning and find out excess data including personal data. This can eliminate operational inefficiencies and save cost by removing the unwanted data and legal cost of having it with respect to regulatory compliance.

Pointer

“Right to be Forgotten (RTBF)” with Assured Deletion: With TurtleShield RTBF (Right to Be Forgotten) provides the businesses the capabilities to comply with mandatory deletion of personal data by providing the capabilities to delete the data on request along with the validation of the deletion.

Pointer

Enable Data subject rights with cost savings and compliance in totality: Search capability in large datasets to fulfill data subject requests in totality and at rapid space. Assumption that data only exists in databases and nowhere else is often not reality as customer data exists in many sources. Using Machine learning and AI we crawl across data sources and predict where PII can exist.

The Trust Challenge

IRDAI Guidelines

Highlights of the IRDAI Guidelines:

Pointer

Third party processing

According to the guidelines, insurers are responsible for ensuring suitable data protection procedures to preserve data confidentially in the event that personal data of the customer is exchanged with a third party.

Pointer

Designated Chief Information security officer (CISO)

IRDAI states that all insurers should choose a suitable and experienced professional as CISO, who would be in charge of enforcing all data security standards and creating an Information Security Committee involving all stakeholders (ISC).

Pointer

GAP Analysis Report

IRDAI mandates that entities undertake gap analyses and report on their findings. This is a method for assessing the performance of current software/applications, providing a simple summary of current state and also provide a future state roadmap to improve the current state.

Pointer

Cyber Crisis Management Plan (CCMP)

IRDAI has given insurers guidance for defining and documenting a Cyber Crisis Management Plan, which describes the necessary efforts to detect and resolve data security vulnerabilities and network architecture to safeguard sensitive data from any external or internal threat.

The Trust Challenge

Challenges

The following are the issues created by GDPR laws that the majority of organizations face:

Pointer

Manually managing data mapping and inventory to fulfil legal standards, as well as the organization's inability to centrally handle customer data in order to be controlled.

Pointer

Although the guidelines do not mandate the requirements for data destruction, one of the security precautions that must be followed is to erase sensitive data once the purpose has been accomplished.

Pointer

Organizations do not have a mechanism in place to generate record of assurance that provide the proof of permanent deletion.

Pointer

Organizations lack the ability to detect and filter out data that is part of a breach and has been shared to unauthorized persons.

Win-Win Situation

Solutions

Ardent Privacy’s Solutions relating to the above mentioned challenges:

Pointer

Data discovery, inventory and mapping: Our AI-based, patented solution, TurtleShield PI (Privacy Intelligence) discovers all personal and sensitive data in structured and unstructured data systems across on-premises and multi-cloud environments.
TurtleShield DI (Data Inventory) enables organizations to inventory & map their entire “Data footprint”, enabling them to protect what matters the most.

Pointer

Third party “Privacy Intelligence” (monitors third party sharing): Often there are silos within entities or business and IT teams and it is challenging to get a full picture of data going outside organization and which is coming into organization, especially when data is shared with third parties, vendors, business partners and much more. Our TurtleShield PI (Privacy Intelligence) creates a data map based on your “data sharing”, to facilitate you to take action on it.

Pointer

“Data Minimization”: TurtleShield DM (Data Minimization) helps businesses minimize excess data and adhere to data minimization principle. This is data hygiene control and we are approaching it from a risk reduction and compliance perspective. We scan large data sets to scan for excess data using Machine Learning and find out excess data including personal data. This can eliminate operational inefficiencies and save cost by removing the unwanted data and legal cost of having it with respect to regulatory compliance.

Pointer

“Right to be Forgotten (RTBF)” with Assured Deletion: With TurtleShield RTBF (Right to Be Forgotten) provides the businesses the capabilities to comply with mandatory deletion of personal data by providing the capabilities to delete the data on request along with the validation of the deletion.

Pointer

Enable Data subject rights with cost savings and compliance in totality: Search capability in large datasets to fulfill data subject requests in totality and at rapid space. Assumption that data only exists in databases and nowhere else is often not reality as customer data exists in many sources. Using Machine learning and AI we crawl across data sources and predict where PII can exist.

Featured News & Blogs

Be the first to catch our latest updates,
happenings and more.

Follow us