A survey done by the Data Security Council of India and KPMG, under the aegis of CERT-In (Computer Emergency Response Team), the cyber security wing of the ministry of information technology found banks to be lax in the security of card transactions and customer data privacy protection.
In an earlier blog, I wrote about privacy being a key issue due to the lack of a regulatory and legal framework that penalized Indian enterprise for non compliance. It is therefore not surprising that the survey found “concrete systems for customers' privacy protection are yet to be implemented by many banks”. Almost 80 per cent of the banks surveyed did not have a separate privacy function. The survey recommended “banks to align internal policies, procedures and deploy technology safeguards for protecting sensitive personal information.” On a positive note the survey results revealed that the understanding of data privacy in the banking sector is growing with over half of the respondents being aware of privacy principles and roles and entities for data protection.
Another area which needs attention is the collection of proofs such as income statements by third party agents while processing information for loans and credit cards. This data in particular can be misused to commit banking fraud or passed on to mafia involved in extortion.
The survey found that security and privacy was not constrained due to availability of budget and technical skills. In order to build a sustainable privacy protection program, the bank should institute a top down approach whereby the executive management conveys the importance of customer privacy. This philosophy should be engrained into business process, employee awareness and into specific technological controls such as data encryption.
The survey can be obtained from the DSCI website.
No comments:
Post a Comment