Page 52 - Banking Finance August 2025
P. 52

ARTICLE

         Access Management (IAM) tools (as discussed earlier) allow  thereby automating enforcement measures.  Access Control
         for safe identity verification while reducing data exposure.  Mechanisms tools such as Single Sign On, zero trust along
         Data Masking and  other anonymization tools such as  with Multi Factor Authentication, Adaptive authentication
         Pseudonymization (replacing an attribute such as name,  based on real time risk assessment mechanisms support
         date of birth with a code or number) will help banks handle  dynamic enforcement of data access policies.
         user requests while lowering the risks involved in direct
         access to personal information.                      (F) Maintaining Records of Processing Activities
                                                              (RoPA).
         (C ) Impact Assessment
                                                              Under the new data protection regime, organizations have
         It is highly likely that Banks will be categorized as Significant
                                                              to keep comprehensive records of their personal data
         Data Fiduciaries (SDF) under DPDPA. In that case, it will be  processing operations including the purposes of processing
         mandatory for banks to carry out Data Audits and Data  and data categories as well as retention periods. Banks can
         Protection Impact Assessments (DPIA) periodically. Banks  use AI-powered tools for Automated Record -Keeping. Logs
         may use the following PETs:                          can be maintained securely using differential privacy and
             Automated  Risk  Evaluation  Tools:  Real  time  encryption techniques which protect personal data.
             monitoring of compliance risk can be possible using AI
             enabled PETs. Such tools are also capable of generating  (G) Prevention from Breaches and  Security of
             reports that are critical for conducting DPIAs.
                                                              Data
             Privacy  Assured  Audit  Logs:  Encrypted  and   Last but not the least, India's flagship data protection law
             unchangeable  logs  that  are  transparent  and  requires organizations to establish strong security protocols
             accountable but do not reveal any user information.  to  prevent  unauthorized  data  access  and  potential

             Differential Privacy: Helps organizations analyze large  information leaks or breaches.  Banks are already using End-
             datasets for audits while ensuring that no individual data  to-End Encryption technology to safeguard information from
             points can be reverse engineered.                unauthorized access throughout both transmission and
                                                              storage processes. Further, AI-based PETs can be used to
         (D) Purpose Restriction and Data Minimization        help prevent potential breaches by detecting unauthorized
                                                              access  patterns.  This  will  ensure  real-time  anomaly
         At present banks use a large pool of diverse customer-
                                                              detection.
         related data for developing credit assessment and risk
         assessment models. However, DPDPA has mandated that  Challenges to adoption of PETs in Indian
         organizations should collect only bare minimum data for a
         specified purpose and prevent unauthorized access or usage. Banks
         To comply, banks need to introduce newer models which rely  Lack of Use Cases - The technology surrounding PETs is
         on fewer data points or uses alternative data sources (e.g.  rapidly evolving and is in the early adoption phase. There
         Data from social media). PETs such as Federated Learning  are very few banks  in India which are actively using PETs in
         will  be  useful  for  banks to  build credit models  using  real life banking and finance scenarios.
         decentralized  data  without  sharing  raw  data  across
         institutions. Synthetic Data (artificial data generated to  Low level of Awareness - Data Privacy, as a concept, has
         reproduce the original data statistically) is another such PET  gained  prominence  in  the  last  few  years.  However,
         that banks can use for data analytics without revealing real  awareness about the concept of PETs and their importance
         user information.                                    in enhancing data privacy is still not at the desired level.
                                                              Leaders in the banking industry must promote the concept
         (E) Policy Management                                down the line for its early adoption.
         Banks will need to formulate and implement clear policies
         regarding processing, retention, and security of personal  High level of Investment - Effective implementation of PETs,
         data to comply with DPDPA provisions. AI-enabled PETs can  "entities  must develop  internal  technology  stacks or
         perform ongoing monitoring of data policy compliance  software to create unified audit trails, build data inventory


            BANKING FINANCE |                                                              AUGUST | 2025 | 47
   47   48   49   50   51   52   53   54   55   56   57