Customers’ personal data has become central to how financial service providers (FSPs) (i.e., regulated entities and intermediating service providers) deliver their services. Processing personal data is helping FSPs better assess customers’ needs and provide more amenable financial services. However, FSPs can put customers’ safety at risk from different kinds of harm if they process data without adequate data protection safeguards.[2] The potential for these risks breeds mistrust and apprehension about FSPs and financial services among customers unless they are reassured of safety.
Many data protection frameworks provide a set of principles that are meant to guide providers towards implementing safeguards. However, these principles are often abstract and difficult to put into practice. More importantly, these principles don’t guide providers towards implementing safeguards in a way that earns the customers’ trust.
To address these gaps Dvara Research, with the Data Security Council of India (DSCI), co-developed two privacy handbooks directed at FSPs in the insurance and banking sector. The handbooks help FSPs implement data protection in a customer-centric manner throughout the data lifecycle, including in legacy systems. The handbooks build on global data protection frameworks and best practices, and inputs from FSPs, data protection experts, and other stakeholders in the insurance and banking sectors.
While the handbooks are set in the context of insurance and banking sectors, the principles are broadly applicable to all FSPs that interface with customers and process their personal data. These privacy handbooks provide four crucial inputs to FSPs. They:
-
Provide a set of principles and detailed action points for FSPs
to implement data protection safeguards at each stage of the customer journey and data lifecycle in a way that builds customers’ trust. -
Present a ready-to-use self-assessment checklist that FSPs can use
to identify the gaps in their framework and understand how they can address them to better comply with regulatory guidelines and globally recognised data protection principles.
The privacy handbooks, along with an overview of each handbook, are available here. We welcome feedback from financial sector providers, data protection and data security practitioners, and customer protection experts towards improving the handbook
[1] The authors from the DSCI team include Varun Sen Bahl (affiliated with Nasscom at the time of publication), Anisha Koshy (affiliated with DSCI at the time of publication), and Anand Krishnan (affiliated with the CSSF India Cyber Program at the time of publication).
[2] Data Justice Lab, Data Harm Record, 2020, https://datajusticelab.org/data-harm-record/.
