Analyzing consumer data privacy issues in financial sector and exploring privacy benchmark strategies for India

Abstract

With the rapidly growing technology in today’ world there is a need to feel secure using it. Increase in the use of internet has given businesses more ways to collect data and information about their consumers, both existing and potential. The information is collected without the users even realizing it, due to close linkage of various technologies and linking of data from app to app. When one browses a website, the data such as IP address is shared with the company. Also, with the help of the cookies of web browser, the company can access browsing patterns. These activities are common because they benefit the companies to provide customers with a smooth and easy user experience, but at the cost of their privacy. However, the focus is now moving towards privacy issues and what consumers might be keeping at stake to get a good user experience and personalization. More and more people are becoming aware of the privacy issues but still there is a lack of awareness about the various degree of risk attached with different kind of privacy risks. Some companies do not even understand the kind of consumer data that they are collecting and associated risks with them. This might land the company into legal & regulatory hurdles which might damage its reputation. Companies that do not understand these risks are putting themselves in as scenario when they might have to pay huge penalties and loose customer trust. India is a country with booming technological revolution across industries, however there in no concept of protecting consumer data from unauthorized, illegal & unethical use. This gap is visible in the Financial Sector where its impact can be clearly seen. Without strong legal, regulatory & cyber security frameworks, we may end up compromising user data leading to mistrust in the financial system all together. In this report we explore the data privacy with focus on Financial sector & how India can develop & benchmark necessary frameworks required. Most of the data asked by banks are necessary for the regular their functioning and providing necessary financial services. However, no mechanism exists where there is a transparent communication from the banks’ side stating the purpose & extent of usage of such data and neither does a legal framework exists which can mandate the same. As a result, banks & other financial services startups might engage in usage of data for purposes of exploitation of the user or might monetize it by sharing data with third parties. Many of the mobile & web applications demand user data during registration & usage without stating the purpose of asking it nor do they seek user consent for the same. Many times, the data demand is unrelated to the product or service offered to the user. There is no regulatory body to monitor this as well. Next, we assess the types of risks associated with data, both demographic & financial, to understand the different avenues fraudsters use to compromise & exploit consumer data. We do this by constructing a matrix of risks to give us a comprehensive overview of the risks involved in the financial services industry both in traditional banking & other technology driven financial services.