IDfy, India’s leading Integrated Identity platform, has recently released a report on the “DPDPA Compliance and Indian Banks”, which investigated data privacy in the banking journeys of the top 10 banks in India. The report aims to uphold the necessity of the Data Protection Act and urge organizations to partake in a privacy-centric future.
The report was created after analyzing 25+ digital journeys of the top 10 banks in India. It revealed that 8 out of 10 banks do not mention the personally identifiable information (PII) data collected in their privacy policy, which includes Account number, PAN, and Aadhaar number. The report indicates the need for data minimization, since while some banks collected the employer’s name, work email ID, religion, and caste to open a bank account, others did not. Education loans are another avenue where an individual’s PII is vulnerable, as 75% of the PII data collected during the educational loan process was found to be sensitive PII data. The report also highlights that 9 out of 10 banks did not have a cookie consent banner and a mere 7% of the cookies found were actually “necessary”.
Ashok Hariharan, CEO and Co-Founder, IDfy, said, “’Data is the new oil’, is an old adage. Responsible use of PII is required if companies are interested in keeping their customers’ trust, and we, as brands, need to relook at how, and for what purpose we are using customers’ data. Business models have to change in order for brands to now build trust in the new DPDP world. As custodians of sensitive customer information, banks play a crucial role in espousing data privacy standards. Our report aims to provide a micro view of the barriers to achieving regulatory compliance, helping banks navigate the complex landscape of data compliance, and ultimately fostering trust and transparency in the financial ecosystem.”
Moreover, the report delineates the obscurity in the banks’ cookie collection practices. None of the banks collected parental consent while processing a minor’s data. The report brings to the forefront the practice of banks asking for needless information like employee designation for home loans or marital and spouse’s details for personal loans, which are not integral to credit underwriting.
IDfy has recently launched PRIVY, India’s only Consent Governance platform for digital data protection and privacy as per provisions of the DPDP Act. PRIVY simplifies user consent, allowing easy review, approval, and adjustments to data permissions, and guides enterprises to ensure consent compliance.
