Report on DPDPA Compliance and Indian Banks: A Closer Look at Data Privacy in Banking Journeys

The recent report released by IDfy, an Integrated Identity platform, sheds light on the state of data privacy in the banking sector in India. The report, titled ‘DPDPA Compliance and Indian Banks’, delves into the data protection practices of the top 10 banks in the country, revealing some concerning findings.

According to the report, 8 out of 10 banks do not mention the personally identifiable information (PII) data collected in their privacy policy, which includes sensitive information such as Account numbers, PAN, and Aadhaar numbers. This lack of transparency raises questions about how banks handle and protect their customers’ data.

The report also highlights the need for data minimization, as some banks were found to collect unnecessary information such as religion, caste, and even employee designation for certain types of loans. This not only puts individuals’ privacy at risk but also raises concerns about the purpose for which this data is being collected.

Education loans were identified as a particularly vulnerable area, with 75% of the PII data collected during the process being classified as sensitive. Additionally, the report found that a majority of banks did not have a cookie consent banner in place, and only a small percentage of the cookies used were deemed necessary.

Ashok Hariharan, CEO and Co-Founder of IDfy, emphasized the importance of responsible use of PII data in order to maintain customers’ trust. He stressed the need for businesses, especially banks, to reevaluate their data practices and prioritize data privacy in the new regulatory landscape.

In response to these findings, IDfy has launched PRIVY, India’s only Consent Governance platform for digital data protection and privacy in accordance with the DPDP Act. PRIVY aims to simplify user consent processes and guide enterprises in ensuring compliance with data protection regulations.

Overall, the report serves as a wake-up call for banks and other organizations to prioritize data privacy and compliance with data protection laws. By fostering trust and transparency in the financial ecosystem, businesses can build stronger relationships with their customers and safeguard their sensitive information.