The world is moving towards technology advancement and digitisation across industry and business functions.
By Bharat Panchal
Digital transactions, artificial intelligence and machine learning have given a new dimension to data and its importance in our daily lives. Considering the importance and sensitivity of data and its usage, it is essential to have an appropriate data protection framework and policy that will provide a guideline for the usage of data within the geography where enterprises do their business, and ensure data sovereignty. It is also inevitable to share certain data points nationally and internationally as part of business transactions, especially on overseas remittances as part of trade.
Today, every segment of society is using technology, generating humongous data every minute. Therefore, right to protect data is crucial. Data protection is a core aspect in the Srikrishna Committee’s data protection Bill 2018, government’s cloud computing policy, RBI’s mandate for financial data localisation and even amongst bodies deciding on data around e-commerce companies, online services and other corporate services. The support remains that localisation has a direct linkage to sovereignty, national security and economic advancement of the nation.
Privacy as a fundamental right means it cannot be given or taken away by law. All laws and executive actions must abide by them and an individual cannot part with these rights. The introduction of data protection and localisation can benefit at large in the following lines:
1. Data protection framework and policy based on the law of the land, better control over data, and accessibility of data for financial crime-related analysis and investigations;
2. Improved data security and data governance;
3. Stronger protection of privacy for citizens’ personal data, including protection from overseas governments’ and corporates access within the framework;
4. Ease of data access and control for domestic regulatory and supervisory bodies.
Informational privacy means the prospects of privacy that individuals have regarding information about them. It is intrinsically connected to the idea of control that individuals should have over their personal information. When it comes to any transaction—financial, non-financial, social media post—individuals are sharing data knowingly or unknowingly. The data can even flow beyond boundaries due to extensive use of various social media platforms. When the breach happens, it is difficult to trace from where the data was accessed. Considering these circumstances, it is important to define a framework that encompasses domains and business functions.
The world is moving towards technology advancement and digitisation across industry and business functions. Digital payments are becoming the most accepted way of payment processing; this contributes to generation of more data. However, plain data localisation is not a holistic solution. Every nation has its own data localisation challenges. To some extent, data localisation is mandated and the same can be addressed with the right framework. Even to reach the sophisticated data localisation framework and implementation, we need to look at things holistically, as there are challenges across continents.
All said, companies operating in a country will have to adhere to the law of the land. Apart from this, one should analyse the gaps and implement a strong framework, and come up with a policy that is well-defined and well-aligned with data protection. The emphasis given by regulators on data localisation is to ensure responsible and transparent data use as well as strong privacy protection. At the same time, data localisation would pose obvious challenges like segregation of local data, proposed consent management, etc, especially to those enterprises that have global presence.
The author is chief risk officer, India, Middle-East & Africa, FIS