Sunday 6 February 2011

Data Security And Privacy In Indian Banking Industry

Data security, data protection and privacy laws are never considered important by Indian government. As a result there are many crimes and cyber crimes that are regularly committed in India without much fear of punishment. Even BPO industry is not safe in the absence of these crucial laws.

Although the BPO industry can afford to casually take this situation, Indian banking industry cannot take it lightly. This is more so since Reserve Bank of India (RBI) has recently mandated stringent due diligence requirements for banks in India.

Of all these requirements, the most pressing one are coming from the IT Act, 2000. The IT act, 2000 is the sole cyber law of India that demands many due diligence requirements on the part of various players, including banks of India.

Although there are numerous such due diligence requirements yet banks must consider the cyber security aspects on a priority basis. Indian banks are increasingly facing cyber crimes pertaining to banking industry. Further ATM frauds, credit card cloning, phishing attacks against banks, etc are also on rise.

In these circumstances, online banking and mobile banking in India are still not safe. The real problem arises as to imposing a liability for any such cyber crimes. If the money of a bank customer is stolen due to any of these cyber crimes, who would be responsible for such loss? Would it be the bank or the customer is still a question many banks fail to answer.

With the due diligence requirements imminent upon banking industry in India, it would no longer be able to pass the buck to its customers. In the absence of such due diligence, the bank may be required to compensate the customer for the loss they sustained due to bank’s negligence.

Banks of India must consider data security and privacy issues of their customers very seriously otherwise they would be violating the due diligence requirements under various law, especially the cyber law of India.