India is all set to pass a new regulation on data-sharing by keeping user consent at its center. Reserve Bank of India (RBI) has been preparing a regulatory framework for Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 2016. Last updated in November, this protocol details the role of the Account Aggregator (AA) is tasked with verifying that individuals are who they say they are, that they have consented to their data being used, and that the data shall not be used beyond the clearly agreed terms. This means no financial information of customer shall be retrieved, shared or even transferred by the aggregator without the user consent.
In response to the Reserve Bank of India’s customer data sharing policy, Diwakar Dayal, Managing Director for Tenable India said, “Security should form the foundation of any digital transformation initiative and policy. In this case, with the customer-focused data sharing regulation coming into effect, Financial Information Providers and Account Aggregators have a duty of care to safeguard customers’ information. They should be diligent in reviewing their APIs to ensure controls are in place and regular audits are done to comply with privacy regulations and security standards. This regulation will make it more important than ever for all organizations involved to have visibility of all assets across their digital infrastructure, continuously identify vulnerabilities and misconfigurations and accurately prioritize their response to protect customers’ data.”