Express Computer

Home  »  Guest Blogs  »  How to innovate within the boundaries of stringent data privacy laws: Business strategies for growth

How to innovate within the boundaries of stringent data privacy laws: Business strategies for growth

Guest BlogsNews
By Express Computer
0 484

By G.T.Venkateshwar Rao, Managing Director, Posidex Technology

PII data privacy and security are non-negotiable

Beyond protecting business reputation, data privacy compliance avoids crippling penalties. Under India’s DPDP Act, breaches can result in fines of up to ₹250 crore ($30 million). Further, in the last few months, regulatory bodies like the RBI, IRDA, and SEBI have issued cyber resilience guidelines emphasising the need to secure Customer Personally Identifiable Information (PII).

Similarly, the GDPR imposes fines of up to €10 million. The Irish authorities slapped Meta with a record-breaking €1.2 billion fine for violating GDPR international transfer guidelines.

Data is necessary for growth. But is it secure?

Yet the uncomfortable truth about PII today is that it’s not fully secure. Every day, millions of Indians share their most private details—birthdates, government IDs, and even financial information—online, assuming it’s safe.

One weak link can leak that information. Take the recent Star Health Insurance breach. A single attack compromised the personal data of 31 million customers, shattering trust and provoking regulatory scrutiny.

3 stages of data vulnerability

Banks, financial services, insurance providers, stock market participants, and telecoms handle millions of sensitive customer PII. Protecting this data isn’t as simple as locking it away.

Sensitive data isn’t just stored. It’s constantly changing between at rest, in motion, and use.

Different types of encryption techniques are available and used for data at rest and in motion. These are fairly proven and thus quite secure. The last stage is data in use/process. Currently, it’s the riskiest.

Different algorithms use customer PII information to process loans, match identities, prevent fraud, and identify existing or new customers. For each of these uses, PII data has to be in plain text. That means it has to be decrypted even though it is encrypted at rest and in motion.

A gap in global solutions

And that’s the kicker: when “in use/process,” PII data is always exposed as plain text. That’s when breaches can happen.

There are almost no solutions that can protect PII while in use/process. Current solutions like DAM (Dynamic/Static masking), role-based access, etc. only make it difficult for a breach to occur. They do not address the core issue – the need for plain text PII data while in use/process.

Balance privacy and user data for growth

This requires a different approach. Many solutions using cryptographic computing, such as Secure Multi-Party Computation (SMPC), Differential Privacy, Homomorphic Encryption (HE), and Zero-Knowledge Proof (ZKP) are attempting to process PII data in encrypted form so that plain data is not used at all while in use/process.

Another addition to this is privacy vaults. They use polymorphic algorithms and hybrid tokenisation with a probabilistic approach. So, a privacy vault uses tokenised data to conduct a fuzzy search on all PII data elements for insights.

For instance, banks can check whether the prospect is an existing bank customer or a new bank customer if the credit score is above a threshold level, and whether the given IDs, like PAN or Aadhaar, are correct, all working on tokenised data. At no point is the customer’s plain text PII used.

It’s a unique innovation within the boundaries of data security and data privacy laws. Further, encrypted processing simplifies compliance with localisation laws by ensuring sensitive data is always protected, regardless of jurisdiction.

Data privacy is a strategy, not a challenge

Viewing data privacy as only a compliance need is doing a disservice to your business. Data privacy is an opportunity for differentiation. It’s a core element of growth strategy. Prioritising it builds customer trust, improves brand loyalty, and drives operational efficiencies.

Take a privacy vault, for instance.

Organisations can extract meaningful insights while respecting regulations and without compromising privacy. They can use the encrypted data for insights like demographic analysis, identifying prospects as existing customers, fraud cases, or new leads, and global customer lookups, etc.

Some may question whether insights derived from encrypted processing are as accurate as those obtained from traditional methods. Performing operations on encrypted data may indeed involve trade-offs in precision for complex queries, requiring huge overhead on computing and storage with high latency.

However, modern cryptographic computing techniques have very high precision without significant overheads on computing and storage. They empower businesses to make accurate data-backed decisions while ensuring data security and thus compliance.

Action plan for privacy-driven growth

Privacy vault future-proofs operations.

This transition isn’t just about adopting new technology. It’s about embedding data security and data privacy into every aspect of data management and making organisations customer-centric. However, no technology can thrive in a vacuum.

Building a culture of security, compliance, and data privacy first is equally critical. Educate teams on data security privacy laws and the responsibility they bear in safeguarding sensitive PII data. Equip them to be the first line of defence in maintaining trust and integrity.

The way forward

India is at a crossroads. As PII data continues to grow exponentially, so will the complexity of securing it.
We can embrace privacy-preserved processing using cryptographic computing to protect citizens’ PII data, build trust, and comply with national and global standards. Or we can face rising penalties, reputational damage, and consumer mistrust.

The choice is clear, and the future is the ability to process encrypted data, i.e. while data is in use/process.

Get real time updates directly on you device, subscribe now.

Express Computer

Express Computer is one of India's most respected IT media brands and has been in publication for 24 years running. We cover enterprise technology in all its flavours, including processors, storage, networking, wireless, business applications, cloud computing, analytics, green initiatives and anything that can help companies make the most of their ICT investments. Additionally, we also report on the fast emerging realm of eGovernance in India.

You might also like More from author
Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
Powered by Convert Plus

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image