Lately, Facebook’s data breach was confirmed by the social network giant wherein the company said that a total of 562,455 people in India were potentially affected by the unauthorized sharing of data mined by researcher Aleksandr Kogan, with UK-based Cambridge Analytica.

Post this data compromise, India's central bank Reserve Bank of India (RBI) wants to ensure the security of the data related to users of payment systems, including payment apps and mobile wallets. For same, RBI has asked all payment system operators in India to store their entire data within the country only. RBI announced on Thursday that all payment system operators will henceforth be required to store data within India to ensure safety and security of users' information.

The payment operators will be given six months' time to comply with the directive of the central bank.

At present "only certain" payment system operators and their outsourcing partners store the payment system data either partly or completely in the country, said RBI. This also means part of data of payment operators are outside the country.

RBI observed that the payment ecosystem in India has expanded considerably with the emergence of new payment systems, players and platforms. "Ensuring the safety and security of payment systems data by adoption of the best global standards and their continuous monitoring and surveillance is essential to reduce the risks from data breaches while maintaining a healthy pace of growth in digital payments," the RBI said in a statement on 'Developmental and Regulatory Policies'.

RBI further said "In order to have unfettered access to all payment data for supervisory purposes, it has been decided that all payment system operators will ensure that data related to payment systems operated by them are stored only inside the country within a period of 6 months."
RBI will further issue detailed instructions in this regard within one week.

The above news was first reported in Economic Times.

Payments facilitators as diverse as Visa, MasterCard, Google or Whatsapp now face the regulatory heat locally, with the central bank asking the global giants to host India-relevant data locally and bringing oversight rules on a par with what is prevalent in Asia’s richer neighbourhoods.

Data Localization?

“Data localization” can be defined as the act of storing data on a device that is physically located within the country where the data was created. Data localization requirements are governmental obligations that explicitly mandate local storage of personal information or strongly encourage local storage through data protection laws that erect stringent legal compliance obligations on cross-border data transfers.

Data localization requirements are increasing around the world however its not new, prior to 2013 several countries passed laws requiring data to be stored within national borders. Russia’s data localization law got effective in 2015 and later similar laws were also implemented in China, Kazakhstan, Nigeria, Indonesia, Vietnam, Malaysia and Greece.

In Canada, federal law contains no data localization requirements. However, provincial laws in British Columbia and Nova Scotia require that personal information created by public institutions (government agencies, schools, hospitals, and utilities)—be stored on servers located in Canada. These laws also require that the data be accessed from within Canada, creating an additional barrier for companies based outside those provinces.

India & Data Localization

In 2012, India enacted a “National Data Sharing and Accessibility Policy,” which effectively means that government data (data that is owned by government agencies and/or collected using public funds) must be stored in local data centers.

In February 2014, the Indian National Security Council proposed a policy that would institute data localization by requiring all email providers to set up local servers for their India operations and mandating that all data related to communication between two users in India should remain within the country.In 2014, India’s enacted the Companies (Accounts) Rules law that required backups of financial information, if primarily stored overseas, to be stored in India.

In 2015, India released a National Telecom Machine-to-Machine roadmap that requires all relevant gateways and application servers that serve customers in India to be located in India. The Roadmap has not yet been implemented yet, however

References - Servers.Global,

Post a Comment

Previous Post Next Post
Like this content? Sign up for our daily newsletter to get latest updates.