We are living in an era where everything – from a toothbrush to a car, is available for purchase online. Picture this: You’re scrolling through your smartphone or switching tabs on your laptop, exploring options for a dream home, or planning the next big move for your business. Behind that tempting yet seemingly harmless screen, there’s a landscape of data privacy. This landscape keeps you safe in the digital realm, while trust and privacy emerge as unsung heroes.
For this year’s Data Privacy Day, under the apt theme of “Take Control of your Data,” the spotlight found its mark on Non-Banking Financial Companies (NBFCs). Here’s where the magic happens: amidst the sea of digits and algorithms, we hold the key to a treasure trove of customer data, a responsibility not taken lightly.
With the introduction of the Digital Personal Data Protection (DPDP) law in India on 11 August 2023, a new guiding light emerged. The law requires us to embrace transparency and ethics in how we handle the lifeblood of modern finance—customer data. But here’s the twist, it’s not just about ticking boxes; it’s about nurturing a culture of trust, where every pixel on the screen whispers tales of empowerment and consent.
But what exactly does consent management entail in the context of lending, particularly for home loans and business loans? It’s about empowering our customers to truly understand what data they’re sharing, why it’s needed, and who it’s shared with. Credit bureaus play a crucial role in this by providing customers with details about the collected data, empowering them to make informed decisions about their financial journey. This process grants them granular control over their financial footprint, enabling them to selectively determine what aspects of their digital life we, as an NBFC, are privy to.
Consent management starts with clear and concise communication. Legal jargon-filled clauses are hostile to trust. We must frame data consent in simple, everyday language, explaining the specific purposes for which customer data is used, be it credit assessment, fraud prevention, or post-loan servicing. Transparency is key: customers deserve to know who their data is shared with, for what duration, and what safeguards are in place to protect it. It’s about telling our customers, “Your data is your story, and you’re the author.”
Beyond communication, technology becomes our trusted ally, where innovation paves the path forward. Granular consent mechanisms that allow customers to exercise discretion, and share their data for specific purposes and durations, are vital. Let’s consider this: a customer needs to share data for loan assessment. While their income or credit score data may be important here, sharing other personal information such as their home address, phone number, email address, or bank account details, salary breakup, or personal communication logs, may not be necessary. This level of customer empowerment is not just in favour of their experience but also helps the financial institution establish their credibility.
Furthermore, the ability to withdraw or modify consent should be as effortless as changing lanes on a highway. Life isn’t static, and neither should our data permissions be. Customers should be able to retract their consent at any time, with minimal friction, and have their data quickly disposed of in a secure manner.
Now, data privacy isn’t a one-sided coin. As NBFCs, we too have a responsibility to ensure the data we collect is accurate, relevant, and up-to-date. Data minimisation should be our mantra, which means collecting only the information essential for lending decisions and discarding the rest. Strong data security and data leakage prevention measures including encryption, secure storage, data classification, end point security and regular security audits remain non-negotiable.
Chief Technology Officer
Godrej Capital Limited
The Data Protection law is a welcome catalyst for change, but the onus lies on us, the NBFCs, to go beyond just compliance. Embracing the spirit of Data Privacy Day, we must become champions of data privacy in the lending ecosystem. By prioritising clear communication, granular consent mechanisms, and strong data security practices, we can build trust, foster financial inclusion, and pave the way for a future where data empowers individuals to make measured financial decision.
They say, ‘with great power, comes great responsibility’. As we navigate winds of change, NBFCs must not only comply with existing data privacy laws but also anticipate future regulatory implications. Embracing cutting-edge technologies such as blockchain can strengthen data security, offering a more transparent and tamper-proof system. Moreover, by actively educating customers about their data rights and the importance of privacy, NBFCs can foster a culture of trust and informed consent.
Let us not just offer loans, but also offer confidence, assurance, and control over the very data that fuels our customers’ financial journey. Let us ensure that every “click” is a conscious choice, and every piece of data entrusted to us is a significant responsibility. Let us embrace the journey of data consent with open arms, knowing that in the landscape of data privacy, every step forward is a testament to our commitment to empower and protect those we serve.
