DATA PRIVACY AND PROTECTION IN BANKING AND INSURANCE

AUTHOR –  DIVYANSHU BHARTI* & DR. AMIT DHALL**

*STUDENT OF LAW, AMITY LAW SCHOOL, NOIDA, UTTAR PRADESH

** FACULTY OF LAW, AMITY LAW SCHOOL, NOIDA, UTTAR PRADESH

BEST CITATION – DIVYANSHU BHARTI & DR. AMIT DHALL, DATA PRIVACY AND PROTECTION IN BANKING AND INSURANCE, INDIAN JOURNAL OF LEGAL REVIEW (IJLR), 5 (4) OF 2025, PG. 226-236, APIS – 3920 – 0001 & ISSN – 2583-2344.

Abstract

The increasing digitization of banking and insurance products and services has made data privacy and protection a high-priority topic. The Financial Institutions storages millions of tons of sensitive customer-related data, such as account information, personal details, and transaction history. This data can be easily manipulated with cyber-attacks, unauthorized access, and data breach; hence strengthened security is needed to safeguard it. Internationally, there exist certain regulations such as General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Basel Committee on Banking Supervision (BCBS), which define international data protection standards. In the Indian context, financial institutions are subjected to data privacy practices by Information Technology Act, 2000; the proposed Personal Data Protection Bill (PDPB); and guidelines issued by Reserve Bank of India (RBI) and the Insurance Regulatory and Development Authority of India (IRDAI).

Although strict laws and regulations exist, the challenges faced by financial institutions still remain. Some of these challenges include cyber threats, compliance with changing laws and regulations, risks pertaining to third parties, and a balancing act between security and customer convenience. Cyber threats such as phishing, ransomware attacks, and data breaches pose floodgates to secure banking and insurance data. Hence, the institutions should be installing strong cybersecurity standards, which may include encryption tools, two-factor authentication, and regular audits. Secure data storage, being compliant with regulations, customer awareness programs, and strong third-party risk management are some of the other strategies that need to be added. Informing consumers about phishing scams and frauds will help in creating an additional layer of defense towards securing data.