2.1 About Privacy By Design

This topic describes about the information on privacy by design.

implements privacy by design by protecting Personally Identifiable Information (PII) data. In , privacy by design is achieved by following methods.
  • Data Masking
  • Right To Be Forgotten
  • Granular Access
  • Transparent Database Encryption
  • Data Portability

Maintaining Personally Identifiable Information (PII) Data

If the data comes under the following categories for an individual user, then it is considered as PII data.
  • Customer Name
  • Customer Contact Information
  • Demographic Information
  • Financial Information
  • Unique Identifiers

Data Masking

masks the Personally Identifiable Information(PII) data to protect the privacy of the customer.

Right to Be Forgotten

provides Right to be Forgotten Personally Identifiable Information (PII) data provision, if the customers are no longer associated with the bank. Once the customer is forgotten in the system,customer data is not available for any operation(including query/ reopen) in Detail screen as well as in the Summary screen.

Granular Access

provides granular access to PII data based on the access group restrictions maintained in the user definition. Each customer is mapped to the access group and each user is provided access to that group. Based on the access group, you can query, view, create, amend, re-open, and so on the customer information.

Example 2-1 For USER1

Only ACCGRP1 is mapped as Allowed in Access Group Restriction. In this case, USER1 can create, modify, view, and query only the customers under access group ACCGRP1. However, USER1 cannot create, modify, view or query the transactions for customers mapped to other access group.

Example 2-2 For USER2

Only ACCGRP2 is mapped as Disallowed in Access Group Restriction.In this case, USER2 cannot create, modify, view, query for the customers under access group ACCGRP2. However, USER2 can create, modify, view or query the transactions for customers mapped to other access group.

Transparent Database Encryption (TDE)

It is required to encrypt sensitive application data on storage media completely transparent to the application itself. TDE encrypts data automatically when written to storage including backups, data dumps exports, and logs. Encrypted data is correspondingly decrypted when read from storage. Access controls that are enforced at the database and application layers remain in effect.

Data Portability

As part of Privacy By Design, data portability feature is available for the following summary screens.

  • GCSCOLLT
  • GESFACLT
  • GESCULIK

Parent topic: Limits and Collateral