The issue of storing data domestically has been a focus in India for some time. For example, in 2017, the Insurance Regulatory and Development Authority of India directed insurance companies to stop using internet servers outside India and to store all critical customer data domestically. The authority also asked insurers to take stringent measures to safeguard indigenous servers. The Ministry of Electronics and Information Technology mandated that all cloud service providers that handle government data store it on servers in India.
Until now, there were no clear guidelines of where payments data could be stored. Now that RBI has defined the requirements, forensic investigations of security incidents should be easier. Many security practitioners and payment companies in India have appreciated the move, stating that the mandate could lead to quicker resolution of breach cases.
It has not yet been decided whether the new mandate will apply only to licensed entities, such as wallet issuers, or also to the payment gateways and intermediaries, but the bank says it will reveal more details soon. The RBI mandate for domestic storage of all data must be met by October 15 2018.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now