The Evolving Landscape of Data Protection and Trust in the Digital Age

Trust as a Business Strategy

At the recent ET CISO Data Protection & Privacy Summit 2025, senior leaders from various sectors, including fintech, insurance, and banking, converged to address a pivotal transformation: the evolution of trust from a moral imperative to a quantifiable business strategy. Moderated by Sneha Jha, Editor of ETCIO & ETCISO, the panel explored the ongoing redesign of systems and cultures within Indian enterprises to comply with the Digital Personal Data Protection Act (DPDPA), aiming for long-term credibility and robust user trust.

Implementing Unified Intelligence

Mrinmoy Dey, CISO of Lendingkart, illuminated how digital lenders are increasingly adopting unified Extended Detection and Response (XDR) systems to assess identity signals and identify anomalies. “Trust starts at the login point,” he asserted, emphasizing the necessity for a comprehensive view across devices, behavior, and biometrics. This innovative approach not only enhances decision-making speed but also stratifies applications into risk categories, effectively minimizing fraud and streamlining verification processes.

Continuous Monitoring: A Non-Negotiable

The discussion prominently featured the need for continuous monitoring across industries. For instance, Biju K, Chief Data Protection Officer (CDPO) of Federal Bank, pointed out that the same cyber threats that target networks today are intertwined with compliance requirements stipulated by the DPDPA. “In real-time incident detection, continuous monitoring is paramount,” he stressed, highlighting the act’s stringent reporting expectations.

Privacy as Financial Stability

Nagesh Jha, CISO of NSDL, articulated the inseparability of privacy and national financial stability. As cyber threats evolve with advanced capabilities like AI-driven deepfakes and phishing attacks, he emphasized the need for institutions to fortify their defenses. “Cybersecurity is a collaborative endeavor,” he reminded the audience, underscoring the essentiality of an automated framework, multi-layered controls, and widespread intelligence sharing to mitigate risks across the capital markets.

Navigating Heightened Expectations in Insurance

In the insurance sector, Chief Information Security Officer Praveen Mishra of Liberty General Insurance discussed the complexities posed by the blend of personal and financial data. He highlighted the organization’s efforts to redefine “reasonable safeguards” through minimization, governance over access, and secure partner channels. “The accumulation of data equates to increased risks,” he cautioned, emphasizing that privacy maturity is an ongoing journey requiring daily vigilance and adaptability.

The Overlooked Risk of Residual Data

From the perspective of technology providers, Manoj Dhingra, Cofounder and Director of Stellar Information Technology, raised an often-overlooked issue: residual data from decommissioned IT assets. Citing a notable incident involving Morgan Stanley, he noted that this wasn’t simply a cyber breach—it was a failure in asset disposal. He advocated for the use of certified data erasure platforms, which provide auditable trails and digitally signed certificates, reinforcing that trust in the digital realm must be demonstrable, not merely promised.

Integrating Privacy into Business Models

Malcolm Gomes, COO of IDfy, broadened the conversation to encompass ecosystem-level challenges, expressing that implementing privacy measures transcends simple frameworks and involves intricate interdependencies across business functions and associated technologies. “Privacy is multidimensional and cannot be treated as a one-off box to check,” he explained, stressing that organizations need automation and inclusive consent mechanisms that cater to India’s diverse linguistic and digital landscape. Importantly, he noted that consumer expectations are shifting—trust is becoming a competitive advantage, and businesses that demonstrate such trust will reap rewards.

AI in Fraud Detection

As the discussion pivoted toward the role of artificial intelligence in fraud detection, leaders recognized the early yet promising advancements in this field. Mishra indicated that AI is now integral in identifying fraudulent insurance policies at their inception, using anomaly detection in policy submissions. Dey from Lendingkart added that various trust signals—ranging from behavioral analysis to synthetic identity detection—are increasingly functioning as business APIs within digital interactions.

Imperatives for Future Growth

As panelists reflected on the measures enterprises must undertake to outpace evolving threats, they unanimously identified four key imperatives:

1. Treat security as an enabler for growth rather than a hindrance to digital innovation.
2. Conduct thorough mappings of attack surfaces across hybrid and distributed environments, minimizing vulnerabilities.
3. Integrate trust and transparency into user experience and product design from the outset.
4. Strengthen governance and frontline awareness, ensuring employees are well-equipped to handle personal data responsibly.

To encapsulate the discussions, speakers collectively highlighted that trust should not be an optional feature but a core component woven into every stage of the business lifecycle. As one participant poignantly noted, “Trust is the most precious currency in the digital realm and is challenging to reclaim once lost.”

Through these conversations, a clear agenda is set for organizations aiming to navigate the complexities of data protection, meet evolving consumer expectations, and ultimately establish trust as a pivotal branch of modern business strategy.