IBM brings desensitise touch to Rabobank’s client data
Rabobank is working with IBM to use cryptographic pseudonyms on its clients’ personal data to comply with new financial regulations in the EU.
Starting on 25 May this year, the General Data Protection Regulation (GDPR) seeks to create a data protection law framework across the EU and it “aims to give citizens back control of their personal data, whilst imposing strict rules on those hosting, moving and processing this data, anywhere in the world”.
As required, Rabobank is addressing GDPR compliance across a number of activities. In one project with IBM Services and IBM Research, the bank has “cryptographically transformed” terabytes of its most sensitive client data, including names, birthdates and account numbers, into a desensitised representation – “meaning, it looks and behaves like the real data, but it’s not”.
Peter Claassen, delivery manager radical automation, Rabobank, says: “Being able to test and iterate using pseudonymised data is going to unleash new innovations from our DevOps team bringing even more security, innovation and convenience to our clients.”
According to IBM, pseudonymisation enhances privacy by replacing most identifying fields within a data record by one or more artificial identifiers, or pseudonyms, i.e. replacing a real name with a fictitious one.
In addition, IBM explains that for GDPR the data is also processed in such a way that it can no longer be attributed to a specific data subject without the use of additional information. For example, without pseudonymisation knowing the date of birth, and the home address can reveal the person’s identity.
Besides GDPR compliance, IBM states that Rabobank’s radical automation DevOps team can use the data for performance testing for other development – such as mobile apps and payment solutions.
Rabobank and IBM have been running the project for the past year but have only just gone public.
Multiple key applications and platforms have been pseudonymised, including the current bank account and savings systems on mainframe, Linux, Tandem and Windows platforms.
IBM adds: “Ultimately, the project will pseudonymise all payments applications and expand into other functional areas within the bank.”
Networks and agendas
Both Big Blue and the bank have been keeping busy of late.
Yesterday (4 April), IBM said it became a founding “steward” of the Sovrin Network, to help create, operate and maintain its decentralised digital identity network. Joining this club is just another step in IBM’s deepening involvement in blockchain.
Last month, we had an interview with Harrie Vollaard, head of FinTech Ventures at Rabobank, about the key to building a successful digital agenda.