22 July 2018
Visit www.avoka.com

Rabobank enlists IBM to desensitise client data for GDPR

05 April 2018  |  15124 views  |  1 Rabobank web logo

Rabobank is working with IBM to use cryptographic pseudonyms on its clients' personal data to help comply with the EU's new General Data Protection Regulation (GDPR).

Coming into effect at the end of May, GDPR will create a harmonised data protection law framework across the EU with the aim of giving citizens back control of their personal data, whilst imposing strict rules on those hosting, moving and processing it.

As part of its efforts to comply with the new rule, Rabobank has teamed up with IBM to cryptographically transform terabytes of its most sensitive client data - including names, birthdates and account numbers - into a desensitised representation, meaning it looks and behaves like the real data, but is not.

Identifying fields within a data record are replaced by pseudonyms, i.e. replacing a real name with a fictitious one. In addition, for GDPR the data is also processed in such a way that it can no longer be attributed to a specific data subject without the use of additional information.

The partners have been working on the project for the last year, with multiple key applications and platforms already pseudonymised, including the current bank account and savings systems on mainframe, Linux, Tandem and Windows platforms. Ultimately, the project will pseudonymise all payments applications and expand into other functional areas within the bank.

Michael Osborne, cryptographer, IBM Research, says: "IBM analytics software combined with our cryptographic desensitisation engine achieves pseudonymisation by converting the data into individual hash-based token keys which are completely impermeable today and in the future, even from a fault-tolerant quantum computer many years from now."

The move not only helps with GDPR compliance, says Rabobank, it also makes it easier for its so-called Radical Automation DevOps team to use the data for performance testing of new technologies and services, such as mobile apps and payment solutions.

Peter Claassen, delivery manager, radical automation, Rabobank, says: "Being able to test and iterate using pseudonymised data is going to unleash new innovations from our DevOps team bringing even more security, innovation and convenience to our clients."

Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 06 April, 2018, 17:25

I recently learned that it's possible to de-anonymize most anonymized datasets on consumer-grade laptops by using algorithms like the one from Narayanan and Shmatikov. A partial deanonymization of 1.1B anonymized taxi rides in NYC can be found at https://tech.vijayp.ca/of-taxis-and-rainbows-f6bc289679a1. I hope IBM's "cryptographic desensitisation engine" will produce pseudonymous data that is impervious to these de-anonymization techniques.

Be the first to give this comment the thumbs up 0 thumb ups!
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Mizuho and IBM build market forecasting tool that mimics brain's learning schemes

Mizuho and IBM build market forecasting tool that mimics brain's learning schemes

27 March 2018  |  8563 views  |  0 comments | 5 tweets | 5 linkedin
Rabobank sets up EUR60 million tech venture fund

Rabobank sets up EUR60 million tech venture fund

31 January 2018  |  7585 views  |  0 comments | 5 tweets | 6 linkedin
How banks are leveraging the power of regtech - new Finextra research

How banks are leveraging the power of regtech - new Finextra research

23 October 2017  |  12662 views  |  0 comments | 27 tweets | 11 linkedin
Rabobank constructs physical model to understand IT architecture

Rabobank constructs physical model to understand IT architecture

22 August 2017  |  96522 views  |  10 comments | 98 tweets | 204 linkedin
EU banks could face fines totalling €4.7 billion in the first three years under GDPR

EU banks could face fines totalling €4.7 billion in the first three years under GDPR

15 June 2017  |  12287 views  |  0 comments | 19 tweets | 33 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit http://go.jumio.com/finextraAdVisit https://secure.vasco.comVisit info.nice.com

Who is commenting?

Top topics

Most viewed Most shared
Calmejane quits Lloyds Bank to join SocGenCalmejane quits Lloyds Bank to join SocGen
13853 views comments | 7 tweets | 8 linkedin
Hong Kong plans September go-live for blockchain-based trade financeHong Kong plans September go-live for bloc...
11469 views comments | 9 tweets | 17 linkedin
Mastercard enlists Worldpay to push Vocalink's Pay by Bank appMastercard enlists Worldpay to push Vocali...
10244 views 19 comments | 15 tweets | 30 linkedin
IBM to test dollar-pegged 'stablecoin'IBM to test dollar-pegged 'stablecoin'
7632 views comments | 4 tweets | 14 linkedin
Bringing about new systems and faster payments globallyBringing about new systems and faster paym...
7492 views comments | 2 tweets | 7 linkedin

Featured job

to GBP £120K base, double ote, benefits
Frankfurt, Germany

Find your next job