AA Community Guidelines - Storage of Data

E.g. a lender may declare a data life of 24 hours, to process the data shared by a borrower and underwrite the loan application.

FIUs are expected to “delete” the data, after the Data Life time-window expires.

However, the term “delete” is to be interpreted as a “Soft delete”, since it cannot contravene existing regulatory directives regarding long-term archival of data collected by the FIU.

Thus, an FIU is expected to continue adhering to existing regulatory norms with respect to “storage of data”, where it is understood that such stored data is not meant to be “processed” or “used” in any manner, other than dictated by existing regulatory norms.

All data stored on the AAs servers is encrypted by the FIP using the ECDH algorithm, using key material generated by the FIU. ThIs prevents the AA from being able to decrypt any data stored on its servers.

Further, a maximum period of 6 hours has been codified as a best practice by the AA community, for any such store-and-forward mechanism employed by the AA.

This implies that if an FIU is not able to pick the data up within 6 hours of the AA notifying it, the AA is expected to delete all data stored. Such a “Delete” is expected to be a hard-delete and not a “soft-delete”, i.e. the data is not expected to be “archived” in a separate area by the AA.

If the FIU picks the data up within 6 hours, the AA is expected to delete the data immediately after that.

An AA does not perform KYC of citizens and as such, does not collect any KYC information – such as OVDs (officially valid documents), proving identity or address.

An AA however collects and stores identifiers of its users – such as mobile numbers, email addresses, Date of birth, PAN – as mandated by FIPs to facilitate discovery and linking of FIP accounts.

All such PII (Personally Identifiable Information) is expected to be stored securely (employing IT best practices for data-at-rest and data-in-transit) by the AA.

If a citizen closes his/her profile with an AA, all PII is expected to be archived as per extant regulatory norms applicable to NBFCs, i.e. for a period of 6 years.

Consent artefacts 

All consent artefacts generated on behalf of citizens by an AA are expected to be stored, beyond the expiry of the artefact, for a maximum period of 6 years, as per extant regulatory norms.

This is to be discussed and Finalised within the AA community.

Transaction logs

All transaction logs spanning API interactions with FIUs and/or FIPs – and citizens’ activity logs spanning registration, discovery, linking, consent management – are expected to be stored as per extant information security best practices.

This is to be discussed and Finalised within the AA community.

Consent artefacts 

All consent artefact copies received from AAs are expected to be stored, beyond the expiry of the artefact, for a maximum period of 6 years, as per extant regulatory norms.

This is to be discussed and Finalised within the AA community.

Transaction logs

All transaction logs spanning API interactions with AAs are expected to be stored as per extant information security best practices.

This is to be discussed and Finalised within the AA community.

AA-integration activity logs

All activity logs pertaining to citizens getting redirected to AA client interfaces have to be stored as per extant information security best practices.

This has to be discussed and Finalised within the AA community.