Privacy Mode was launched in April 2020 as a platform to aggregate learnings from India’s tech ecosystem about doing better data privacy and improving trust among consumers.
With two years behind, what is the relevance of Privacy Mode to industry practitioners? Tell us how Privacy Mode can make an impact.
Using Privacy Mode BPGs
At Zerodha, we collect logs and ingest them into our pretty-much standard out-of-the-box setup of ELK with some minor configuration for scaling up. Due to our regulatory obligations, we need to have specific retention policies for storing logs. These could include access logs as well as application logs which are usually ingested from various multiple instances of internal apps. We apply the masking to critically sensitive data, for example, application access tokens which can be potentially used to gain temporary unauthorized access to the systems.
Due to reasons such as regular audits by regulator-appointed system auditors we are subject to storing logs without masking certain PII or user identifiers. This is needed to provide audit trails for the auditor to review as well as handle and respond to user complaints, for example, to the exchanges. We, therefore, store data as per the regulations, but on the UI as well at the application level mask the data, for example, our API responses, which are then displayed to the outside world.
We can validate that it’s a sensible choice to follow the guide shared by Ayush (Masking Sensitive Data Logs with Logstash). It is not that difficult to implement and it should be adopted as a best practice by other organizations as well.