The securities market deals with a high amount of personal data, especially financial personal data. Aside from eKYC through Aadhaar, intermediaries and brokers often have vast access to their clients’ bank transaction logs and credit scores. The Srikrishna bill is one of the few privacy laws in the world — if it passes in its current form — to classify individuals’ financial data as sensitive and personal. This classification led to dissent from within the committee by DSCI CEO Rama Vedashree, which was published as an annexure to the official report itself.
SEBI and privacy
This comes even as SEBI seeks to have greater access to investors’ WhatsApp messages and call records in an attempt to curb insider trading. In March, the Business Standard reported that WhatsApp declined to share personal data of some users suspected in insider trading. The regulator has been investigating leaks of market-sensitive data on WhatsApp since November last year, and has reportedly been following up on four reports.
The regulator has also tried to get greater access to investors’ call logs. In September last year, SEBI issued a circular mandating brokers to record calls and messages where clients placed orders, to make sure that brokers did not engage in unauthorised trades. These calls need to be stored by brokers for three years. In 2014, the Bombay High Court ruled that SEBI is authorised, with safeguards, to seek call logs data of people under investigation.