Sidebar

Rabobank Desensitizes Client Data for GDPR and DevOps with IBM

Compliance / Privacy
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Rabobank, the Dutch multi-national bank and financial services company, is working with IBM to use cryptographic pseudonyms on its client's personal data to innovate and comply with new financial regulations in the EU.

Starting on 25 May, the General Data Protection Regulation (GDPR) seeks to create a harmonized data protection law framework across the EU and it aims to give citizens and residents back control of their personal data, whilst imposing strict rules on those hosting, moving and processing this data, anywhere in the world.

Rabobank is addressing GDPR compliance across a number of activities. In one project with IBM Services and IBM Research, the bank has cryptographically transformed terabytes of its most sensitive client data, including names, birthdates and account numbers, into a desensitized representation - meaning, it looks and behaves like the real data, but it's not.

Pseudonymization enhances privacy by replacing most identifying fields within a data record by one or more artificial identifiers, or pseudonyms, i.e. replacing a real name with a fictitious one. In addition, for GDPR the data is also processed in such a way that it can no longer be attributed to a specific data subject without the use of additional information. For example, without pseudonymization knowing the date of birth, and the home address can reveal the person's identity.

"IBM analytics software combined with our cryptographic desensitization engine achieves pseudonymization by converting the data into individual hash-based token keys which are completely impermeable today and in the future, even from a fault-tolerant quantum computer many years from now," said Michael Osborne, cryptographer, IBM Research. "This research is now a commercial technology available to address multiple compliance legislations, cross industry, around the world."

Besides helping towards GDPR compliance having the data desensitized also makes it easier for Rabobank's Radical Automation DevOps team to use the data for performance testing for the development of new innovative technologies and services, such as mobile apps and payment solutions.                                                                                                               

"It's critical for our DevOps team to use data which is as close as possible to production during the testing phase, so when we go live, we are confident that our services will perform," said Peter Claassen, Delivery Manager Radical Automation, Rabobank. "Being able to test and iterate using pseudonymized data is going to unleash new innovations from our DevOps team bringing even more security, innovation and convenience to our clients."

Rabobank and IBM Services have been running the project for the past year. Multiple key applications and platforms have been pseudonymized, including the current bank account and savings systems on mainframe, Linux, Tandem and Windows platforms.

Ultimately, the project will pseudonymize all payments applications and expand into other functional areas within the bank.

About Rabobank Group
Rabobank is an international financial services provider operating on the basis of cooperative principles. It offers retail banking, wholesale banking, private banking, leasing and real estate services. As a cooperative bank, Rabobank puts customers' interests first in its services. Rabobank is committed to being a leading customer-focused cooperative bank in the Netherlands and a leading food and agri bank worldwide. Rabobank employs approximately internal and external 43, 810 people. Rabobank Group is active in 40 countries.

For more information about the Rabobank Group go to www.rabobank.com.

About IBM Research 
For more than seven decades, IBM Research has defined the future of information technology with more than 3,000 researchers in 12 labs located across six continents. Scientists from IBM Research have produced six Nobel Laureates, 10 U.S. National Medals of Technology, five U.S. National Medals of Science, six Turing Awards, 19 inductees in the National Academy of Sciences and 20 inductees into the U.S. National Inventors Hall of Fame. For more information about IBM Research, visit www.ibm.com/research.

The IBM business model is built to support two principal goals: helping clients succeed in delivering business value by becoming more innovative, efficient and competitive through the use of business insight and information technology (IT) solutions; and, providing long-term value to shareholders. The business model has been developed over time through strategic investments in capabilities and technologies that have the best long-term growth and profitability prospects based on the value they deliver to clients. The company's strategy is to focus on the high-growth, high-value segments of the IT industry. The company's global capabilities include services, software, hardware, fundamental research and financing. The broad mix of businesses and capabilities are combined to provide business insight and solutions for the company's clients.

More Articles By This Author
BLOG COMMENTS POWERED BY DISQUS