Ideas for the Mambu Banking Engine

Allow Data Obfuscation via API

What:

It should be possible to obfuscate client personal data via an API call to the customer's ID - specifying the data fields to be obfuscated via that API call. The obfuscation should be non reversible and set the customer to "exited" state.

 

Why:

In most data protection laws exited clients of finance company have a right to be forgotten after a certain period of time. For example in Europe if the client did not have an account with the company for more than 10 years, all historic data personally identifying that client should be deleted.

In such a case the company may not want to fully delete the client record to have financial transaction data still available for processing (e.g. historical accounting records), but has an obligation to permanently anonymize such data as if it was deleted.

  • Frederik Pfisterer
  • Oct 10 2017
  • Shipped
  • Attach files