For our scholarship program, we collect Aadhar copies and bank account details from students for fund transfers. Right now, we are just storing these scanned copies in a Google Drive folder. Is this safe enough? With all the new data protection laws coming, what is the minimum we should do to protect others sensitive information?
Storing sensitive documents like Aadhar copies and bank account details directly on Google Drive is not enough under India’s latest data protection laws, as it is not fully privacy-respecting: Google holds the encryption keys and can technically access files if required.
With India’s new Digital Personal Data Protection Act (DPDP), you are required to:
-
Get clear, written consent for collecting sensitive data;
-
Notify people about what you collect, why, and how you store/use it;
-
Take strong security steps: encryption, access controls, and audit logs;
-
Protect against unauthorized access or data leaks.
For a safer, open-source, privacy-respecting alternative, consider these steps:
-
Encrypt all files before uploading: (using tools like Cryptomator or VeraCrypt).
-
Use open-source encrypted cloud storage: such as Proton Drive, Nextcloud, or CryptPad. These solutions support end-to-end encryption, and you (not a tech company) hold the decryption keys.
-
Restrict access: only share files with those who really need them.
These steps help comply with the law and keep sensitive student information protected,even if your cloud storage provider is compromised.
1 Like
Wow thanks @JinsoRaj this is very useful!