By Srinath Sridharan

Why is an unsolicited wealth manager from a brand I don’t know calling me to give me investment advice after a large credit transaction hits my bank account? This is not the relationship manager of my bank or its wealth division, which makes me wonder if my financial data is being disclosed. After repeated incidents, the answer is clear: data privacy is an uncomfortable truth that we don’t want to discuss.

Even though banking regulations promise strong data protection, these incidents undermine consumer confidence. The insurance industry is no better: just before policy renewals, unknown brokers and call centers flood us with detailed knowledge about our policies, raising serious concerns about data security.

Years ago, marketing companies collected personal information from passenger lists displayed in train compartments and couriers requested copies of the PAN card. Today, database researchers are turning to digital data pipelines and social media.

In some industries, regulations require entities to have a Chief Information Security Officer (CISO). Beyond this formal obligation, no one… industry participants or regulators – seems to care that in many cases the CISO is just a contractual hire on paper, for a pittance. The very person responsible for protection may be tempted to disclose data for a fee. In many cases, CISOs are entrepreneurs, just like the licensed pharmacists who lend their names to pharmacy licenses. Recently, there were allegations of a data breach at an insurance company involving a CISO. Yet, alarmingly, for almost a fortnight we have not heard publicly from the regulator.

Despite this ostrich mindset, data continues to leak like viral videos, while institutions pat themselves on the back for their supposedly robust data protection efforts. Ask any hacker and they will tell you that most entities’ data is available, whether through a hack or for the right price.

For every data breach made public, it is likely that many more others go unnoticed or unreported. It’s as if we live in a framework that “what you don’t know won’t hurt you.” Take the “do not disturb” framework in telecommunications. Despite years of weak and almost non-existent regulatory enforcement, the system remains ineffective. This, when India is a leader in the field of digital public infrastructure. And when violations occur, the typical response is that things are “improved” – a euphemism for “no bad news, not on my watch.”

The real concern is how regulators across sectors will adapt to the digital and data challenges posed by emerging technologies such as artificial intelligence. Disruptive technologies have the potential to bring about positive social change, but they also introduce great unknown risks. Yet many policymakers and regulators seem absorbed in good-natured presentations and lectures, without understanding the complexity of these technologies.

Where is technological expertise located within our regulatory systems, and how effectively is it applied when designing new regulations or strengthening technological oversight capabilities? In the past, policymakers faced relatively predictable advances and hierarchical social acceptance of their authority. No more. Today, a tech-savvy 16-year-old can create a disruptive bug in the system, leaving even the most experienced regulators scrambling. The solution is not to stifle new ideas, but to increase agility and make technology-driven approaches the foundation of regulation.

This change requires a new style of leadership in our institutions, one that values ​​technological expertise and talent over conventional hierarchies. Do we have leaders in our institutions who are agile, excited about the unknown, and able to foster such an environment?

Some of them have a resilient talent pool, eager to learn and adapt to changes in society, consumer behavior and technology. But these are exceptions. Most regulators evolve slowly, making incremental adjustments that maintain their relevance and strength, even as the gap between them and the tech world widens.

Regulators must now understand not only their sector but also the technologies that are transforming it. They must shed old habits, embrace younger talents, and lead from a place of knowledge, not outdated notions of seniority. Is this even possible in our current state of mind? What motivates political leaders in short-term positions to think long-term?

A key problem is lack of knowledge. Disruptive technologies are very complex and most policymakers, businesses and consumers do not fully understand how they work, their potential applications and their consequences. This information asymmetry makes informed policymaking difficult. Additionally, asymmetries exist between investors, businesses, consumers and regulators. Unlike traditional products and services, emerging technologies evolve in an iterative process, often leading to applications and impacts not initially anticipated (think platforms like social media or the Internet).

Under the guise of expertise, private actors could offer beneficial solutions but carry risks comparable to those of Trojan horses, embedding personal gain and network advantage at the heart of public systems. The subtlety of their influence often easily escapes scrutiny.

These challenges highlight the need for a more informed, flexible and forward-thinking regulatory approach that can keep pace with rapidly evolving technology. Traditional command-and-control and incentive-based policy tools are poorly suited to this, largely due to lack of information and the networked, decentralized nature of technological innovations.

This imbalance is pronounced due to the political urgency to demonstrate leadership in adopting technologies before other countries, even if the policies, laws and regulations in place are not sufficiently prepared to support them. The current regulatory framework – designed with traditional institutions in mind and based on requirements specific to an activity, entity or scale size – is outdated and inadequate.

Technology and regulation are often seen as opposing forces: technology drives markets, trade and growth, while regulation embodies governance, restraint and limits. Without a more coherent approach, we risk creating a system in which stakeholders are disillusioned, confused by the disconnect between policy, policy and regulation.

The author is a policy researcher and business advisor.

Disclaimer: Views expressed are personal and do not reflect the official position or policy of FinancialExpress.com. Reproduction of this content without authorization is prohibited.