CA Members' Data Protection: CAAS writes ICAI to Not to Publish Members’ Directory due to Cyber Risks
CAAS submits that discontinuance of Members’ Directories is no longer a matter of administrative preference but an institutional necessity in the contemporary AI-driven environment.
The Chartered Accountant Association of Surat has written to Institute of Chartered Accountants of India ( ICAI ) to not publish the directory of members either in physical or freely accessible way due to rise of cyber frauds and risks.
According to the Association, the directory has contained sensitive personal and professional information such as photographs, membership numbers, addresses, mobile numbers, email IDs and dates of birth.
The association has worried about the safety of the members and such consolidated data has become the primary and most vulnerable leakage point for misuse.
“While such directories were historically intended for professional networking, CAAS is of the firm view that, in the present era of Artificial Intelligence, data scraping and automated cyber frauds, the risks arising from publication of Members’ Directories far outweigh any residual utility” , says the Association.
The profession of Chartered Accountants is a trusted profession and it is likely to get cyber attacks. ‘Any compromise of a member’s identity through misuse of directory data not only harms the individual member but also undermines public confidence in the profession as a whole’ added CAAs in its letter to the ICAI.
The association has urged the Institute to adopt the principle of institutional data custody, under which all personal and sensitive information of members remains exclusively within ICAI’s secure systems.
CAAS requested ICAI to immediately stop publishing or circulating Members' Directories in physical form or in freely shareable digital formats, stating that data protection has become an institutional necessity in the artificial intelligence context.
They have also called on ICAI to make sure that members' data is not shared, transferred, or made accessible to any third parties, including marketing and advertising agencies.
Additionally, the association has proposed that any professional networking should only be met by authenticated access to ICAI's official digital platforms with adequate safety precautions in place.
The association, when a person's status as a chartered accountant needs to be publicly verified, has suggested that this be done only through a restricted and controlled search function on ICAI's official platform, providing very little and non-sensitive data only for the purpose of verification.
‘CAAS submits that discontinuance of Members’ Directories is no longer a matter of administrative preference but an institutional necessity in the contemporary AI-driven environment. ICAI, as the custodian of the profession, is uniquely positioned to set a clear and uniform standard in this regard’, requested the accounting association to the institute.
