New Feature: Data Privacy Mode

By James Sweetman
Read Time: 4 minutes
TAINA technology, Data Protection, personal data, data privacy, PII, Personally Identifiable Information

TAINA releases new Data Privacy Mode

TAINA has launched a new feature designed for financial institutions to meet data privacy rules while making the most of TAINA's rules engine. It is called ‘Data Privacy Mode.’

Many countries have strict rules about keeping data secure, especially personal information (PII). These restrictions are in place to guard tax forms and sensitive personal data through cyberattacks. But these rules change per country regarding where an institution operates and stores data. This can make validating tax forms a real challenge.

In this world full of varying Data Privacy and Protection rules, TAINA's Data Privacy Mode comes as a simple solution. It helps financial institutions follow data privacy rules while keeping things efficient. With TAINA's innovation, compliance becomes less of a maze and more of a clear path.


What is Data Privacy? 

Data privacy refers to how data or personal information is collected, processed, used shared, and stored. Data protection is an important part of data privacy as it concerns how sensitive personal or confidential data is handled in accordance with regulatory requirements. 

Financial institutions must meet Data Privacy and Protection legal obligations. Non-compliance with these regulatory requirements can lead to fines, and in worse cases lost customer trust and revenue.


What Is Personally Identifiable Information (PII)? 

Personally identifiable information (PII) is sensitive information or data that when used alone or alongside other relevant data, can be used to identify a person.


Examples of this information include: 

  • Full name 

  • Email address 

  • Phone number 

  • Date of birth and birthplace 

  • Social Security Number (SSN), ID number, Passport number, National insurance number, Tax Identification Number (TIN) 

  • Driver’s license/vehicle plate number 

  • Home address/Mailing address

  • Credit card information 

  • Financial information 

  • Medical records 


Guidelines can vary but typically outline that PII should

  • not be collected unless necessary,

  • deleted if asked to do so by the originator or if the data is no longer needed for its stated purpose

  • not be shared with secondary organisations that cannot guarantee its protection. 

  • Financial institutions that share PII data about their clients normally utilize anonymization techniques such as encryption and obfuscation so that PII is received in a non-personally identifiable form.  


How do Data Privacy rules change per country?

Tax authorities in each jurisdiction have different data privacy regulations regarding the inclusion of PII on tax forms. These rules may even differ depending on the nature and purpose of the information being collected. Below are some jurisdictions that have specific laws regarding PII on tax forms: 

  • United States: The International Revenue Service (IRS) recommends that US taxpayers avoid including sensitive PII, such as Social Security Numbers (SSNs), on paper tax forms and instead recommend using a Taxpayer Identification Number (TIN). The IRS has also advised US taxpayers to be cautious when sharing sensitive personal information whilst using e-filing channels. 

  • European Union: Under the General Data Protection Regulation (GDPR), EU member states are required to protect sensitive PII data including those within tax forms. Between EU states the application of the GDPR principles (listed below) can vary. Germany, France, Austria, Netherlands, Sweden and Belgium all have been particularly noted for their stricter application of principles of

    • Consent: Get explicit permission for data use.

    • Transparency: Inform users how data will be used.

    • Purpose Limitation: Collect data for specific reasons only.

    • Data Minimization: Gather only necessary data.

    • Accuracy: Keep data accurate and up-to-date.

    • Storage Limitation: Retain data only as needed.

    • Accountability: Be responsible for data protection.

    • Individual Rights: Grant access, correction, and deletion.

    • Security: Safeguard data from breaches.

    • Cross-Border Transfers: Transfer data with care.

    • Breach Notification: Report breaches promptly.

    • Data Protection Officer: Appoint a data privacy expert.

    • Children's Data: Protect data of minors.

    • Lawfulness: Process data lawfully and fairly.

  • Switzerland: Outside of the European Union (EU) and therefore GDPR, Switzerland has its own primary data protection law -the Federal Act on Data Protection (FADP).

    • While Switzerland's data protection laws are not identical to the GDPR, they share many common principles e.g. transparency, purpose limitation, Individual rights, data minimization, accuracy etc.

    • Interestingly Switzerland is considered a "third country" under the GDPR, meaning that data transfers between the EU/EEA and Switzerland are subject to specific provisions. may need to use mechanisms such as Standard Contractual Clauses (SCCs) to ensure the protection of personal data.

For more accurate and current information about the specific laws for each jurisdiction please consult official sources or legal experts. 


What does this mean for Tax form processing?

  • Teams based in different areas may come under different restrictions depending on not only where they are based, but also where the tax form data they are processing is located

  • Tax operations who work in countries not only face regular challenges of form processing (keeping in line with the latest regulations, maintaining quality and efficient validation processes, and forming a clear audit trail) but also they will have to validate and store forms in a way that means they cannot be attributable to an individual.


TAINA can help in two ways  

  • 1. TAINA can host in a region that suits your business. This means data sovereignty is fully supported and for instance, EU data never leaves the EU. We are ‘live’ with many customers across Europe - including many who work in Switzerland and with Swiss customers.

  • 2. TAINA’s new Data Privacy Mode allows financial institutions to adhere to data privacy regulations whilst benefiting from TAINA’s rules engine. TAINA’s data privacy mode was designed to prevent Tax Operatives from viewing and or populating Personal Identifiable Information (PII).


How does ‘Data Privacy Mode’ work?

By switching on this feature in the TAINA Admin Portal, PII fields are intelligently filled to show the presence of data without compromising compliance needs or tax operation processing.  In addition to this, when a Tax Operative comes to a PII data field they can indicate that data is present but not provide the data itself.

TAINA technology, Data Protection, personal data, data privacy, PII, Personally Identifiable Information
TAINA technology, Data Protection, personal data, data privacy, PII, Personally Identifiable Information

This means that whilst the full benefit of TAINA Validation logic cannot be leveraged, Tax Operatives are able to meet PII requirements and use TAINA to take away complex and time-absorbing tasks like:

  • Certifying accounts for FATCA/CRS purposes.

  • Creation of an accessible digital resource, centralised review workflow, comments history and audit trail;

  • Validating Special Rates Claims and Treaty Claim validation;

  • Deriving Withholding Rates for specific payment types depending on form elections;

  • Calculating withholding and payment amounts for transactions (using our Transaction Engine)


We continually look to develop the TAINA platform and its features so if you have any feedback on this feature or would like to see it demo-ed please do request a demo.

We very much appreciate all the feedback from our stakeholders, clients and users without whom we would not be able to build a product that answers industry needs.

Whitepapers & Case Studies
Read More +
Webcasts & Videos
Read More +
News & Podcasts
Read More +