Abstract:
In modern cyber world information security is paramount specifically when it comes to PII and Personal Data this has been a throbbing headache for not only Sri Lankas BFSI sector but this has been a problem for almost every country in the world Financial organizations are pressured by the legal bodies for adherence to various Legal Frameworks, But we must remember this is an Act to safeguard the BFSI sector and Data subjects of a country against various threat actors. However, in recent years, traditional, manual compliance methods are proving to be inadequate to meet the complex demands of modern financial operations.
The below research addresses these shortcomings by presenting a novel AI-powered compliance framework specifically designed in alignment with current PDPA guidelines. The solution enables real-time monitoring, detection, and automated remediation of privacy violations across financial systems and institutions. This multifaceted framework includes: a regulatory playbook that provides guidelines for PDPA adherence (e.g., consent management under Sections 13–15), an XGBoost-based log classifier for detecting anomalies across diverse data sources (e.g., Active Directory, firewalls), a web analysis toolkit for Data Protection Officers (DPOs) to evaluate internal and organizational sites (i.e. assessing cookies for retention risks and beacons for unauthorized tracking), and integrative AI insights powered by Groq LLM, for providing PDPA-specific recommendations and visual insights.
Innovations in this study include a hybrid rule-ML approach (i.e. configurable scoring for web risks, SMOTE-enhanced classifiers for log classification), explainability and safety mechanisms (e.g., feature importance mapping, secure data handling), and seamless legacy integration via custom APIs. Evaluations on augmented datasets revealed that the framework achieves over 98% PPI detection precision with average response times under 15 minutes,
