An Indian bank plans to improve the authentication mechanism for its banking system by implementing three factor authentication, in which one of the factors is biometric. Which of the following statement is not correct?
A. Section 43A of IT (Amendment) Act, 2008 will be applicable.
B. Privacy policy of the bank might need to be revised.
C. Authorization to be taken from IT Secretary of the respective state or union territory.
D. Consent for biometric processing needs to be taken from the data subject if not already taken.