Given the rapid growth of the fintech sector in India and the lack of any national data protection framework, there is an urgent need to arrive at stop-gap measures to ensure robust information security standards for the sector. Owing to threats such as financial data leakages, malware attacks etc., information security standards are central to ensuring business and operational sanctity. We present a set of minimum guidelines, which privilege a co-regulatory framework for the fintech sector, that should be considered when building a regulatory framework for the fintech entities to ensure adequate data protection as well as the growth of the industry.