MUMBAI: Banking and financial services providers have already warmed up to privacy laws. The sector is governed by stringent norms ensuring data privacy, but legislative oversight and enforcement need to be tightened. Amid the rise of digital transactions, use of Aadhaar and making PAN mandatory for cash transactions exceeding Rs 50,000, experts say, it’s time to have separate laws for financial data privacy in line with international practices.
Take for instance the UK, where the financial sector is regulated by the Banking Act, but financial data is monitored by the UK Data regulator. Likewise, the US regulates the financial sector through several acts, but the main legislation for financial data privacy is through the Gramm-Leach-Bliley Act. Ditto for Canada that has Personal Information Protection and Electronic Documents Act.
Indian banks too are governed by the IT Act 2000, under which, customers get compensated for data leakages, but analysts feel it doesn’t balance customers’ right to privacy with financial institutions’ need to share information for business purposes.
Though relevant laws exist the world over, the sector witnessed major breaches. Recall the Bank of America incident, which sold personal information of 35 million customers to marketers and third parties without customers consent and was forced to cough up $14 million in fines. Though we haven’t seen such massive violations here, minor, individual breaches exist involving state-run banks like SBI, Punjab National Bank, and Canara Bank.
RBI guidelines protect customer confidentiality and privacy under its ‘Right to Privacy’ and ‘Customer Confidentiality,’ laws, which are beefed up further in 2014 with a ‘Charter of Customer Rights.’
Regulations forbid banks from making unsolicited calls, delivering unsolicited credit cards, disclosing information to third-parties without consent and restricting information usage for cross-selling.
Interestingly, other laws exist like the sections under SBI Act 1955, Credit Information Companies Act 2005, and The Public Financial Institutions Act 1983, which are not just applicable to respective banks as a whole but also to respective directors, local boards, auditors, advisers, officers, and employees. But as more consumers use digital platforms, the need for severe action on violators, creating standardised privacy policies, besides conducting periodic internal and external audits becomes pronounced.
The sector is a repository of information, as all of us avail financial services of one form or the other. Be it taking loans or opening a bank account, customers provide personal information including names, phone numbers, address, income and details about assets. Besides, other sources including credit bureaus like Cibil share information to service providers.
Thanks to technology, spending habits are closely tracked and recorded with service providers, who at any given point will know exactly what you buy, how much you borrow, where you shop, and if you repay on time. Precisely for this reason, banking and financial services is among the ‘at-risk’ sectors and the most valuable service a bank can provide is to protect customers’ financial data privacy.