In digital age, it’s prudent to have separate laws for financial data policy

Banking and financial services providers have already warmed up to privacy laws.

Published: 25th August 2017 08:34 AM  |   Last Updated: 25th August 2017 08:34 AM   |  A+A-

A cashier displays the new 2000 Indian rupee banknotes inside a bank in Jammu, November 15, 2016. (Photo | Reuters)

Image used for representational purpose. (Reuters)

Express News Service

MUMBAI: Banking and financial services providers have already warmed up to privacy laws. The sector is governed by stringent norms ensuring data privacy, but legislative oversight and enforcement need to be tightened. Amid the rise of digital transactions, use of Aadhaar and making PAN mandatory for cash transactions exceeding Rs 50,000, experts say, it’s time to have separate laws for financial data privacy in line with international practices.

Take for instance the UK, where the financial sector is regulated by the Banking Act, but financial data is monitored by the UK Data regulator. Likewise, the US regulates the financial sector through several acts, but the main legislation for financial data privacy is through the Gramm-Leach-Bliley Act. Ditto for Canada that has Personal Information Protection and Electronic Documents Act.

Indian banks too are governed by the IT Act 2000, under which, customers get compensated for data leakages, but analysts feel it doesn’t balance customers’ right to privacy with financial institutions’ need to share information for business purposes.

Though relevant laws exist the world over, the sector witnessed major breaches. Recall the Bank of America incident, which sold personal information of 35 million customers to marketers and third parties without customers consent and was forced to cough up $14 million in fines. Though we haven’t seen such massive violations here, minor, individual breaches exist involving state-run banks like SBI, Punjab National Bank, and Canara Bank.

RBI guidelines protect customer confidentiality and privacy under its ‘Right to Privacy’ and ‘Customer Confidentiality,’ laws, which are beefed up further in 2014 with a ‘Charter of Customer Rights.’
Regulations forbid banks from making unsolicited calls, delivering unsolicited credit cards, disclosing information to third-parties without consent and restricting information usage for cross-selling.

Interestingly, other laws exist like the sections under SBI Act 1955, Credit Information Companies Act 2005, and The Public Financial Institutions Act 1983, which are not just applicable to respective banks as a whole but also to respective directors, local boards, auditors, advisers, officers, and employees. But as more consumers use digital platforms, the need for severe action on violators, creating standardised privacy policies, besides conducting periodic internal and external audits becomes pronounced.

The sector is a repository of information, as all of us avail financial services of one form or the other. Be it taking loans or opening a bank account, customers provide personal information including names, phone numbers, address, income and details about assets. Besides, other sources including credit bureaus like Cibil share information to service providers.

Thanks to technology, spending habits are closely tracked and recorded with service providers, who at any given point will know exactly what you buy, how much you borrow, where you shop, and if you repay on time. Precisely for this reason, banking and financial services is among the ‘at-risk’ sectors and the most valuable service a bank can provide is to protect customers’ financial data privacy.

Stay up to date on all the latest Nation news with The New Indian Express App. Download now


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp