Don’t bank on them for confidentiality

Pushpa Girimaji

If a customer’s personal information meant for banking purposes was being used for cross-selling various products by banks, their subsidiaries and affiliates, it constitutes a deficient service under the Consumer Protection Act. And you can seek redress through the consumer courts constituted under the Act

Sometime ago, while taking a housing loan from a bank, I had filled up a detailed application form, giving information about my assets and liabilities, including fixed deposits, shares and insurance policies held by me. Within months of this, I started getting calls from an insurance company which has a tie-up with this bank, asking me to buy some policies. I also got calls from the investment banking division of the bank, asking me to invest in some mutual funds, etc. It was obvious that the loan department had leaked out information about my finances. Is this not infringing on my privacy? Are there no norms against such acts?

What the bank has done is totally incorrect, illegal and unfair. Maintaining the confidentiality of the information given by the customer is an implied term of the contract between the banker and the customer and the bank cannot violate this term. Yet, you find banks and other financial institutions sharing personal data and in some cases, even selling them.

In fact, the banking regulator, the Reserve Bank of India, has been warning banks against such unethical practices for quite some years now. You may remember that in 2002, the RBI introduced ‘know your customer’ practice for all banks, under which banks were asked to collect certain information about their customers at the time of opening the account. The requirement was meant to prevent financial frauds, use of banks for money laundering and for funding terrorist activities. However, the RBI soon noticed that while complying with this requirement, the banks were also collecting a lot of additional personal information and using it for purposes other than what the RBI had intended it to be.

Noting that the information collected from the customer was being used for cross-selling of services of various products by banks, their subsidiaries and affiliates and sometimes such information was also provided to other agencies, the RBI reminded the chief executives of all commercial banks that the information provided by the customer was confidential and divulging any details thereof for cross selling or any other purpose would constitute breach of customer confidentiality obligations. . Obviously banks are not listening.

What action can I take against the bank in this case?

Last December, the Reserve Bank of India released a ‘Charter of Customer Rights’ and asked all banks to formulate such charters. The five broad principles of customer protection enumerated under the charter were: (i) Right to a fair treatment; (ii) Right to transparency; fair and honest dealing; (iii) Right to suitability; (iv) Right to privacy; and (v) Right to grievance redress and compensation.

Under the ‘Right to privacy’, the RBI made it clear that banks should keep customers’ personal information strictly confidential. The only exceptions to the rule were where the bank was compelled by law to disclose such information; where the bank had a public duty to make a disclosure or where the customer had agreed to such disclosure.

And now this year, almost all banks have formulated their own ‘charter of customer rights’ on the basis of the RBI guideline. Thus, any breach of customer’s privacy, contravenes what the banks are promising customers under the charter and such contravention obviously constitutes a deficient service under the Consumer Protection Act. And if such breach of confidentiality has caused you harm or financial loss or harassment, you can seek redress through the consumer courts constituted under the Act.

Under the Charter of Customer Rights, too, the banks promise to compensate the customer for lapses in conduct as well as non-performance or delays in performance. So since this constitutes lapses in conduct, the bank should compensate the consumer. If they do not, you can seek redress through the Banking Ombudsman, too. However, you have to convince the Ombudsman or the consumer court about the breach of privacy and also the suffering or harassment undergone by you and also loss, if any, suffered by you as a result of such misconduct on the part of the bank.