Protection to Bankers from disclosure of certain information to public
Banking is one of the most risky sectors as far as privacy is concerned due to the highly sensitive and personal nature of information which is often exchanged, recorded and retained. Although India has RBI guidelines and legislations to protect data, this blog post looks at the extent of those protections, and what are the areas that still need to be addressed.
Banking is one of the most at risk sectors for privacy violations due to the sensitive, and highly personal nature of information that is exchanged, recorded, and retained. Individuals must trust banks with personal identifying information, their ...view middle of the document...
Sometimes, the resulting breach of confidentiality is little more than technical (in other words, nothing really flows from it), but occasionally it can have major consequences.
the Tournier principles
First of all, a banker’s duty of confidentiality is not absolute. The 1924 case of Tournier v National Provincial and Union Bank of England sets out four areas where a bank can legally disclose information about its customer. These principles still hold good today and are:
* where the bank is compelled by law to disclose the information
* if the bank has a public duty to disclose the information
* if the bank’s own interests require disclosure; and
* where the customer has agreed to the information being disclosed.
Examples of privacy violations in the banking sector:
There have been many instances in which one of the above violations has occurred. The examples below demonstrate that a privacy violation of any nature is never as simple as “the disclosure of personal data” or “unauthorized access”. Each violation has a unique context that raises important questions that must be answered when forming a privacy legislation, while at the same time demonstrating the need for a certain level of privacy protection to be applied across the board in the financial sector.
2.1 Bank of America:
This example raises the question of who should be regulating the banking sector? If the banking sector should be subject to audits more frequently or more stringently? Under what circumstances should data transfer be permitted ie can financial institutions disclose encrypted account numbers to non-affiliated third parties as long as the access code is not provided? The example also demonstrates:
* The need for a customers personal data to be distinguished between public and non-public information.
* The need for opt out options for customers, so they can choose if personal information is shared with non-affiliated third parties.
* The need for restrictions on re-disclosure and re-use of transferred or disclosed data
2.2 Punjab National Bank
In 2008 in the case of the Punjab National Bank vs. Rupa Mahajan Pahwa a bank was charged of issuing a duplicate passbook of a joint saving bank account of a husband and wife being maintained with “operational instructions” of either or survivor, to an unauthorized person. The bank was held accountable for the disclosed...