How private is information provided to a banker? Mohit Shukla describes and analyses the existing norms
Every day, people routinely provide personal information of various types and with varying degrees of sensitivity to banks, insurance agents and companies, telecom providers, hospitals, airlines, hotels, aggregators, travel websites, or even couriers. While a lot of this information is given with awareness, often that is not the case, as during dealings in the cyber world information can be captured and stored unbeknownst to the user, and without active consent.
Some information, such as family or income details, is provided with the knowledge that it is personal or sensitive or confidential. Yet not everybody appreciates this or knows much about how the information is stored and used, and quite who has access to it. Confidentiality is an integral element of trust and people trust those to whom the information is offered to treat it with respect. Is this trust misplaced?
The following is a brief, albeit not exhaustive, summary of some elements of the legal and regulatory framework for the protection of information in India, largely with respect to the financial services industry.
A COMMON BASIS
Banker’s secrecy, privacy or confidentiality obligations in India revolve around elements such as the nature of the banker’s duty as regards customers’ information, for how long that duty remains, and exceptions to the duty.
The duty itself is based in common law as articulated in court rulings in the UK. In Tournier v National Provincial and Union Bank of England (1924), the court observed that the duty of non-disclosure is a legal one arising out of contract and is qualified by disclosures under compulsion of law, or when there is a duty to the public, or where the interests of a bank require disclosure, or where disclosure is made with express or implied consent of the customer.
MOHIT SHUKLA is managing director and head of legal at Barclays India.