Can An Employee Share People's Bank Information With Other Employees?

Due to the sensitive and extremely personal nature of the information that is transferred, recorded, and maintained, banking is one of the most vulnerable sectors to privacy abuses. Individuals must put their trust in banks with personal identifying information, financial records, account access information, and credit history. As a result, privacy violations are not taken lightly and have a significant impact on the person whose privacy has been breached.

Sharing personal information with third parties without consent for marketing purposes, stolen or lost banking number or card, sharing personal information or allowing access to third parties without informed consent, inadequate notification to an individual concerning what will be done with their data are all examples of privacy violations in the banking sector.

In the case of Punjab National Bank vs. Rupa Mahajan Pahwa, a bank was accused of supplying a duplicate passbook to an unauthorized individual of a joint saving bank account of a husband and wife that was kept with "operational instructions" of either or both survivors. The bank was deemed liable for the information disclosed, and a fine was imposed, along with instructions to investigate the actions of the personnel who provided information to the unauthorized individual. The fact that a bank employee gave an unauthorized person access to personal information begs the question of whether financial sector personnel should be subject to privacy legislation.

The Reserve Bank of India has published guidelines, regulations, and circulars on a regular basis, requiring banks to safeguard consumer confidentiality and privacy. Thus, the RBI's Master Circular on Bank Credit Card Operations, issued in July 2010, has an extensive section on "Right to Privacy" and "Customer Confidentiality" under the heading "Protection of Customer Rights."

Banks are prohibited from making unsolicited calls, providing unsolicited credit cards, and exposing client information to any third party without particular consent, among other things. Similarly, a specific clause on Customer Confidentiality Obligations may be found in the Master Circular on Customer Service in Banks, which was issued in 2009. The paragraph underlines and expands on the traditional banking responsibility of secrecy by prohibiting the use of client information for "cross-selling purposes."

It limits data collection by requiring banks to "ensure that information obtained from customers is related to the perceived risk, is not intrusive, and complies with the guidelines published in this respect."

The Information Technology Act of 2000, as revised in 2008, governs banks. The latter modifications include requirements requiring banks, among other things, to use reasonable security practices when it comes to their databases. Customers of banks can seek compensation for losses resulting from data leaks and unlawful sharing of information by banks for profit under the IT Act.

In conclusion, existing and past customers' confidentiality is a legal requirement for banks. Thus, the bank employees have a legal obligation to protect your information.

For a more detailed understanding, refer to the" Punjab National Bank vs Rupa Mahajan Pahwa" case study by clicking the case below.