another example of the Credit Card industry's deceptive advertising targeting children
cartoon of the month

Saturday, June 11, 2005

CIBIL the specific consent fraud exposed.

Dear Ms. Dalal, this matter pertaining to CIBIL, Standard Chartered Bank, and RBI is already in court. Please read my Hacking Complaint

Caveat emptor,
by Sucheta dalal
06 Jun, 2005

Last week, we pointed out that personal information provided to a plethora of government-mandated databases puts people at risk, in the absence of a Privacy Policy, with clearly enunciated rights, responsibilities and safeguards. Nikhil Ojha sent us his blog posting on how banks are already manipulating people to unknowingly sign away their rights. For instance, Standard Chartered Bank, he says, has sought a negative consent from its customers (the letter says ‘‘Non-receipt of any communication from your end by June 10th 2005 will be deemed as acceptance of consent and authorization’’) to share information about their account with ‘other’ parties. It claims that the consent is in accordance of a Reserve Bank circular ‘‘reference no. DBOD No. DL.BC.29/ 20.16.002/ 2002-03 directing all banks operating in India to periodically submit credit information pertaining to their customers to the Credit Information Bureau (India) Ltd. or any other agency authorized by the RBI. Ojha writes, ‘‘In a classic sleight-of-hand, the letter goes on to construct a clause for consent and authorization that goes far beyond what the RBI requires’’ and extends the consent and authorization to suit its own needs and agenda. The clause asks customers to agree to the following: ‘‘Authorize the bank to disclose to Credit Information Bureau (India) Ltd (CIBIL) or any other agency authorized by RBI or such other parties as the Bank shall deem fit’’ (‘the Bank’ is Standard Chartered not the Reserve Bank); ‘‘The Customer(s) also consent and authorizes CIBIL or any such other agency authorized by RBI or such parties as the Bank shall deem fit, to use, process the said information disclosed by the bank in the manner deemed fit by them and to furnish for consideration, the processed information or products thereof prepared by them, to banks/ financial institutions and other credit grantors or registered users, as shall be specified by RBI in this behalf or otherwise’’ (Emphasis provided). Can such a sweeping authorisation be sought by a negative consent? What right does any Bank have to pass on customer data to anybody without specific consent? Shouldn’t customers be made aware of what they are signing away? Will the central bank wake up to such mischief only when the matter finally lands in court?