6 in 10 Indians report personal data breach by loan service provider: Survey – Times of India
With the personal data protection bill being withdrawn earlier this year and a new one in the works, citizens are increasingly voicing concerns over data privacy.
One of the most common complaints received in the financial sector have been about people receiving detailed alternate offers regarding their existing loans, insurance policies and banking.
Most respondents in the survey hold the last-mile of financial institutions, and in many cases employees, responsible for the breach. Most Indians also believe that any data protection law must create strong disincentives for compromising personal financial information of citizens.
On an aggregate basis, the survey found that, 59% of those with an existing loan have received detailed alternate offers to switch to another lending institution either via email, phone call, SMS, WhatsApp, etc. within the last 5 years. This indicates a massive data breach as the sender has access to an individual’s personal loan data which is being used to send unsolicited loan offers.
The survey found that personal data breach is increasingly common in the financial services sector with 59% of citizens claiming that their data has been compromised by loan agencies, 40% alleging that it has been the insurance provider and 34% believing that it is the banks that misused their data.
It is clear that people believe financial institutions are failing in their responsibility to protect their personal data.
When asked about how such data is getting compromised, a majority felt it was the weak internal and external governance at the financial institutions that was leading to it. Also, 53% felt that it was the service providers of these institutions that compromise personal data while 38% felt employees were involved as well.
A sizable 43% also felt that the institutions themselves were compromising their information or selling it.
All in all, the survey points to a clear need for a strong data protection law with clear disincentives for non-compliance, implemented effectively by financial institutions at every level.
The breach of data is not just confined to personal information. Union minister of state for finance Bhagwat Karad told Parliament in August this year that data fraud amounting to Rs.6,861 crore was reported by private and public sector banks in the first quarter of the current financial year.
Parliament was informed that Indian banks reported 248 data breaches between June 2018 and March 2022 resulting in theft of business and personal information mostly due to card details leakage. Of the 248 data breaches, 41 were reported by public sector banks, 205 by private sector banks and two by foreign banks.
Karad also stated that the Reserve Bank of India (RBI) has informed the Centre that it has issued guidelines on Cyber Security Framework for Scheduled Commercial Banks (SCBs) to implement cyber security and information technology (IT) controls, among other things, for prevention of data leakage from its systems.
The study received over 41,000 responses from citizens located in over 319 districts of the country. A total of 64% respondents were men while 36% respondents were women. As many as 45% respondents were from tier 1, 33% from tier 2 and 22% respondents were from tier 3, 4 cities and rural districts.