- 07-Jun-2025
- Cyber and Technology Law
The Reserve Bank of India (RBI), as the central banking authority, has established detailed guidelines to ensure banks and financial institutions protect the privacy and security of their customers’ data. These guidelines focus on confidentiality, data security, breach management, and regulatory compliance.
Banks must maintain strict confidentiality of customer information and should not disclose it to unauthorized parties without customer consent, except when required by law or regulatory authorities.
The RBI’s Master Circular on Customer Rights emphasizes safeguarding customer data.
Banks must implement robust cybersecurity frameworks to protect customer data from hacking, theft, or misuse.
Regular risk assessments, security audits, and adoption of industry best practices are mandatory.
Use of encryption, multi-factor authentication, and secure data storage is strongly recommended.
Banks must have a clear, comprehensive privacy policy detailing how customer data is collected, used, stored, and shared.
This policy must be easily accessible to customers.
Customer data should only be used for purposes explicitly consented to by the customer.
Unauthorised use or sharing of data for marketing or other purposes is prohibited without consent.
Banks can share customer data with third-party service providers only under strict contractual agreements ensuring confidentiality and compliance with data protection norms.
Banks remain responsible for any data breach caused by outsourced entities.
Banks are required to promptly notify the RBI and affected customers in case of any data breach or cybersecurity incident involving customer information.
They must have an effective incident response plan to manage and mitigate such breaches.
Customer data should be retained only as long as necessary for the intended purpose or as required by law.
Secure disposal methods must be employed when data is no longer needed.
A bank maintains a detailed privacy policy explaining how customer transaction data is collected and used only for account management. The bank uses encryption and multi-factor authentication to secure online banking. When sharing data with a third-party payment gateway, the bank ensures the service provider complies with RBI data security guidelines. In case of a data breach, the bank promptly informs RBI and the affected customers, taking corrective action to prevent future incidents.
Answer By Law4u Team
Discover clear and detailed answers to common questions about Cyber and Technology Law. Learn about procedures and more in straightforward language.
