Page 308 - DMGT308_CUSTOMER_RELATIONSHIP_MANAGEMENT
P. 308
Unit 12: Customer Privacy
private data sits at the other end of the spectrum from the right to access public data. Rather than Notes
being contradictory, they operate antipodally from each other and give each other meaning.
The right to information under the RTI Act relates to such information as is available with a
public officials including work, documents, records, sample of information etc. which a citizen
has a right to access. This, in itself, is the inbuilt protection available for personal information.
Thus, just as an individual has the right to access public information, he has the right to prevent
unauthorized access to his personal information. In fact, there are several provisions in the RTI
Act which directly or indirectly reinforce that private information relating to an individual is to
be prevented from unauthorized disclosure. For example, Section 11 prescribes that information
relating to or supplied by a third party which has been treated as confidential by the third party
cannot be disclosed without his/her consent. Similarly Sub sections 8(1) (d), 8(1) (e) and 8 (1) (j)
exempts disclosure of personal information in various circumstances. As such, a well defined
data protection regime will be synergistic to the provisions of the RTI Act.
However, despite the existence of a specific exemption under Section 8 of the RTI Act, there is
still no clarity as to whether the personal data of public officials falls within the exemption.
Under the RTI Act, it might be possible for citizens to claim a public interest in accessing
personal information of such public servants and given that the law does not make this clear,
could use this provision to invade the personal privacy of a government servant. It may be
advisable to consider special provisions to address this lacuna in the proposed data protection
legislation.
12.1.9 Data Protection and Credit Verification
Credit verification is the bedrock upon which modern banking systems are based. In that context,
banks and financial institutions rely upon the ability to access personal information about
prospective borrowers in order to be able to assess whether or not they should be granted a
loan.
Once data protection legislation is passed would this result in a curtailment of this right and
consequently would this have a detrimental effect on the banking system?
Data protection statutes do not bar the collection of data. They merely regulate the manner in
which data is collected and processed. Most data protection legislations limit the processing of
the personal information for the purpose for which it was collected. Accordingly, so long as
personal information provided for verifying the credit-worthiness of a person is used for that
purpose alone, there would be no problem using such information under the proposed data
protection legislation.
Additional requirements could be imposed on the processing of such data. For instance the UK
Data Protection Act has specific provisions dealing with situations where the data controller is
a credit reference agency. The data protection law in Denmark lays down specific instances
when data about debts to public authorities can be disclosed to credit information agencies. The
act states explicitly that such confidential information will not be disclosed to the general
public. In Austria, applications to check information relating to the creditworthiness of an
individual can only be initiated after examination by the Data Protection Commission.
12.1.10 Data Protection and Private Investigative Agencies
There is a further potential conflict between the business of private surveillance and investigation
and personal data protection. Would the enactment of a data protection law result in the
curtailment of the freedom to trade of detective agencies?
LOVELY PROFESSIONAL UNIVERSITY 303
