During the budget session of Parliament, Congress MP Manoj Kumar questioned the central government in the Lok Sabha over unauthorized access to customers’ bank account details. He asked whether the government is aware that officials of banks and financial institutions can access detailed information related to their bank accounts such as balance, transaction history, KYC details and other financial data without the knowledge of the account holder? If yes, what are its details? Whether the Government has received any complaint regarding unauthorized or unexplained access to people’s bank account details by bank officials or third-party service providers; If yes, what are its details?
Further, is the Government proposing to impose a regulatory framework whereby each instance of access to customer data by any bank official or third-party must be mandatorily recorded along with the timing, employee identity and purpose? If yes, what are its details? And is the Government proposing to direct the Reserve Bank of India (RBI) to set up a customer data access log system and real-time notification mechanism, so that account holders are informed through SMS and email every time their data is accessed? If yes, what are its details?
Union Finance Minister replied to the question of Congress MP
On a question raised by Congress MP Manoj Kumar in the Lok Sabha, Union Finance Minister Nirmala Sitharaman said that confidentiality and privacy are of utmost importance in the financial services provided by the institutions (REs) regulated by the Reserve Bank of India (RBI). Banks are obliged to maintain the confidentiality of customer information under various laws, such as:
- State Bank of India Act, 1955 (Section 44)
- Banking Companies (Acquisition and Transfer of Undertakings) Act, 1970/1980 (Section 13)
- Regional Rural Banks Act, 1976 (Section 25)
- Credit Information Companies Act, 2005 (Section 29)
- Public Financial Institutions (Integrity and Secrecy) Act, 1983 (Section 3)
According to these laws, banks keep information related to their customers confidential and can share it only when required under law.
Nirmala Sitharaman gave detailed information in the House
Finance Minister Nirmala Sitharaman said in the House that according to public sector banks (PSBs), access to customer data is role-based and need-based. Only authorized officials can view the data for legitimate purposes and customer data access logs are preserved as an audit trail in the system. As per RBI guidelines, information is also given to third-party service providers only on ‘Need To Know’ basis. Banks have to ensure that customer data is kept secure and separate.
Regarding the complaints, he said that there is no information available with the RBI regarding unauthorized access by bank officials or third-parties and under Credit Information Companies (CICs), when a customer’s credit report is accessed, information is given through SMS or email.
Nirmala Sitharaman spoke on data security framework
Regarding data security framework, the Union Finance Minister said that the government has implemented the Digital Personal Data Protection (DPDP) Act, 2023. The DPDP Rules, 2025 (effective from November 14, 2025) provide a comprehensive and citizen-centric framework for data security and for compliance, public sector banks follow the guidelines of the following entities. in which,
- rbi
- UIDAI
- CERT-In
- Other government agencies are involved.
He said that banks have made their information security and cyber security policies in line with regulatory standards and best practices.
Also read: Mastermind of LeT module in 5 days police custody, big revelations expected from Shabbir Lone arrested in Delhi.