Couple in Colaba were shocked when a bank sent a letter to their 10-yr-old daughter, without their knowledge or consent, saying an account had been opened in her name with details taken from UID
2013-01-24 07:35:28
January 24, 2013
MUMBAI
Naveen Nair
Heading out to enroll for a unique identity? Think twice before you provide your personal details while filling out the forms: the possibility of your personal details being leaked to a third party cannot be ruled out.
1: Applicants submit personal information of their family in the UID application form
Take for instance this couple based in Colaba, who were alarmed when a letter (see pic) arrived at their doorstep last week from the Indian Overseas Bank (IOB). It was addressed to their 10-year-old daughter, and claimed that a Savings Bank (SB) account had been opened under her name.
2: UID centre forwards the information to banks
The family is now racked with anxiety, having no clue how their personal data reached bank officials without their knowledge or consent. While the bank officials claim that the data is directly sent to them by the central government, UIDAI (Unique Identification Authority of India) officials say that no such information is forwarded to the banks without the consent of the applicant.
3: Bank uses the information to open accounts and then informs the customer about it. Graphics/Amit Bandre
Surprise package
Reshma Puri and her daughter Anamika (names changed on request) had applied for Aadhaar cards around eight months ago. Both already had existing accounts with banks other than IOB. Imagine their shock last week when the mailman delivered the letter from IOB. The letter, posted from the Nariman Point branch of IOB, claimed that an SB account in Anamika’s name had been opened on October 13, 2012, based on her Aadhaar details. The letter further requested her to visit the branch within 15 days armed with her Aadhaar ID card, to complete the procedure and activate the account.
Reshma Puri and her daughter Anamika (names changed on request) had applied for Aadhaar cards around eight months ago. Both already had existing accounts with banks other than IOB. Imagine their shock last week when the mailman delivered the letter from IOB. The letter, posted from the Nariman Point branch of IOB, claimed that an SB account in Anamika’s name had been opened on October 13, 2012, based on her Aadhaar details. The letter further requested her to visit the branch within 15 days armed with her Aadhaar ID card, to complete the procedure and activate the account.
A worried Reshma said, “The current accommodation we live in is provided by the government, and is thus transferable. My husband and I were both present when we applied for our daughter’s Aadhaar card, and we made sure that all the details were entered correctly. We are sure that we did not give any consent for an account to be opened for our daughter in any bank.”
She added, “We are surprised to see that our personal details have reached IOB officials, and they have forcefully opened an SB account. How can the UIDAI decide to share our data with a random bank and what if the provided data is misused? Aren’t we risking our personal security by providing our personal details during enrolment?
It is a kind of spam wherein the government and its subsidiaries are misusing our private information.” The final paragraph of the letter from IOB letter further requests the applicant to furnish the names, addresses and occupations of friends and relatives, particularly those staying abroad, so that the bank may contact them.
Spam or data theft?
Acknowledging the concerns raised by the Puris, Vijay Mukhi, a cyber expert, said, “I don’t believe that the government directly provides such data to any banks, it is lower rank officials working at private agencies to whom the UID data collection work is outsourced. It is the sole responsibility of the government to ensure that it is not leaked.”
Acknowledging the concerns raised by the Puris, Vijay Mukhi, a cyber expert, said, “I don’t believe that the government directly provides such data to any banks, it is lower rank officials working at private agencies to whom the UID data collection work is outsourced. It is the sole responsibility of the government to ensure that it is not leaked.”
Asked if the use of private information for marketing activities would fit the definition of spam, Mukhi said, “Spam is a smaller issue, this is a clear-cut case of data theft and should be looked into more seriously.” He suggested that the government implement measures that prevent others from copying such information from the database.
Reshma further explained that since their current residence is transferable, any such letter addressed to her daughter may arrive at the address in future in their absence, and a stranger may use the letter and operate the account facilities using forged documents.
Bank clarifies
H Mahadev, regional vigilance officer (RVO), IOB, said, “The central government started this process of opening accounts linked to a person’s Aadhaar details about five months ago. The sole purpose of opening these accounts is to channelise the subsidies provided by the government to the Aadhaar cardholder. These accounts are generated directly and accommodated into our system and then bifurcated to respective branches based on the applicant’s residential address.”
H Mahadev, regional vigilance officer (RVO), IOB, said, “The central government started this process of opening accounts linked to a person’s Aadhaar details about five months ago. The sole purpose of opening these accounts is to channelise the subsidies provided by the government to the Aadhaar cardholder. These accounts are generated directly and accommodated into our system and then bifurcated to respective branches based on the applicant’s residential address.”
He added, “The accounts are generated based on the consent provided by applicants at the time of his Aadhaar enrolment. If the applicant does not wish to operate this account, he or she should submit a letter mentioning the same.” Asked why details of friends and relatives were requested in the same letter, Mahadev said, “This is not part of the instruction provided by the central government. The respective branch may have included these requests as a part of their promotional activity.”
An official from the Nariman Point branch confirmed issuing a letter to Puri, saying, “We have received nearly 6,000 sets of data from our regional office and have randomly circulated letters to all the residents in our ward. Usually the account is expected to be opened in the name of the family’s head in order to avail of the government subsidy. Nearly 2,000 accounts have been activated and most of them are for local fishermen, who are likely to get their first subsidy by the year end.” Asked how a minor was sent the letter, the officer blamed it on system error, saying they are computer generated.
UIDAI’s take
Gurudutt Ray, assistant director general, UIDAI, said, “The central government does not directly open any accounts in a random nationalised bank. We do direct the banks to open an account linked to the Aadhaar details, if the applicant provides his consent for the same. In this case the applicant may have selected the option for opening a bank account linked to his Aadhaar number and IOB being in their vicinity, could have been directed to open the account.” Ray denied that personal data related to applicants is being provided to banks. He claimed that applicants have no obligation to activate the account.
Gurudutt Ray, assistant director general, UIDAI, said, “The central government does not directly open any accounts in a random nationalised bank. We do direct the banks to open an account linked to the Aadhaar details, if the applicant provides his consent for the same. In this case the applicant may have selected the option for opening a bank account linked to his Aadhaar number and IOB being in their vicinity, could have been directed to open the account.” Ray denied that personal data related to applicants is being provided to banks. He claimed that applicants have no obligation to activate the account.
Lawyers explain
No bank can unilaterally set up an account for you. In the case of minors, the guardian’s consent is necessary. If there is no consent, either express or implied, there is no way that an account can be set up that is basic contract law.
No bank can unilaterally set up an account for you. In the case of minors, the guardian’s consent is necessary. If there is no consent, either express or implied, there is no way that an account can be set up that is basic contract law.
Aditya Ajgaonkar, Advocate
There are know your customer (KYC) norms framed by the Reserve Bank of India which clearly say the customer has to open a bank account. Moreover, how can they open up a bank account which has no initial deposit in it?
Jabbar Shaikh, Advocate
Jabbar Shaikh, Advocate
