Directory of RSS feeds

RSS feeds in the directory: 374

Added today: 0

Added yesterday: 0

Business / Finance

Nothing personal: how to protect your personal data from unwanted curiosity banks themes of the day 18.07.2019 at 21:00

Banking and financial news on the website

Customers are increasingly suspect banks in the incorrect handling of personal data. Where are the boundaries of the law and how they indicate the financial organizations?

In 2018, the Russians filed over 10 thousand complaints against the banks by reason of incorrect work with personal data, it follows from the statistics of Roskomnadzor. According to authorities, the last couple of years the number of such requests is reduced, but the credit institution remains in the top list of "offenders". In the report for last year there is no information on the proportion of Bank customers filed complaints that were substantiated. In 2015 the results of the violation confirmed in 35% of cases.

the Banks.Roo studied the reviews on the forum and in the "people's rating" and identified five common reasons for customer dissatisfaction.

Attack ad

"I have got! No Council they do not! Constantly call and offer your credit cards and loans!! As you can already?! When all this is over!" — outraged one of the users of the "people's rating". He, like many Bank customers, ready to receive services, but without much advertising support.

"so my goal was six months ago to open in East Bank Deposit a small amount. Since my phone regularly going cold calls with different offers of financial services from the Bank. I put a contact in black list, but next time I get a call from a different number. Send SMS, send spam mail, well, that's enough. Why does man interfere with work?" wrote another disgruntled client.

According to the legislation, credit institutions are considered to be in Russia operators of personal data, i.e. the information that is required to uniquely identify the client. Personal data includes surname, name, patronymic, date and place of birth, address of registration, marital, social or property status, education, profession, income level, lists the partner of legal Bureau "Zamoskvorechye" Dmitry Shevchenko. Here enters the biometric information of banking and credit history, according to the conditions of processing of personal data on the websites of financial institutions. And this is only the obvious part of the personal data processed, emphasizes the Director of methodology and standardization of Positive Technologies Dmitry Kuznetsov.

information of this kind is necessary not only for identification but also to assess the client's solvency, says the Chairman of Board of Bank "the Renaissance the Credit" Sergey Korolev. Banks, like any personal data operators can work with personal information of the customer only with his consent, which he gives, as a rule, the first call to the credit institution. "Consent must be specific, informed and conscious", — stressed the head of practice of intellectual and information rights legal team "Yakovlev and partners" Anna Nikitova.

the Credit organization include in such documents all list the actions they would like to do with the information. It could be including on the transfer of data to partners, use them for promotional mailing or for analysis.

"All that will subscribe the client, and dispose of. Transmit within their group of companies in marketing, collectors — depending on which list of the companies present in the agreement to the processing of personal data" — said the head of practice "it security" "KSK Group" Alexey Rabotyagov.

If the consent form does not provide for a precise formulation, is to figure out the limits of the consent, recommends Nikitova. According to experts, a person can endorse some operations and deny others. For example, a customer may opt out of receiving promotional emails, Korolev said of the "Renaissance Credit". The availability of such an option was also confirmed in the savings Bank. About 15 large credit organizations, which were addressed by correspondent, did not answer this question.

to Unsubscribe only from promotional emails does not always and not immediately. Often have to first agree with everything, and then to withdraw consent to use personal data for marketing purposes, explains Rabotyagov. Lawyer Dmitry Shevchenko doubts that such waivers will have the effect of: "the Bank of SMS messages may not violate the rights of the client in relation to the provisions of the law on personal data. Moreover, sent messages do not usually indicate the personal data or other information which may identify a particular customer of the Bank."


If the customer wants to part with a credit institution, it does not automatically delete personal data. In theory, they are stored and used until there is an agreement of the parties. But in reality, many players are not in a hurry to get rid of valuable information.

"Faced with such a problem: I can't withdraw from a number of banks with your personal data! Come to the office of Rosselkhozbank, voicing my wish and give me that look you look and say that they never heard about this! Of course, I insisted on the statement but received no response after four months!" — shared negative experiences on the forum user under the name savelich74.

the Request to remove personal data should be submitted in a written form — directly in the office or by mail. The Bank must notify the customer that the requirement is fulfilled, explains Nikitova. The law defines 11 cases when the Bank may process personal data without the consent of the client, emphasizes Dmitry Kuznetsov. For example, if the information is necessary to protect the legitimate interests of the Bank.

Even if you revoke consent, the Bank will store the data in connection with the requirements of the Statute of limitations and financial control, says Rabotyagov. "Personal data is stored within the dates stipulated by law, for example, in the absence of a valid contract — within five years from the date of termination of the contract" — confirmed in the Raiffeisenbank. Sberbank announced the same term store the personal information of the client, citing the requirements of 115-FZ (the law "About counteraction to legalization (laundering) of incomes obtained in a criminal way and financing of terrorism". — Approx. ed.).

it Turns out that the right to review their personal data the client has, but the chances of a positive result — much less.

the Offer from a stranger

the Advertising and product offers are received by the customers from banks and organizations with whom they never communicated.

"Stop calling from different numbers with your suggestions! The consent for data processing at your Bank I did not give!" — the user complained of the "people's rating" in Tinkoff Bank.

Often, such interaction with clients gives the opposite effect. Instead of interest in the product, the Bank provokes irritation.

"Today in the mail comes an offer to get credit. No contact with the Bank, I was not. Why would the Bank began to offer me credit? In General, a major Bank is sending spam. Piss everyone off spam mailing with any suggestions. Now I will never return to this Bank to receive banking services," wrote a frustrated customer, the home Loan Bank.

the Law does not prohibit banks to obtain personal information of citizens from public sources. The same item is in most of the documents that describe the policy of credit institutions in respect of personal data. The question is, what is considered a public source.

for Example, in 2017 the savings Bank has informed on the intention to check borrowers on a "digital trail" — open data from social networks. It is unclear whether or not this applies to practice by the state Bank and other players, but some market participants pay attention to the fact that this approach carries certain risks.

National credit Bureau tried to collect public information in social networks, but in the end, faced with a lawsuit, said Scoring on the Case Forum marketing Director of nbki Alexey Volkov. "It's not even in question, whose data and in the matter of the subject and his consent. The court decided that the data in social networks are not open, no matter what anyone thought. Based on the understanding that for us as for the Bureau, for the structure overpublicize, the continuation of this practice is toxic, we have this project turned," — said the expert.

the Use of open data for "cold calls" — it is also a violation of the law, argue the sides of the "The organization must obtain your consent before the employee call center will dial your phone number," explains Kuznetsov. Another question is how to stop this activity of the Bank.

"You can leave a request to stop processing the telephone number, as well as to obtain information about the legal address to which you subsequently send a written request to delete your personal data. And also warn about responsibility for violation of legislation (administrative code, article 13.11) to indicate the intention to submit a complaint to Roskomnadzor," advises Nikitova. All true, but banks Dodge, notices of Rabotyagov: "they Say that on the phone such information will not give, come, write formally. Customers "score", and the Bank quietly removes them from Obvodnoy base."

According to Kuznetsov, the calls, usually do not the banks, and a third party, so to prosecute such a call center is extremely difficult.

that guy

Outsiders may be not only the Bank but the client. Often people receive messages that they do not touch. For example, the Bank is calling about someone else's debt. "Keep calling every day. A man left as a contact my phone number. Looking for the debtor, elicit my personal information, talking as if I owe them, rude, demanding. Why when taking out a loan you don't call left you with additional phone numbers??? I forbid you to bother me, a person who does not know any of your debtors," complained one user, "people's rating" on the Bank "East".

the Credit institution may ask the borrower to leave contact third parties for communication. The experts have no opinion if it counts as a violation of the law "On personal data". "The Bank may be asked to provide phone numbers of relatives to contact the customer, if provided direct numbers, the Bank will not be able to reach him. Separate consent is required of either the client informs third parties about the further processing of their personal data by the Bank, or directly notifies the Bank", — says Deputy Chairman of "Renaissance Credit". Raiffeisenbank contradictions also saw: "a Set of data, such as name and phone number, does not identify specific individuals".

"This approach does not coincide with the basic idea of the law, but the banks are stalling. Sometimes pay fines, but in General take risks," summarizes Rabotyagov. In such cases, the lawyers recommend customers to contact the Bank and write the application for cancellation of personal data. Base, in particular, it may be that you are not party to the contract.

the Leak without evidence

Advertising is the least of the troubles that can happen. Bank customers are more concerned about a situation when there are signs of leakage of personal data from the Bank.

"for several years, keep the deposits in the Moscow Credit Bank, deposits large enough. And every time I replenish the Deposit, as the day calls start coming in from all commercial organizations with proposals to invest my money on more favorable terms, the situation lasts not the first year... please Advise what to do?! It turns out that the employees sell or transmit free information about my accounts, my address, etc.!" — wrote user forum Banks.Roux under the name KateV.

Similar suspicions are raised by the clients, when on behalf of the Bank, they start calling the scammers. "When you call specifically to the customer of the Bank, owning personal data, you call a highly trained fraud, as in my case, I called with the hotline of the Bank (in another room I wouldn't). Many people write that Bank employees leaked info (some banks told me that money can buy everything)," said new posts under the nickname 777kolibri_2010.

the Russian legislation provides for liability of the operator for the leakage of personal data or incorrect work with them. This may be an administrative fine of 75 thousand rubles for each violation, said Dmitry Shevchenko. In 2018, the Roskomnadzor has written such penalties 3.9 billion. "If the disclosure of personal data resulted in civil consequences, for example, caused moral damage, or disclosure led to the loss of the subject of personal data, may be sued for damages and compensation of moral harm", — said Nikitova.

However, the leakage of personal information still need to prove, underline the sides of the "It's almost unreal, so as not to prove that there's damage. That's leaks the data and money, then another question," — says Rabotyagov. "To attract the operator who allowed the leak to justice, will have to prove that he is or has violated the requirements of security or leaked the data knowingly," concluded Kuznetsov from Positive Technologies.

experts ' Opinions confirmed by statistics. According Pravoy last year Russian courts have considered a total of 160 claims of customers to the Bank, which concerned the violation of the law "On personal data". Only 16% of complaints were upheld in full or in part. In 2017, this indicator was at 15.5%, even though these disputes, the courts considered five times more. In recent years, the Russians began with great trepidation to treat the subject of personal data, says Nikitova. In addition, tougher responsibility for violation of the law. This affects the judicial practice, although the figures do not argue: the Russians rarely go to court to protect their personal data and even more rarely win in the debate.