Section 18 in The Credit Information Companies (Regulation) Act, 2005.
Title: Settlement of dispute
(1) Notwithstanding anything contained in any law for the time being in force, if any dispute arises amongst, credit information companies, credit institutions, borrowers and clients on matters relating to business of credit information and for which no remedy has been provided under this Act, such disputes shall be settled by conciliation or arbitration as provided in the Arbitration and Conciliation Act, 1996 (26 of 1996), as if the parties to the dispute have consented in writing for determination of such dispute by conciliation or arbitration and provisions of that Act shall apply accordingly.
(2) Where a dispute has been referred to arbitration under sub-section (1), the same shall be settled or decided,--
(a) by the arbitrator to be appointed by the Reserve Bank;
(b) within three months of making a reference by the parties to the dispute:
Provided that the arbitrator may, after recording the reasons therefor, extend the said period up to a maximum period of six months:
Provided further that, in an appropriate case or cases, the Reserve Bank may, if it considers necessary to do so (reasons to be recorded in writing), direct the parties to the dispute to appoint an arbitrator in accordance with the provisions of the Arbitration and Conciliation Act, 1996 (26 of 1996), for settlement of their dispute in accordance with the provisions of that Act.
(3) Save as otherwise provided under this Act, the provisions of the Arbitration and Conciliation Act, 1996 (26 of 1996) shall apply to all arbitration under this Act
Title: Accuracy and security of credit information
A credit information company or credit institution or specified user, as the case may be, in possession or control of credit information, shall take such steps (including security safeguards) as may be prescribed, to ensure that the data relating to the credit information maintained by them is accurate, complete, duly protected against any loss or unauthorised access or use or unauthorised disclosure thereof.
Title: Privacy principles
Every credit information company, credit institution and specified user, shall adopt the following privacy principles in relation to collection, processing, collating, recording, preservation, secrecy, sharing and usage of credit information, namely:--
(a) the principles—
(i) which may be followed by every credit institution for collection of information from its borrowers and clients and by every credit information company, for collection of information from its member credit institutions or credit information companies, for processing, recording, protecting the data relating to credit information furnished by, or obtained from, their member credit institutions or credit information companies, as the case may be, and sharing of such data with specified users;
(ii) which may be adopted by every specified user for processing, recording, preserving and protecting the data relating to credit information furnished, or received, as the case may be, by it;
(iii) which may be adopted by every credit information company for allowing access to records containing credit information of borrowers and clients and alteration of such records in case of need to do so;
(b) the purpose for which the credit information may be used, restriction on such use and disclosure thereof;
(c) the extent of obligation to check accuracy of credit information before furnishing of such information to credit information companies or credit institutions or specified users, as the case may be;
(d) preservation of credit information maintained by every credit information company, credit institution, and specified user as the case may be (including the period for which such information may be maintained, manner of deletion of such information and maintenance of records of credit information);
(e) networking of credit information companies, credit institutions and specified users through electronic mode;
(f) any other principles and procedures relating to credit information which the Reserve Bank may consider necessary and appropriate and may be specified by regulations.
Title: Alteration of credit information files and credit reports
(1) Any person, who applies for grant or sanction of credit facility, from any credit institution, may request to such institution to furnish him a copy of the credit information obtained by such institution from the credit information company.
(2) Every credit institution shall, on receipt of request under sub-section (1), furnish to the person referred to in that sub-section a copy of the credit information subject to payment of such charges, as may be specified by regulations, by the Reserve Bank in this regard.
(3) If a credit information company or specified user or credit institution in possession or control of the credit information, has not updated the information maintained by it, a borrower or client may request all or any of them to update the information; whether by making an appropriate correction, or addition or otherwise, and on such request the credit information company or the specified user or the credit institution, as the case may be, shall take appropriate steps to update the credit information within thirty days after being requested to do so:
Provided that the credit information company and the specified user shall make the correction, deletion or addition in the credit information only after such correction, deletion or addition has been certified as correct by the concerned credit institution:
Provided further that no such correction, deletion or addition shall be made in the credit information if any dispute relating to such correction, deletion or addition is pending before any arbitrator or tribunal or court and in cases where such dispute is pending, the entries in the books of the concerned credit institution shall be taken into account for the purpose of credit information.
Title: Unauthorised access to credit information
(1) No person shall have access to credit information in the possession or control of a credit information company or a credit institution or a specified user unless the access is authorised by this Act or any other law for the time being in force or directed to do so by any court or tribunal and any such access to credit information without such authorisation or direction shall be considered as an unauthorised access to credit information.
(2) Any person who obtains unauthorised access to credit information as referred to in sub-section (1) shall be punishable with fine which may extend to one lakh rupees in respect of each offence and if he continues to have such unauthorised access, with further fine which may extend to ten thousand rupees for every day on which the default continues and such unauthorised credit information shall not be taken into account for any purpose.