Section 20 in The Credit Information Companies (Regulation) Act, 2005.

Title: Privacy principles

Description: Every credit information company, credit institution and specified user, shall adopt the following privacy principles in relation to collection, processing, collating, recording, preservation, secrecy, sharing and usage of credit information, namely:-- (a) the principles— (i) which may be followed by every credit institution for collection of information from its borrowers and clients and by every credit information company, for collection of information from its member credit institutions or credit information companies, for processing, recording, protecting the data relating to credit information furnished by, or obtained from, their member credit institutions or credit information companies, as the case may be, and sharing of such data with specified users; (ii) which may be adopted by every specified user for processing, recording, preserving and protecting the data relating to credit information furnished, or received, as the case may be, by it; (iii) which may be adopted by every credit information company for allowing access to records containing credit information of borrowers and clients and alteration of such records in case of need to do so; (b) the purpose for which the credit information may be used, restriction on such use and disclosure thereof; (c) the extent of obligation to check accuracy of credit information before furnishing of such information to credit information companies or credit institutions or specified users, as the case may be; (d) preservation of credit information maintained by every credit information company, credit institution, and specified user as the case may be (including the period for which such information may be maintained, manner of deletion of such information and maintenance of records of credit information); (e) networking of credit information companies, credit institutions and specified users through electronic mode; (f) any other principles and procedures relating to credit information which the Reserve Bank may consider necessary and appropriate and may be specified by regulations.

Title: Alteration of credit information files and credit reports

Description: (1) Any person, who applies for grant or sanction of credit facility, from any credit institution, may request to such institution to furnish him a copy of the credit information obtained by such institution from the credit information company. (2) Every credit institution shall, on receipt of request under sub-section (1), furnish to the person referred to in that sub-section a copy of the credit information subject to payment of such charges, as may be specified by regulations, by the Reserve Bank in this regard. (3) If a credit information company or specified user or credit institution in possession or control of the credit information, has not updated the information maintained by it, a borrower or client may request all or any of them to update the information; whether by making an appropriate correction, or addition or otherwise, and on such request the credit information company or the specified user or the credit institution, as the case may be, shall take appropriate steps to update the credit information within thirty days after being requested to do so: Provided that the credit information company and the specified user shall make the correction, deletion or addition in the credit information only after such correction, deletion or addition has been certified as correct by the concerned credit institution: Provided further that no such correction, deletion or addition shall be made in the credit information if any dispute relating to such correction, deletion or addition is pending before any arbitrator or tribunal or court and in cases where such dispute is pending, the entries in the books of the concerned credit institution shall be taken into account for the purpose of credit information.

Title: Unauthorised access to credit information

Description: (1) No person shall have access to credit information in the possession or control of a credit information company or a credit institution or a specified user unless the access is authorised by this Act or any other law for the time being in force or directed to do so by any court or tribunal and any such access to credit information without such authorisation or direction shall be considered as an unauthorised access to credit information. (2) Any person who obtains unauthorised access to credit information as referred to in sub-section (1) shall be punishable with fine which may extend to one lakh rupees in respect of each offence and if he continues to have such unauthorised access, with further fine which may extend to ten thousand rupees for every day on which the default continues and such unauthorised credit information shall not be taken into account for any purpose.

Title: Offences and penalties

Description: (1) Whoever, in any return or other document or in any information required or furnished by, or under, or for the purposes of, any provision of this Act, wilfully makes a statement which is false in any material particular, knowing it to be false, or wilfully omits to make a material statement, shall be punishable with imprisonment for a term which may extend to one year and shall also be liable to fine. (2) Every credit information company or a credit institution or any specified user, wilfully, performing any act or engaging in any practice, in breach of any of the principles referred to in section 20, shall be punishable with fine not exceeding one crore rupees. (3) Any credit information company or credit institution or specified user wilfully providing to any other credit information company or credit institution or specified user or borrower or client, as the case may be, credit information which is false in any material particular, knowing it to be false, or wilfully omits to make a material statement, shall be punishable with fine which may extend to one crore rupees. (4) Any person who contravenes any provision of this Act or of any rule or order made thereunder, or obstructs the lawful exercise of any power conferred by or under this Act, or makes default in complying with any requirement of this Act or of any rule or order made or direction issued thereunder, shall, if no specific provision is made under this Act for punishment of such contravention, obstruction or default, be punishable with fine which may extend to one lakh rupees and where a contravention or default is a continuing one, with a further fine which may extend to five thousand rupees for every day during which the contravention or default continues. (5) Where a contravention or default has been committed by a credit information company or credit institution or specified user, as the case may be, every person who, at the time the contravention or default was committed, was in charge of, and was responsible to the credit information company or credit institution or specified user for the conduct of its business, shall be deemed to be guilty of the contravention or default and shall be liable to be proceeded against and punished accordingly: Provided that nothing contained in this sub-section shall render any such person liable to any punishment provided in this Act if he proves that the contravention or default was committed without his knowledge or that he exercised all due diligence to prevent the contravention or default. (6) Notwithstanding anything contained in sub-section (5), where a contravention or default has been committed by a credit information company or credit institution or specified user, as the case may be, and it is proved that the same was committed with the consent or connivance of, or is attributable to any gross negligence on the part of its chairperson, managing director, any other director, manager, secretary or other officer of the credit information company or the credit institution, such chairperson, managing director, any other director, manager, secretary or other officer shall also be deemed to be guilty of that contravention or default and shall be liable to be proceeded against and punished accordingly. Explanation.--For the purposes of this section,-- (a) "company" means any body corporate and includes a firm or other association of individual, and (b) "director", in relation to a firm, means a partner in the firm.

Title: Cognizance of offences

Description: (1) No court shall take cognizance of any offence committed by a member of a credit information company and punishable under section 23 except upon a complaint in writing made by an officer of the credit information company generally or specially authorised in writing in this behalf by the credit information company or if so directed by the Reserve Bank so to do and no court other than that of a Metropolitan Magistrate or a Judicial Magistrate of the first class or any court superior thereto shall try any such offence. Explanation.--For the purposes of this sub-section, "member of a credit information company" shall mean a member referred to in section 15. (2) No court shall take cognizance of any offence committed by a credit information company punishable under section 23 except upon a complaint in writing made by an officer of the Reserve Bank generally or specially authorised in writing in this behalf by the Reserve Bank and no court other than that of a Metropolitan Magistrate or a Judicial Magistrate of the first class or any court superior thereto shall try any such offence.