by Ms. Sabrina Mahisha

Generally, foreign financial institutions provide loans to individuals directly or through banks. An individual (Applicant) can submit his personal information along with an Application to the Financial Institution with respect to the primary perusal of the Financial Institution. On the other hand, the Financial Institutions may offer loans to the Applicants through Banks; in this case, the personal information of the Applicant is submitted to the Financial Institutions through Banks. After collecting this information, financial institutions generally send this information to their head office, where this information is stored and later scrutinized to justify the creditability of the Applicant in availing of the Loan. Due to the advancement of technology and convenience, financial services companies are more likely to use cloud storage systems to store necessary information and client databases. Hence, this information of the Applicants is required to be stored in the Cloud storage of the Financial Institutions.

Although the Cloud storage system is a recognized and popular medium in the field of banking data storage around the world, in Bangladesh, the Cloud Storage system is a newly invented idea that is yet to evolve. The big giant cloud companies such as AWS (Amazon Web Services), Microsoft Azure, Google Cloud Platform, and Oracle have no Cloud server station in Bangladesh, whereas in other countries of the world like the United States, Canada, Singapore, and India has the Cloud server station. As a result, the International Financial Institutions that store their Clients’ information in Cloud storage consider this lack as a major obstacle to growing their business in Bangladesh. The systems of some international financial institutions require the storage of clients’ data in their cloud servers, which may be located outside Bangladesh. This writing will focus on the legal challenges of storing the Client’s data on a Cloud server located outside Bangladesh.

It is to be mentioned that no such specific or concrete legislation has currently prevailed in Bangladesh that can directly monitor the storage of the Client’s data in a Cloud server located outside Bangladesh. However, a general legal standing can be drawn in the light of the existing provisions regarding this matter, which is discussed below:

Generally, there is a separate Legislation in Bangladesh named “Digital Security Act, 2018” that deals with the protection of Digital Data. Hence, the Applicant’s data will be protected under the provision mentioned above. However, there is no such specific provision in Bangladesh that restrains the transfer of information of an Applicant outside the Country. Although the Government of Bangladesh has prepared a draft to protect a person’s data, no progress has been recorded yet. In this draft, section 43 is included to tackle the transfer of personal data outside Bangladesh, but this bill is under observation and has not yet been passed. Hence, there is no legal bar to collect personal information relating to the Loan with his permission.  

Section 26 of the Digital Security Act 2018 will be applicable for protecting Applicant Data. The abovementioned section has protected personal information by including it under the heading “Identity Information.” Under the said head, any personal information, including the Father’s Name, Mother’s Name, Date of Birth, Passport Number, Signature, Birth Certificate, etc., cannot be published without legal authorization. Moreover, suppose someone uses, collects, sells, takes possession of, or supplies this information to the Company without legal authority or permission. In that case, he will be punished with imprisonment not exceeding five years or a fine not exceeding BDT 5,00,000 (five lacs) or both. In such a case, if the consent of the Applicant is obtained, there should not be any legal challenges in processing these data.

Since there are no such regulations given to guide on how to protect personal information and to what extent the personal information of an Applicant can be collected, therefore a guideline is at this moment framed in this regard under the light of section 5 of the Right to Information (preservation and management of information) Regulation 2010 (this Regulation is not typically applicable to private organizations), which can be considered in respect of collecting, storing and disclosing of the Applicant’s Data:

So, personal information of an Applicant relating to the subject of the business or the Company Policy can be collected, this information is not categorized by Law. However, this information should be protected from being misused.  

Since no provision or legislation exists to check the matter of cloud storage right now in Bangladesh, there is no legal bar to store an Applicant’s information (for business purposes) in Cloud servers located outside of Bangladesh.

It is to be noted that if the information is transferred through Banks, then it may fall under “Bank Data.” In plain text, no legal provision restrains the storage of bank data in a cloud server. However, there is a separate law to protect the information of the bank named “Bankers’ Book Evidence Act, 2021,” where section 7(1) expressly provides that Information of Customers cannot be shared with another except on the grounds provided in the Schedule of the said Act. Since this Law applies to the Banks under the Bank-Company Act of 1991 & Financial Institutions under the Financial Institution Act of 1993, the bank and financial institutions cannot typically transfer any such customer data to third parties. However, there is a provision whereby data can be disclosed with the consent of the customer. Apart from this, as per section 12 of the Bank Companies Act, 1991, a bank cannot remove any records and documents relating to its business from its office to a place outside Bangladesh without the prior permission of the Bangladesh Bank. It is not clear whether such restriction is applicable with respect to the data saved in the cloud service; moreover, this Law is directly applicable to Banks.

So, no such legislation has been made yet to restrain the transfer of information to cloud services located outside Bangladesh.

For comprehensive coverage tailored to your business needs, consider exploring our detailed guide on business insurance policies in Bangladesh. It offers essential insights to protect your enterprise effectively.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × 4 =

Verified by MonsterInsights