Cracking illegal Use of PAN Details

As the Union government prepares to notify the Digital Private Data Protection Act, 2023 (DPDP), law enforcement authorities are cracking down on almost every unauthorised use of personally identifiable information (PII) by technology companies.

In one of the latest moves, the Union home ministry through the Indian Cybercrime Coordination Centre has asked to shut down any unauthorised use of Pan (Permanent Account Number) of Indian citizens by fintechs and other consumer technology companies, according to sources.

Known as a ‘Pan enrichment’ service, which help loan distribution companies create a profile of their customers against their Pan numbers, for cross sell of credit and other financial products. Sometimes this data is also used to cross check the details put in by the customer in his or her application form.

These services have been facing disruptions for the past few weeks as most of these unauthorized services are being shut down after government intervention.

According to industry insiders, many companies would use the Pan number of a customer and use the Income Tax department’s backend systems to access the customer’s full name, address, phone number and many such details. Pan number is linked to consumers’ credit scores as well, which is a very valuable data source.

While this is not a case of data leakage, it is an unauthorised usage of the backend systems of the Income Tax department, which is managed by technology services companies.

It was pointed out that these could be part of the government’s larger plan of shutting down any unauthorised access to PII of Indian citizens, which will come under scrutiny post the notification of the data protection rules.

The DPDP Act of 2023 clearly mandates that citizens’ data can only be processed by service businesses after taking due consent and through authorized channels only.