Section 27 in The Credit Information Companies Rules, 2006
27. Formulation and adoption of the procedure by specified user
(1)Every specified user, in existence on the commencement of these rules within three months of such commencement, and every specified user, coming into existence after the commencement of these rules within three months of its becoming member of a credit information company, shall take such requisite steps as it may deem necessary for ensuring and verifying the accuracy and completeness of data, information or credit information received from a credit information company before using the same in relation to a borrower, or a client, in relation to their operations and to ensure protection thereof from unauthorised access, or use and formulate and adopt an appropriate policy and procedure in this behalf with the approval of their Board of Directors.(2)Without prejudice to the generality of the policy as formulated and procedure as adopted under sub-rule (1), every specified user shall include in such policy and procedure, the provisions relating to the following, namely:-(a)the level of officers to be authorised to access the data, information and credit information received from a credit information company;(b)the parameters to be adopted for satisfying itself about the identity of the respective borrower, or the client whose credit report is to be taken into account by the specified user;(c)the appropriate measures so as to ensure that they do not fail to take note of any remark included by a credit information company in respect of any credit information; and(d)procedure relating to receiving data, information and credit information through secured medium.
