IBC Regulations
Regulations 30. Other duties.—
- (1) An information utility shall-
- (a) provide services to a user based on its explicit consent;
- (b) guarantee protection of the rights of users;
- (c) establish adequate procedures and facilities to ensure that its records are protected against loss or destruction;
- (d) adopt secure systems for information flows;
- (e) protect its data processing systems against unauthorised access, alteration, destruction, disclosure or dissemination of information; and
- (f) transfer all the information submitted by a user, and stored with it to another information utility on the request of the user.
- (2) An information utility shall not-
- (a) outsource the provision of core services to a third-party service provider;
- (b) use the information stored with it for any purpose other than providing services under these Regulations, without the prior approval of the Board;
- (c) seek data or details of users except as required for the provision of the services under these Regulations.