RTI Act §8(1)(d) + §8(1)(e) + §8(1)(j); RBI v Jayantilal Mistry (SC 2015); DPDP Act 2023 §44(3); Banking Regulation Act + Banking Companies Act privacy.

• Customer account data — exempt under §8(1)(j) + DPDP §44(3).
• Bank inspection / supervisory reports — disclosable per Jayantilal Mistry.
• Loan defaulter aggregates — generally disclosable; individual identifying details case-specific.
• NPA classifications — disclosable for accountability.
• Risk weighting / capital adequacy — disclosable subject to commercial confidence balancing.
• Banking secrecy is NOT absolute fiduciary privilege; only customer-individual data exempt.

1. Identify the data category — Customer-account / inspection / defaulter list / regulatory ratio?
2. Apply Jayantilal Mistry filter — Inspection / supervisory / regulatory records: disclosable presumptively.
3. For customer data, apply §8(1)(j) + DPDP — Specific identifying details exempt; aggregates disclosable.
4. For commercial confidence (§8(1)(d)) — Balance against public-interest accountability.
5. Apply §10 severability — Mixed files: disclose regulatory portions, redact customer.
6. Issue speaking order — Cite Jayantilal Mistry + §44(3) framework.

To: [Applicant Name]

Subject: Reply to RTI [____] — Banking / financial records

Sir/Madam,

Your application sought [specific records — e.g., "RBI inspection report of XYZ Bank, FY 2023-24"]. Pursuant to *RBI v Jayantilal Mistry* (2015) 4 SCC 575, the framework for banking RTIs:

CUSTOMER ACCOUNT DATA:
Specific customer account details (account no., balance, transactions, KYC) are exempt under §8(1)(j) + DPDP §44(3) — relating to identifiable individuals.

REGULATORY / SUPERVISORY RECORDS:
The Supreme Court in Jayantilal Mistry definitively rejected the blanket §8(1)(e) "fiduciary" defense for RBI vis-à-vis banks. RBI inspection reports + supervisory reports are disclosable. Specific portions:
- Inspection findings: Disclosed.
- Risk classifications: Disclosed.
- Regulatory observations: Disclosed.
- Specific customer-identifying entries: Redacted under §8(1)(j) per §10 severability.

NPA / DEFAULTER DATA:
Aggregate defaulter data + sectoral NPAs disclosable per public-interest in financial-system transparency. Individual large defaulter identities case-specific — typically disclosable for accountability.

COMMERCIAL CONFIDENCE (§8(1)(d)):
For specific bank business strategy / pricing data, the balancing test under §8(2) is applied. Where public-money / regulatory concerns predominate, override applies.

Section 10 severability throughout.

Yours faithfully,
[Name, Designation, PIO]

Disclosed per Jayantilal Mistry; redact specific customer entries.

Account holder can request own data — banking law + RTI both permit.

Generally disclosable — public-interest in transparency overrides commercial confidence.

Disclosable; supervisory data not commercial secret.

Limited disclosure; specific commercial strategy exempt under §8(1)(d).

Exempt under §8(1)(h) until concluded.

• RBI v Jayantilal Mistry (SC 2015) — Foundational — RBI inspection reports disclosable; fiduciary narrow.
• Subhash Chandra Agarwal v CPIO (SC 2019) — Public-interest override for regulator accountability.
• Bombay HC, In Re: Banking Disclosure (2018) — Customer data clear distinction from regulatory.
• CIC, Re: HDFC Bank cases (2017-2020) — Specific framework for bank RTIs.
• Reliance Industries v CIC (Delhi HC 2014) — Commercial confidence requires specific harm showing.

• Citing §8(1)(e) “fiduciary” for regulator records — Jayantilal Mistry rejected this.
• Refusing customer's own account data — applicant has right.
• Treating all banking data as commercial confidence — only specific business strategy.
• Failing to apply §10 severability for inspection reports.
• DPDP §44(3) interpretation overly broad — only personal-individual data covered.
• Generic refusal without reasoning — violates §7(8).

• Maintain a “regulatory disclosure log” — track patterns of similar requests.
• For inspection reports, prepare standard redaction template (account-identifying details).
• Train compliance team on Jayantilal Mistry — many over-citations of fiduciary come from caution.
• For NPA data, prepare aggregate-disclosure templates — speeds future replies.
• Develop relationship with applicant team — clarify queries before outright refusal.
• For commercial confidence claims, document specific harm before invoking §8(1)(d).

Customer's own: yes (KYC). Third party: no (§8(1)(j) + DPDP §44(3)).

Per Jayantilal Mistry: yes. Specific customer entries redacted via §10. Specific commercial strategy may be redacted under §8(1)(d).

Exempt under §8(1)(h) until concluded. Post-conclusion: case-specific.

Aggregate yes. Individual large-defaulter case-specific. Public-money component favors disclosure.

No — only modifies §8(1)(j) for personal-individual data. Regulator records framework intact.

• pio faa knowledge base
• pio supreme court rulings
• pio section 8 1 e fiduciary
• act/section-8
• rti for banking financial

RTI Act §8(1)(d), (e), (j); RBI v Jayantilal Mistry (SC 2015); DPDP Act 2023 §44(3); CIC banking-related orders.

Last reviewed: 25 April 2026.