We are all aware that insurance companies are aggressive in marketing their policies and are in the forefront of misusing the provisions of law regarding infringing the privacy of individuals. Bigger the company, bigger are the violations.
I recently had an occasion to observe that HDFC life issued a life policy for me though I was not eligible and to make it possible for them to issue the policy they included the name of my son on whose life I had no intention of insuring. But HDFC life created the policy in such a manner that the proposal was from my son though the payment was made out of my account.
Assuming that this is an error that can be ignored though it has caused my investible resources to get stuck for some time now, immediately on receipt of the policy document, I returned it to the Mumbai office of HDFC Life asking for immediate cancellation and followed up several times through email. But HDFC life maintained a stoic silence until a representative of mine physically visited their branch in Bangalore to find out. He was informed that my email address was not registered and hence they were not responding. If I had made the payment, sent a courier and followed up with the email, it was improper for them not to try contacting me. Only when the other joint holder sent the same request they responded only with a request not to cancel.
They are also insisting that the joint holder of the policy has to visit their branch to finalize the cancellation. While issuing the policy there was no need to visit but now they are insisting on this formality, though both the holders
I have now reported the issue to the CEO of HDFC Life as well as IRDAI and waiting for the response.
I have now requested HDFC Life to let me know what process they follow when they receive a courier package containing a policy followed up with a request for cancellation. How can this request remain responded for the technical reason that the email address is not registered though the name and other details are visible in the returned policy.
This would be a classic contravention of the Data Protection Act 2021 which could result in penalty of upto Rs 10 lakhs. If on receipt of such complaint the audit or inspection shows that there is no proper process, then the penalty can be upto 4% of the total worldwide turnover of HDFC life.
The persons handling support@hdfclife.com or service@hdfclife.com need to realize that a request of the type I made is indicating a risk of a penalty that could run into crores of rupees and should log it as an “Incident”. Such incidents are auditable by the Data Protection Authority.
It is clear that HDFC life may not have a DPO at this point of time, but whoever takes up the mantle will have a huge task of repairing the lax attitude of the support/service handlers.
Naavi
You should file a case and pull up the bank. At least it will be a deterrent for the bank and a lesson for other banks besides being an eye-opener for other possible victims.