RTI Reveals: MCA Discloses Who Has Access to Company Directors’ Personal Data [Read RTI]

Also Read: Information Sought on Registered Valuer Regulations is "Clarification" not"Information" under RTI Act: IBBI dismisses RTI Appeal

What the RTI Sought

The RTI, received by the Ministry of Corporate Affairs on 11 June, 2025 raised the following queries:

1. Please provide a list of officials, departments, or agencies who have access to personal contact information collected by the Ministry of Corporate Affairs.
2. Please provide copies of the rules, protocols, or standard operating procedures that govern access to and use of personal contact information collected by the Ministry of Corporate Affairs.
3. Please provide certified copies of documents or records indicating whether personal contact information submitted to the Ministry of Corporate Affairs is shared with any third parties (including banks, financial institutions, or private entities such as consultancies).
4. Please provide a copy of the data protection or privacy policy currently in force for safeguarding personal contact information submitted to the Ministry of Corporate Affairs.
5. Please provide copies of the legal provisions or guidelines under which the Ministry of Corporate Affairs shares or discloses personal contact information to external parties.
6. Please provide certified copies of the rules, policies, or guidelines that specify the period for which personal contact information (such as mobile numbers and email addresses) submitted to the Ministry of Corporate Affairs is retained after the dissolution or striking off of an entity, and the process followed for its destruction thereafter.

Tax Audit Deadline Is Near! Are you prepared? Click here

The MCA took acted upon the RTI on 11 July, 2025 and issued a reply in which it was stated that the Ministry does not share any personal contact information of directors with any private entity, except the sharing of such information with law-enforcement or law-and-order departments during incorporation and only with the consent of the directors concerned.

Also Read: RTI filedSeeking Request for Wife’s PAN and ITRs: CIC dismisses Complaint u/s 18, saysno No Mala Fide Delay in RTI Reply

No Documents Enclosed

The Ministry maintained that the process of collecting and storing such data is governed by the Companies Act and the disclosures that are mentioned in the e-forms. However, the Ministry did clarify that it does not share any personal information with third parties apart for the purposes of Ease of Doing Business during the incorporation process of the Company.

As is often the situation while demanding through an RTI, it is not always possible for the concerned department to disclose or part with certain documents that are requested by the applicant owing to confidentiality concerns.

This instance was no different as reply did not enclose any of the requested documents - no standard operating procedure (SOP), privacy policies, data-retention timelines, or handling guidelines - providing a blurry vision into the codified mechanism that governs the scope of access to stakeholders data.

The response has reignited concerns about corporate data privacy, particularly among new entrepreneurs.

LLP Registrant Engulfed by Unsolicited Calls & Emails

A viral Reddit post on r/India from almost 4 months ago recently described how a founder that had registered a Limited Liability Partnership (LLP) found himself engulfed by dozens of unsolicited calls and promotional emails within hours of registration on the MCA portal.

OP claimed to have shared their contact details only with the official registration system and their chartered accountant, yet was instantly targeted by banks, marketing agencies and compliance service providers - making them wary of a possible data leak. Hundreds of other users reported similar experiences, alleging that registration details are being scraped or sold—a scenario the MCA’s RTI reply appears unable to explain.

Also Read: Why GST Returns Cannot Be Disclosed Under RTI: Detailed Analysis of the Bombay High Court’s Ruling

Existing Data-Sharing Mechanisms between MCA and Other Departments

Official records show that the MCA does in fact, engage in data-sharing with other government bodies as required. A Press Information Bureau release from February 25, 2021, confirmed that the MCA had signed a Memorandum of Understanding (MoU) with the Central Board of Indirect Taxes and Customs (CBIC) for automatic and regular data exchange in light of the development of the MCA21 Version 3 for enhancing ease of doing business.

Under the MoU, each organisation shall be enabled to seamlessly access each others’ data for regulatory purposes. The exchangeable data includes specific information such as details of Bill of Entry (Imports), Shipping Bill (Exports) Summary from CBIC and financial statements filed with the Registrar by corporates and returns of allotment of shares.

The MoU also ensures cross-departmental information exchange for carrying out scrutiny, inspection, investigation and prosecution.

Experts Flag Privacy Gaps and Call for Data Safeguards

Cyber law professionals, however, say this broad data ecosystem leaves dangerous grey areas. Paakhhi Garg, Data Privacy and Cyber Law Trainer at the World Cyber Security Forum (WCSF), recently revealed on LinkedIn about the findings against an RTI filed by her to the MCA, wherein she was informed that corporate information is publicly accessible through the Ministry’s Monthly Information Bulletin and Master Data Service, which display company details and directors’ names and email addresses.

https://www.linkedin.com/posts/cyberlawyer-paakhhigarg_i-filed-an-rti-with-the-mca-i-found-some-activity-7377291582674305025-Y_Px/

Although phone numbers were not published, Garg warned of a “significant insider gap” and that internal system access and poor controls could still enable unauthorised leaks. Garg urged the MCA to introduce tiered access mechanisms and privacy-by-design safeguards that protect sensitive identifiable information without compromising on transparency.

Tax Audit Deadline Is Near! Are you prepared? Click here

Other professionals stepped into the conversation, with some professionals expressing unease with banks and marketing teams gaining access to registration data despite no explicit authorisation. Meanwhile, others remain skeptical of the abstinence of the Ministry of Corporate Affairs to part with extensive information on the handling of sensitive information held by them.

Also Read: GST Return Data Not Accessible under RTI unless Covered By S. 158(3) Or Supported By Larger Public Interest: Bombay HC

Data as a Commodity

The digital economy is the norm of the times and information itself has become the most valuable currency. Every registration, filing and digital interaction generates data that can be monetised, analysed or exploited by a range of people for their needs, business or otherwise. As the line between transparency and surveillance grows thinner each year, concerns are high especially when the Government holds an insurmountable amount of specific and segregated data about its citizens

As government systems modernise and integrate, the real risk lies not in the data they gather but in how easily that data can travel, leak or be traded without the knowledge of those whom it concerns.

In retrospect, the entire episode highlights a persistent limitation of India’s Right to Information framework: while the mechanism enables citizens to seek accountability from the Government, replies are often marred with anecdotal assurance instead of factual evidence that address the core of the queries raised by the citizen.

It goes without saying that Governmental departments do have the duty to maintain confidentiality of information to prevent misuse, and thus routinely invokes statutory exceptions to avoid sharing documents. In an economy where personal and corporate information is a tradable commodity, the question that lingers is whether the custodians of such data are doing right by the citizens.

Support our journalism by subscribing to Taxscan premium. Follow us on Telegram for quick updates