Now Govt can also access personal data via the IT Act

IN Privacy | 11/05/2011
The new rules under the IT Amendment Act of 2008 actually authorize the government to access passwords and credit card information. Corporates have to hand them over, if the government asks for them.
A FREE SPEECH HUB report
A sharp story in The Hindu on May 11 draws attention to an aspect of the new rules notified under the IT Amendment Act of 2008 which has received very little attention so far. That is the rules which make it mandatory for corporate to hand over personal data stored online, if the government gives a reason for asking for it, and makes a formal request.
 
The Free Speech Hub, amongst other sites, has been writing about the draconian provisions of the amended Information Technology Act, 2000 and the recent notifications of the Information Technology (IT) Rules that seriously compromise privacy, leads to increased surveillance and gives sweeping powers to the government to monitor, intercept and block electronic data. They also have implications for personal data of those registered at various sites.
 
The rules have been trickling in and cybermedia activists have voiced their apprehensions to them. The latest set of rules under the scanner is the 
Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 under Sec 43 of the IT Act, 2000
 
Under this, sensitive personal data can be obtained by government agencies, without the consent of the persons concerned or without a warrant. What constitutes sensitive personal data also makes interesting reading. Here’s what Sec 3 of the rules says:
 
3. Sensitive personal data or information.— Sensitive personal data or information of a person means such personal information which consists of information relating to;—
(i) password;
(ii) financial information such as Bank account or credit card or debit card or other payment instrument details ;
(iii) physical, physiological and mental health condition;
(iv) sexual orientation;
(v) medical records and history;
(vi) Biometric information;
(vii) any detail relating to the above clauses as provided to body corporate for providing service; and
(viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:
provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.
 
In short, everything about you that you, your significant other, your doctor, your bank and your favourite website, email or social networking site – all of this can be obtained by a government official and you won’t even get to know!
 
Here’s what Sec 6 of the rules say about disclosing information:
 
6. Disclosure of information.— (1) Disclosure of sensitive personal data or information by body corporate to any third party shall require prior permission from the provider of such information, who has provided such information under lawful contract or otherwise, unless such disclosure has been agreed to in the contract between the body corporate and provider of information, or where the disclosure is necessary for compliance of a legal obligation:
Provided that the information shall be shared, without obtaining prior consent from provider of information, with Government agencies mandated under the law to obtain information including sensitive personal data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences. The Government agency shall send a request in writing to the body corporate possessing the sensitive personal data or information stating clearly the purpose of seeking such information. The Government agency shall also state that the information so obtained shall not be published or shared with any other person.
 
And
 
 
 
TAGS
IT rules Information Technology Act 2000 personal data freedom of speech privacy
Subscribe To The Newsletter
Media Watch Briefs
Amazon resisting voluntary censorship
The new term for self censorship is voluntary censorship, as proposed by companies like Netflix and Hotstar. ET reports that streaming video service Amazon Prime is opposing a move by its peers to adopt a voluntary censorship code in anticipation of the Indian government coming up with its own rules. Amazon is resisting because it fears that it may alienate paying subscribers.                   
Let the games begin

Clearly, the run to the 2019 elections is on. A journalist received a call from someone saying they were from Aajtak channel and were conducting a survey, asking whom she was going to vote for in 2019. On being told that her vote was secret, the caller assumed she wasn't going to vote for 'Modiji'. The caller, a woman, also didn't identify herself. A month or two earlier the same journalist received a call, this time from a man, asking if she was going to vote for the BSP.                 

View More