Govt. gives itself the master key to access sensitive personal information

Subscribe to the PRS Blog

The government has given itself the “master key” to access major consumer databases maintained by companies in different sectors. Under new regulations made under the Information Technology Act, government can ask companies to share sensitive personal information about their customers. Sensitive personal information would cover medical records and history, information about physical, physiological and mental health, sexual orientation, credit and debit cards, biometric information and passwords. Under the new rules any government agency required under law to obtain information for the purpose of verifying identity, or for prevention, detection, investigation, prosecution, and punishment of offences can ask a company to give sensitive personal information held by it about an individual.

There are no checks on this power, except that the request for information be made in writing, and stating clearly the reason for seeking the information.  Usually information requests have certain inbuilt checks.  For example, search warrants in criminal cases are issued by a court.  Tapping of telephones or interception of electronic communication can only be authorised by the Union or the State Home Secretary after following a prescribed process.  The new Bill for Unique Identification Number (UID) permits such use only by the order of a court, or for national security (by an order of an authorised officer of at least Joint Secretary rank in the central government).