Govt. gives itself the master key to access sensitive personal information

The government has given itself the “master key” to access major consumer databases maintained by companies in different sectors. Under new regulations made under the Information Technology Act, government can ask companies to share sensitive personal information about their customers. Sensitive personal information would cover medical records and history, information about physical, physiological and mental health, sexual orientation, credit and debit cards, biometric information and passwords. Under the new rules any government agency required under law to obtain information for the purpose of verifying identity, or for prevention, detection, investigation, prosecution, and punishment of offences can ask a company to give sensitive personal information held by it about an individual. There are no checks on this power, except that the request for information be made in writing, and stating clearly the reason for seeking the information.  Usually information requests have certain inbuilt checks.  For example, search warrants in criminal cases are issued by a court.  Tapping of telephones or interception of electronic communication can only be authorised by the Union or the State Home Secretary after following a prescribed process.  The new Bill for Unique Identification Number (UID) permits such use only by the order of a court, or for national security (by an order of an authorised officer of at least Joint Secretary rank in the central government).

Comments

Dhruva Mathur's picture

So what is the problem with that? USA already has such things which were implemented after 9/11. If you haven't done something wrong then what's the problem in sharing your data with the government?
Pranesh Prakash's picture

Equally, one could ask: So what is the problem with the government getting a judge's permission to access your information if they aren't doing anything wrong?
Parijat's picture

So you are saying that in this particular case, it would be a routine executive request to the organisation? Will the organisation have a right to refuse such information? Or for instance, as in a lot of laws in the US etc, will the organisation be allowed to give sufficient notice to the person whose information is being asked for so that he may apply for a stay or suchlike?

Add new comment

Image CAPTCHA