Access to Sensitive Personal Information under New IT Rules Only with Checks and Balances: Clarifies DIT
The attention of Government has been drawn to news items appearing in a section of media which have commented on some aspects of the Rules framed under section 43A of the Information Technology Act, 2000.
The Department of Information Technology, Ministry of Communications & IT has clarified the position in this regard that these Rules do not provide free access to sensitive personal information. The nature and applicability of these Rules have been clearly specified. The Intent of Rules is to protect sensitive personal information and does not give any undue powers to Government agencies for free access of sensitive personal information. Wide public consultations were held before finalizing the Rules and the Rules have been duly endorsed by the Industry Association.
The Rules under section 43A cast onus on the body corporate to provide policy for privacy and disclosure of information. Any such disclosure of sensitive personal data or information by body corporate to any third party shall require prior permission from the provider of such information. The Rules provide for inherent checks-and-balances in the form: (a) that the Government agencies must have been mandated under the law to obtain such information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution and punishment of offences and (b) that any such agency receiving such information has to give an undertaking that the information so obtained shall not be published or shared with any other person. The Government Agencies are required to the follow lawful process and procedures.