JOIN USKarnataka Government moves to keep citizen data safe during Covid-19 pandemic
In the absence of a data protection law in India, Karnataka has taken the first leap on this front by issuing comprehensive guidelines to safeguard citizen data collected by the government during the Covid-19 pandemic.
The e-Governance department has issued a circular and a 39-page document - Processes, Procedures in Application Hosting and Best Practices in Data Protection - in response to concerns that were raised within the government on the safety of personal data.
The push for this came from the Chief Minister’s e-governance advisor Beluru Sudarshana who said he was alarmed with the amount of data various government departments started collecting from citizens during the pandemic.
“With the onset of the Covid-19 pandemic and the lockdown, many government departments started their own helplines and services for citizens: Patients, labourers, farmers, students, the old-aged and so on,” Sudarshana told DH. “And under the provisions of the Disaster Management Act, because of the emergency situation, these services were given to 3rd party providers. Who knows where they store the data? So, there were concerns expressed on data protection,” he said.
The e-Governance department has now asked all departments that have tied up with private companies for the development of IT applications to sign a non-disclosure agreement. It should be followed “in letter and spirit” and “non‐compliance should be considered as a serious breach of contract,” the e-Governance department has said.
Departments may also choose to host or deploy their applications at the Karnataka State Data Centre, which houses the government’s core IT infrastructure that promises a secure environment.
The e-Governance department has relied on the Personal Data Protection Bill, 2019, which the Modi administration has introduced in the Lok Sabha. Drawing from the Bill, all departments have been told to obtain user consent before collecting their information, with an option not to provide sensitive personal data and to withdraw consent.
This becomes significant as the Health department, recently, breached the privacy of several people who were under quarantine by releasing their personal details.
The Bill identifies financial data, information on caste, tribe, religious and political beliefs as sensitive personal data, along with passwords, sexual orientation, medical records among others.
Sudarshana, who was instrumental in the creation of the government’s Covid-19 dashboard, said he will write to Chief Minister B S Yediyurappa to capitalize on the circular. “We have acted even before the Bill is passed in Parliament. So, we should go ahead and formulate a policy,” he said.