India working for the poor

Largest biometric database being created in India with over 1.2 billion identities. Scary and a serious concern outside of the personal privacy aspect is the security of this database. From a positive standpoint and driving argument is that is provides the means to overcome the significant levels of corruption in India. Particularly for those living outside of the city and at the mercy of corrupt officials. In fact this database if implemented well would free these very persons from certain tyranny. Another dilemma ….

Interesting that participation is voluntary. Same as Sweden’s approach.

Read more here. It is fascinating reading and worth a visit 🙂 .

NATGRID in India

India’s Cabinet Committee on Security earlier this month approved the formation of a long-awaited intelligence database designed to consolidate and make searchable data gathered by existing security and law enforcement agencies in order to prevent terrorist activity within the country. The project, known as the National Intelligence Grid or NATGRID, is the brainchild of Home Minister Palaniappan Chidambaram, who promoted the database project after the terrorist attack on India’s financial capital Mumbai in November 2008 raised concerns about India’s intelligence infrastructure. Read more here.

New privacy legislation for India

On February 5, 2009, the President of India signed into law the Information Technology (Amendment) Act, 2008 (the “ITAA”)3, a robust amendment to the country’s Information Technology Act, 2000 (the “IT Act”).

For companies doing business in India or with Indian entities, Section 43A of the ITAA is of particular importance. Section 43A is a new provision designed to hold companies accountable for the protection of personal data. It provides:

“Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.”

Perhaps one of the more important consequences of the ITAA is that it introduces the concept of personal data into Indian law. The original IT Act punished unauthorized extraction of or damage to data, but it did not explicitly target personal data. The ITAA, however, requires companies to maintain the security of “sensitive personal data,” thus recognizing that certain data deserves a higher level of protection.

The ITAA, however, limits the protections afforded to “sensitive” personal data, which is defined in the act as “such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.” The Central Government of India has not yet prescribed what constitutes “sensitive personal data,” but the DSCI, at the government’s behest, has recommended that personal information be defined consistently with the EU Data Directive,8 as information that can identify an individual through one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Sensitive personal information, however, would be defined more narrowly to include health and financial data (but not embracing the broader EU concept of data regarding racial, ethnic, political and religious beliefs, which the DSCI has noted is often publicly known in India).

Taken from Technology Law Section, State Bar of Georgia.