A government-appointed expert group suggested enactment
of a law to protect individuals against misuse of information collected through
telephone tapping, videography; use and storage of data as well as setting up
of dispute resolution entities at Centre and state-level to protect the privacy
of individuals.
The group led by former Delhi High Court chief justice A P Shah was set up by the Planning Commission to identify privacy issues and prepare a document to facilitate the proposed Privacy Act.
The group was set after concerns were raised about the impact on privacy of individuals with the emergence of several national programmes such as Unique Identification number, NATGRID, DNA profiling, Reproductive Rights of Women, privileged communications and brain mapping, most of which will be implemented through information and communication technology (ICT) platforms.
The panel recommended that reasons for interception must be specified and be recorded in writing and the provisions establish conditions for authorization by the competent authority. It said that all interceptions can be in force for 60 days and renewed for not more than 180 days. The panel further proposed that records of interception be destroyed by the security agencies after six months or nine months and service providers must destroy records after two months or six months. It also said that intermediaries must provide an internal check to ensure the security, confidentiality and privacy of intercepted material, and intermediaries would be held legally responsible for any unauthorized access or disclosure of intercepted materials.
According to the panel the proposed Act should extend the right of privacy to individuals and bring under its regulation data controllers, which include all corporates, public/ governmental bodies and organizations. The proposed Privacy Act should also articulate national privacy principles. The principles will extend and be binding to all private/ public data controllers. It said the principles must establish safeguards and procedures over the collection, processing, storage, retention, access, disclosure, destruction of sensitive personal information, personal identifiable information and identifiable information.
The Act should establish the Central office of the privacy commissioner, regional level privacy commissioner, self regulating organizations at the industry level and data controllers and privacy officers if required at the organization level, the report recommended.
The panel also recommended that the infringement of any provision under the Act should constitute as an "offence" and individuals may seek "compensation" from organizations/ bodies held accountable.
The group agreed that any proposed framework for privacy legislation must be technologically neutral and interoperable with international standards. "Specifically, the Privacy Act should not make any reference to specific technologies and must be generic enough such that principle and enforcement mechanisms adaptable to changes in society, the market place, technology and government.
It recommended that any individual or public/ private organization using video and audio recording equipment should be bound to do so in compliance with the national privacy principles. Currently, in India, the use of audio and video recording devices is unregulated although there have been attempts to address the use of these devices.
Lastly it recommended that recorded information must be secured to ensure that unauthorized use and disclosure does not take place. Collected information pertaining only to the exceptional circumstances should be collected.
The group led by former Delhi High Court chief justice A P Shah was set up by the Planning Commission to identify privacy issues and prepare a document to facilitate the proposed Privacy Act.
The group was set after concerns were raised about the impact on privacy of individuals with the emergence of several national programmes such as Unique Identification number, NATGRID, DNA profiling, Reproductive Rights of Women, privileged communications and brain mapping, most of which will be implemented through information and communication technology (ICT) platforms.
The panel recommended that reasons for interception must be specified and be recorded in writing and the provisions establish conditions for authorization by the competent authority. It said that all interceptions can be in force for 60 days and renewed for not more than 180 days. The panel further proposed that records of interception be destroyed by the security agencies after six months or nine months and service providers must destroy records after two months or six months. It also said that intermediaries must provide an internal check to ensure the security, confidentiality and privacy of intercepted material, and intermediaries would be held legally responsible for any unauthorized access or disclosure of intercepted materials.
According to the panel the proposed Act should extend the right of privacy to individuals and bring under its regulation data controllers, which include all corporates, public/ governmental bodies and organizations. The proposed Privacy Act should also articulate national privacy principles. The principles will extend and be binding to all private/ public data controllers. It said the principles must establish safeguards and procedures over the collection, processing, storage, retention, access, disclosure, destruction of sensitive personal information, personal identifiable information and identifiable information.
The Act should establish the Central office of the privacy commissioner, regional level privacy commissioner, self regulating organizations at the industry level and data controllers and privacy officers if required at the organization level, the report recommended.
The panel also recommended that the infringement of any provision under the Act should constitute as an "offence" and individuals may seek "compensation" from organizations/ bodies held accountable.
The group agreed that any proposed framework for privacy legislation must be technologically neutral and interoperable with international standards. "Specifically, the Privacy Act should not make any reference to specific technologies and must be generic enough such that principle and enforcement mechanisms adaptable to changes in society, the market place, technology and government.
It recommended that any individual or public/ private organization using video and audio recording equipment should be bound to do so in compliance with the national privacy principles. Currently, in India, the use of audio and video recording devices is unregulated although there have been attempts to address the use of these devices.
Lastly it recommended that recorded information must be secured to ensure that unauthorized use and disclosure does not take place. Collected information pertaining only to the exceptional circumstances should be collected.
No comments:
Post a Comment