The State government has issued a set of guidelines for the collection and processing of personal information in the wake of the Sprinklr controversy.
The order issued by Chief Secretary Tom Jose on May 18 had surfaced in the public domain only on Saturday.
The directive seemed to be of some political consequence for the government. It had repeatedly denied any wrongdoing in engaging the U.S.-based data analytics firm.
The government had said it had contracted Sprinklr as an emergency measure to crunch the health data of citizens to understand how the pandemic would behave in Kerala.
Cover
However, the Opposition had dragged the government to the High Court, accusing it of having used the outbreak as a cover to allow the U.S.-based firm to “harvest and monetise” the medical information of the State’s population.
The government order seemed to address some of the points raised by the High Court when it considered the Opposition’s plea.
It insisted that agencies and departments should collect sensitive personal data of citizens only with their legally recorded informed consent.
Citizens should be informed about the purpose of the collection and how third parties might use the information. Aggregators should ensure that such data was anonymised and only send in encrypted form to third parties, if at all.
SDC factor
Authorities should store the sensitive data of citizens in the State Data Centre (SDC) to the “extend possible”.
(The Opposition had alleged that most of the data collected by health workers using a smartphone application provided by Sprinklr had gone irretrievably into the cloud servers maintained by the company in the U.S., far beyond Indian jurisdiction).
The SDC should examine whether the software or analytic tools they sourced from third parties would compromise the security of the information stored in its repositories.
The administration should store data only in cloud servers leased by the government with the approval of the Central government. The IT rules should inform collection, storage and analysis of sensitive data.
The order also came against the backdrop of the plea filed by Leader of the Opposition Ramesh Chennithala seeking a CBI probe into the alleged scam.