Two days after the Delhi government announced on April 1 that it would hand over thousands of mobile numbers of those under home quarantine to the police, the Union Home Ministry flagged the need to prevent misuse of such data, which falls under the category of “sensitive personal information”, official documents show.
According to official records, the MHA wrote to states and Union Territories twice — in April and May — pointing out that they were collecting “sensitive personally identifiable information” while tracing and tracking corona cases using technology, including mobile call records and location data. The MHA pointed out that such “data” should be destroyed once it has served its purpose.
The issue was first raised by the MHA on April 3 — two days after Delhi CM Arvind Kejriwal announced that his government would hand over thousands of phone numbers of those under home isolation to the police to check violations of quarantine norms. It was subsequently done.
“The undersigned is directed to say that it has been noticed that some states are using mobile call records and location data of telecom subscribers for the purpose of tracing of persons who have come in contact with coronavirus infected persons.
“It is reiterated that obtaining of such data/information is regulated under Section 5(2) of Indian Telegraph Act, 1885 and Section 69 of the Information technology Act, 2000; Rules and SOP made thereunder. All concerned are advised to ensure that the provisions of law/rules/SOP may be adhered to. This has the approval of Union Home Secretary,” Shailendra Vikram Singh, a deputy secretary in the MHA, wrote on April 3.
Four days later, on April 7, Kejriwal had announced that the phone number of over 2,000 Tablighi Jamaat attendees would be handed over to the police to help identify areas they may have visited during their stay at Markaz Nizamuddin.
On May 4, the MHA, in a memo signed by Singh, once again raised the issue with states and UTs. They were directed to put in place mechanisms to prevent misuse of such data, including provisions to “destroy” them from records once the purpose is served. Both the Chief Secretaries and the police chiefs were issued the instructions.
“States/UTs are making efforts to contain the spread of Covid-19 inter alia by contact tracing, tracking, etc. Data from various sources is being collected, collated and analysed for this purpose. Some elements of such data fall under the category of personally identifiable information (PII) and utmost precautions need to be taken for security of such sensitive data.
“In view of above, it is requested that steps must be taken by States/UTs to put in place appropriate security control and protocol for processing of PII collected in regard to containment of Covid-19, so that it is stored, processed and analysed in a secure environment as per law. Further, such data must be destroyed as soon as the purpose, for which it was collected by authorised agency, is over… This has the approval of Union Home Secretary,” the communication signed by Singh said.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines