Anonymise data before handover, HC tells Kerala govt.
Sprinklr warned about confidentiality
- A Division Bench of the Kerala High Court directed the State government to anonymise the data of COVID-19 patients and those under home quarantine, and to allow Sprinklr, the U.S.-based analytics firm with which the government has entered into a contract, to access the data only after the process is completed.
- The court directed the State government to obtain the consent of the citizens before collecting data. The company was asked not to hand over the data to a third party and to return the same after the contractual obligations are over.
- The court directed Sprinklr to immediately transfer the residual or secondary data back to the State government. Sprinkler was also restrained from advertising the project of the State government and using Kerala’s name and emblem.
- The agreement prevented Sprinklr from using the data for other purposes. It was stored in an encrypted form in Amazon Cloud and hence its confidentiality was guaranteed.
- Besides, the period of the agreement was for six months, beyond which the company could not retain the data.
- Criminal prosecution could be initiated under the provisions of Information Technology Act 2000 for breach of confidentiality.
On NIC services
- The State government would take a call on utilising the services of the National Informatics Centre (NIC) for data analysis.
- The sensitive personal data, such as those pertaining to health, should not be shared with a third party service provider.
- The State should have anonymised the data before sharing it. In fact, the NIC could have processed the data if the State had made the demand.