Question : National Encryption Policy

(a) whether the Government is contemplating to implement encryption policy in the country and if so, the details thereof along with the salient features of the policy;
(b) whether there is opposition from various quarters on account of breach of right to privacy and if so, the details thereof;
(c) the mechanism put in place by the Government under the said policy to protect the private data from being misused by the hackers; and
(d) the steps taken by the Government to ensure privacy of citizens across the country?

Answer given by the minister

(a): The Information Technology Act 2000 provides for secure use of the Electronic Media and Promotion of E-Governance and E-Commerce, with prescribed modes or methods for encryption. The encryption has been recognized by the Government as means to securing data /transactions and the provision in the Information Technology Act 2000 enables the use of encryption for such purposes. There is no proposal with the Government to implement an encryption policy breaching the right to privacy of public.

(b): A High Level Expert Committee’s draft recommendations on Encryption Policy were put up on the website of Department of Electronics and IT (DeitY) for public comments. Government noted the public sentiments viz-a-viz the draft recommendations. Government clarified that the draft recommendations are not the final view of the Government on the matter. Further, Government took note of the ambiguity in some portions of the draft that may have led to misgivings. Hence, the draft recommendations of the policy were withdrawn. Government has initiated steps to revise the Encryption policy recommendations with wide consultation with stakeholders.

(c): The encryption has been recognized by the Government as a tool for protection of sensitive or private information from misuse by hackers, protecting and authenticating online transactions and ensuring integrity of nationally critical information systems and networks /transactions and provision in the Information Technology Act 2000 enables the use of encryption for such purposes.

(d): Section 43, Section 43A and Section 72A of the Information Technology Act, 2000 provides comprehensive legal framework for privacy and Security of data in digital form. Sections 43 and 43A of the Act provides for compensation to be paid to the victim in case of unauthorized access of information and leakage of sensitive personal information respectively. Section 43A also mandates that body corporate, who collect personal data or information must provide privacy policy for handling of or dealing in personal information including sensitive personal data or information on their websites. They are also required to implement reasonable security practices and procedures to protect the information. Indian Computer Emergency Response Team (CERT-In) has also empanelled auditors to facilitate body corporate to audit their information technology infrastructure and implementation of security best practices.
********

Download PDF Files
PDF(English)
PDF(Hindi)
Search

More from COMMUNICATIONS AND INFORMATION TECHNOLOGY
Other Ministries:
COMPANY AFFAIRS

 COAL

 CIVIL AVIATION

 SKILL DEVELOPMENT AND ENTREPRENEURSHIP

 ENVIRONMENT AND FORESTS

 HEALTH AND FAMILY WELFARE

 AGRO AND RURAL INDUSTRIES

 AGRICULTURE AND FARMERS WELFARE

 COAL AND MINES

 EARTH SCIENCES

 TEXTILES

 RURAL DEVELOPMENT

 MICRO,SMALL AND MEDIUM ENTERPRISES

 HUMAN RESOURCE DEVELOPMENT

 DEVELOPMENT OF NORTH EASTERN REGION

 STEEL

 PANCHAYATI RAJ

 LABOUR AND EMPLOYMENT

 PERSONNEL,PUBLIC GRIEVANCES AND PENSIONS

 ATOMIC ENERGY

 FISHERIES, ANIMAL HUSBANDRY AND DAIRYING

 WATER RESOURCES

 PARLIAMENTARY AFFAIRS

 SMALL SCALE INDUSTRIES

 HOUSING AND URBAN POVERTY ALLEVIATION