The Right to Privacy Bill (a copy is with The Hindu) is to provide for such a right to citizens of India and to regulate collection, maintenance, use and dissemination of their personal information.
Talking to The Hindu, Mr. Moily said the bill also provided for penal action for violation of such right.
The bill comes in the backdrop of the Centre's assurance in the Supreme Court during the course of hearing of a writ petition filed by industrialist Ratan Tata, challenging the publication of “Niira Radia tapes,” alleging that such publications violated his right to privacy.
The bill says, “every individual shall have a right to his privacy — confidentiality of communication made to, or, by him — including his personal correspondence, telephone conversations, telegraph messages, postal, electronic mail and other modes of communication; confidentiality of his private or his family life; protection of his honour and good name; protection from search, detention or exposure of lawful communication between and among individuals; privacy from surveillance; confidentiality of his banking and financial transactions, medical and legal information and protection of data relating to individual.”
The bill gives protection from a citizen's identity theft, including criminal identity theft (posing as another person when apprehended for a crime), financial identify theft (using another's identity to obtain credit, goods and services), etc.
The bill prohibits interception of communications except in certain cases with approval of Secretary-level officer. It mandates destruction of interception of the material within two months of discontinuance of interception.
The bill provides for constitution of a Central Communication Interception Review Committee to examine and review the interception orders passed and is empowered to render a finding that such interception contravened Section 5 of the Indian Telegraphs Act and that the intercepted material should be destroyed forthwith. It also prohibits surveillance either by following a person or closed circuit television or other electronic or by any other mode, except in certain cases as per the specified procedure.
As per the bill, no person who has a place of business in India but has data using equipment located in India, shall collect or processor use or disclose any data relating to individual to any person without consent of such individual.
The bill mandates the establishment of a Data Protection Authority of India, whose function is to monitor development in data processing and computer technology; to examine law and to evaluate its effect on data protection and to give recommendations and to receive representations from members of the public on any matter generally affecting data protection.
The Authority can investigate any data security breach and issue orders to safeguard the security interests of affected individuals in the personal data that has or is likely to have been compromised by such breach.
The bill makes contravention of the provisions on interception an offence punishable with imprisonment for a term that may extend up to five years or with fine, which may extend to Rs. 1 lakh or with both for each such interception. Similarly, disclosure of such information is a punishable offence with imprisonment up to three years and a fine of up to Rs. 50,000, or both.
Further, it says any persons who obtain any record of information concerning an individual from any officer of the government or agency under false pretext shall be punishable with a fine of up to Rs. 5 lakh.