In April 2020, the Kerala government signed a contract with the U.S. data analysis company Sprinklr for the treatment and analysis of patient data and COVID-19 VULNERABILITY in Kerala. This sparked the fury of Kerala residents and the media. The main questions that arose related to the state`s report that Sprinklr no longer has access to COVID-related data and that all are stored only on Amazon Web Services servers, managed by the Centre for Development of Imaging Technology (C-DIT), a public authority. The government said on Monday that no Sprinklr employees had access to the COVID data. The proposal was presented when opposition leader Ramesh Chennithala and BJP President K. Surendendran were heard. Another problem was that the health data collected by the tool developed by Sprinklr was stored on a U.S.-based server, which could result in a significant invasion of privacy. A bank consisting of Judge T R Ravi and Judge Devaramchandran of Kerala High Court adopted instructions in the Sprinklr case, which was to be followed by the Kerala government to ensure full data protection.
Some governments (for example. B the Delhi government) have launched an initiative that requires health professionals to go door-to-door to identify patients with COVID-19. It also requires the collection of medical data that must be used and disposed of correctly and in contradiction with the rules of information technology. Given the increased disclosure of medical and travel records to employers and the government due to the COVID 19 pandemic, there is a need to reignite the debate on data protection and data safeguarding procedures. While the State Government asserted that the data was sufficiently protected and took full responsibility for data protection. To repeat its points, the Kerala government has published eight documents on its website. In order to ensure that the data is processed correctly, agencies and authorities collecting SPDI data (including medical information, particularly during and following the COVID 19 outbreak) should meet the following obligations: If an agent does not comply with certain data protection provisions, the agent is fined up to five crore rupees or two per cent (2%) one point to the other. global sales for the past year. In addition, if the agent violates the laws on the processing and transfer of data outside India, he is liable to a penalty of fifteen crore rupees or four per cent (4%) one point to the other. total global sales for the past year, according to the measures, something more.
The guidelines, which are detailed below, apply to tools developed by government authorities and third-party agencies. The definition of sensitive personal data is defined in 2011, in accordance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information), which, among other things, classifies physical and mental statements and medical records as sensitive data of a personal nature. The provisions in the guidelines are largely in line with the instructions of the Kerala Supreme Court in April.