If the Indian government comes knocking on your door for your customersu2019 information, what would you do? In India today, everybody shares information. The banks do it, the ISPs do it, the DSPs do it, and the travel industry does it. And yet there in no proper information sharing mechanism. Even Google has been named as one of the participating companies in the report leaked by Snowden. So if Google couldn’t refuse, can you? Edward Snowden. A hero for some, a traitor for others. Snowden recently catapulted to Internet fame after he disclosed details of a classified NSA surveillance program which he accused was excessively spying on the American people. Today he’s become the poster boy for internet freedom, and user privacy and heralded by advocates of free speech all over the world, including in India. Let’s admit, user privacy in India is pathetic. There are probably 10 call centers out there who know your name, which car you drive and what salary you take home. Banks, telecommunication operators, travel desks have critical information about your day-to-day life, and probably not a great mechanism to protect it. But users are getting increasingly conscious. As internet penetration improves, and more and more Edwards Snowdens and Julian Assanges come to the forefront, users are going to start demanding more privacy. And when that happens, enterprises in India will have to carefully re-evaluate their positions. In India today, everybody shares information. The banks do it, the ISPs do it, the DSPs do it, and the travel industry does it. And yet there in no proper information sharing mechanism. There are no laws that protect either the interests of the private corporation, much less that of the consumer. The lack of a proper framework or laws around it has made information sharing so utterly ineffective, that even our intelligence agencies, the supposed beneficiaries of the information, don’t seem to make much use of it. ALSO READ: Prism Leaker Steps Forward, Cites ‘Massive Surveillance Machine’ As a custodian of information, this puts the CIO in a difficult position. If a government agency approach a private entity with request for such sensitive customer information, what should an enterprise do? Sharing any such information will be in violation of the privacy that the enterprise has promised it consumer. And not doing so, would invite the wrath of the government. The enterprise always has a choice of refusing. There is currently no mandate for a company to co-operate. Google is a great example of a company that has persistently refused to divulge customer information. But even Google has been named as one of the participating companies in the report leaked by Snowden. So if Google couldn’t refuse, can you? Besides, most information requested by intelligence agencies is time-sensitive. While you may be well within your rights to refuse the subpoena and demand a High Court order to process the information, it may very well tantamount to non-cooperation and obstruction to justice. In a country like India, you will need a lot of fortitude and political clout to take a stand like that. ALSO READ: New Data Privacy Rules: India Inc Unhappy On the other hand, if you do willingly share information with the government, you have no way ofknowing if your information is safe with them. If tomorrow, a legitimate customer of yours is harassed by a government agency based on information provided by you, he may be liable to sue you. It may be an issue of national security, but you need to protect your company as well. Though cases of customer privacy in India are few and far between, with the new wave of user privacy, this is bound to land your company in hot waters. The debate about how much government surveillance is acceptable and how much is intrusion of privacy will rage on. But if the Indian government wants to make information sharing easier, transparent and more effective, it needs to put in strong protocols and a structured mechanism for information sharing between governments and private agencies. Along with that, the government must also promise complete indemnity to the private enterprise from the privacy lawsuits that follow. Till then, just hope no one comes knocking on your door. Varsha Chidambaram is a Principal Correspondent for IDG Media. Send your feedback to varsha_chidambaram@idgindia.com. Follow Varsha on Twitter @Varsha_IDG Related content feature Expedia poised to take flight with generative AI CTO Rathi Murthy sees the online travel service’s vast troves of data and AI expertise fueling a two-pronged transformation strategy aimed at growing the company by bringing more of the travel industry online. By Paula Rooney Jun 02, 2023 7 mins Travel and Hospitality Industry Digital Transformation Artificial Intelligence case study Deoleo doubles down on sustainability through digital transformation The Spanish multinational olive oil processing company is immersed in a digital transformation journey to achieve operational efficiency and contribute to the company's sustainability strategy. By Nuria Cordon Jun 02, 2023 6 mins CIO Supply Chain Digital Transformation brandpost Resilient data backup and recovery is critical to enterprise success As global data volumes rise, business must prioritize their resiliency strategies. By Neal Weinberg Jun 01, 2023 4 mins Security brandpost Democratizing HPC with multicloud to accelerate engineering innovations Cloud for HPC is facilitating broader access to high performance computing and accelerating innovations and opportunities for all types of organizations. By Tanya O'Hara Jun 01, 2023 6 mins Multi Cloud Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe