To Share or Not Share, a CIO’s Dilemma

In India today, everybody shares information. The banks do it, the ISPs do it, the DSPs do it, and the travel industry does it. And yet there in no proper information sharing mechanism.

Even Google has been named as one of the participating companies in the report leaked by Snowden. So if Google couldn’t refuse, can you?

Edward Snowden. A hero for some, a traitor for others. Snowden recently catapulted to Internet fame after he disclosed details of a classified NSA surveillance program which he accused was excessively spying on the American people. Today he’s become the poster boy for internet freedom, and user privacy and heralded by advocates of free speech all over the world, including in India.

Let’s admit, user privacy in India is pathetic. There are probably 10 call centers out there who know your name, which car you drive and what salary you take home. Banks, telecommunication operators, travel desks have critical information about your day-to-day life, and probably not a great mechanism to protect it.

But users are getting increasingly conscious.  As internet penetration improves, and more and more Edwards Snowdens and Julian Assanges come to the forefront, users are going to start demanding more privacy. And when that happens, enterprises in India will have to carefully re-evaluate their positions.

In India today, everybody shares information. The banks do it, the ISPs do it, the DSPs do it, and the travel industry does it. And yet there in no proper information sharing mechanism. There are no laws that protect either the interests of the private corporation, much less that of the consumer. The lack of a proper framework or laws around it has made information sharing so utterly ineffective, that even our intelligence agencies, the supposed beneficiaries of the information, don’t seem to make much use of it.

 ALSO READ: Prism Leaker Steps Forward, Cites ‘Massive Surveillance Machine’

As a custodian of information, this puts the CIO in a difficult position. If a government agency approach a private entity with request for such sensitive customer information, what should an enterprise do? Sharing any such information will be in violation of the privacy that the enterprise has promised it consumer. And not doing so, would invite the wrath of the government.

The enterprise always has a choice of refusing.  There is currently no mandate for a company to co-operate. Google is a great example of a company that has persistently refused to divulge customer information. But even Google has been named as one of the participating companies in the report leaked by Snowden. So if Google couldn’t refuse, can you?

Besides, most information requested by intelligence agencies is time-sensitive. While you may be well within your rights to refuse the subpoena and demand a High Court order to process the information, it may very well tantamount to non-cooperation and obstruction to justice. In a country like India, you will need a lot of fortitude and political clout to take a stand like that.

ALSO READ: New Data Privacy Rules: India Inc Unhappy

On the other hand, if you do willingly share information with the government, you have no way ofknowing if your information is safe with them. If tomorrow, a legitimate customer of yours is harassed by a government agency based on information provided by you, he may be liable to sue you.  It may be an issue of national security, but you need to protect your company as well. Though cases of customer privacy in India are few and far between, with the new wave of user privacy, this is bound to land your company in hot waters.

The debate about how much government surveillance is acceptable and how much is intrusion of privacy will rage on. But if the Indian government wants to make information sharing easier, transparent and more effective, it needs to put in strong protocols and a structured mechanism for information sharing between governments and private agencies. Along with that, the government must also promise complete indemnity to the private enterprise from the privacy lawsuits that follow.

Till then, just hope no one comes knocking on your door.

 Varsha Chidambaram is a Principal Correspondent for IDG Media. Send your feedback to varsha_chidambaram@idgindia.com. Follow Varsha on Twitter @Varsha_IDG