New Delhi: Minister of State for Electronics and Information Technology, Rajeev Chandrasekhar has said that the policies of the Union Government are aimed at ensuring an Open, Safe and Trusted and Accountable Internet for its users.
Shri Chandrasekhar in a written reply to a question in Rajya Sabha today said that with the expansion of the Internet, more and more Indians coming online, there is an increase in the facial recognition of biometric information, including information generated for purposes for facial recognition technology.
Section 43A of the Information Technology Act, 2000 provides that a body corporate which possesses or deals or handles any sensitive personal data or information in a computer resource owned or controlled or operated by it is liable to compensate an affected person for causing wrongful loss or wrongful gain to any person due to negligence in implementing and maintaining reasonable security practices and procedures.
The Union Government, in exercise of its powers under the said section, has prescribed the rules regarding sensitive personal data or information as well as the reasonable security practices and procedures to be complied with. As per these, sensitive personal data or information includes biometric information, and biometrics include technologies that measure and analyze facial patterns.
The reasonable security practices and procedure include implementation of the international standard IS/ISO/IEC 27001 or Government-approved codes of best practices for data protection, and a comprehensive documented information security program and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected with the nature of business.
Thus, law to regulate facial recognition technology and manage data related to such technology is in place, said he.
Further, the Ministry of Electronics and Information Technology has prepared a draft Bill, titled the Digital Personal Data Protection Bill, 2022 and has invited feedback from the public as part of its public consultation exercise, pointed out Shri Chandrasekhar.