Millions of Indians are almost being forced to disclose their PII (Personally Identifiable Information) and their bank account details to get the domestic cooking gas. This information is being collected by the cooking gas dealers through an KYC Form (Know Your Client Form).
The collection of this information seems to be a violation of Section-43A of Indian Information Technology Act, 2000.
The Government of India recently notified the “Information Technology (Reasonable
Security Practices and Procedures and Sensitive Personal Information) Rules, 2011” (the
“Rules”) under Section 43-A of the Information Technology Act, 2000 (the “IT Act”). The
Rules are in effect from April 11, 2011.
Collection of Information:
Rule 5 of this Act deals with respect to the collection of sensitive personal data or information. This rule
states that a body corporate has to first obtain consent in writing either through letter or fax or
email from the provider (the gas consumers) of such information regarding purpose of usage before collection of such information.
The gas dealers, who are collecting this information, must comply with reasonable security practices and procedures. They should have ISO/IEC 27001 certification on “Information
Technology - Security Techniques - Information Security Management System – Requirements”.
The following information are being collected:
Name
Date of Birth
Father's, Mother's & Spouse's Name
Address
Home Phone Number
Mobile Phone Number
Email Id
ID: Permanent Account, Passport Number, Driver License number, Voter Id, Aadhar UIDAI and any other id issued by Central or State govt.
Photo copy of : house registration document, ration card, Life Insurance policy document,
Bank Account Number, Bank Code, Bank Address
Copy of telephone/electricity bill.
Copy of ration card
Copy of passport
Uhhhh.. isn't it too much information? The criminals can see it as a goldmine.
With the help of the information that will be collected in the KYC form, one can empty your bank account in couple of hours. I know how can your bank account be robbed with the help of this information (I'm not going to tell you this ... :) ). But, imagine what will happen if these information come in the hand of criminals - Catastrophic !!!
Before submitting these information to the dealers, we should ask the dealers if they are certified to collect these sensitive information.
The collection of this information seems to be a violation of Section-43A of Indian Information Technology Act, 2000.
The Government of India recently notified the “Information Technology (Reasonable
Security Practices and Procedures and Sensitive Personal Information) Rules, 2011” (the
“Rules”) under Section 43-A of the Information Technology Act, 2000 (the “IT Act”). The
Rules are in effect from April 11, 2011.
Collection of Information:
Rule 5 of this Act deals with respect to the collection of sensitive personal data or information. This rule
states that a body corporate has to first obtain consent in writing either through letter or fax or
email from the provider (the gas consumers) of such information regarding purpose of usage before collection of such information.
The gas dealers, who are collecting this information, must comply with reasonable security practices and procedures. They should have ISO/IEC 27001 certification on “Information
Technology - Security Techniques - Information Security Management System – Requirements”.
The following information are being collected:
Name
Date of Birth
Father's, Mother's & Spouse's Name
Address
Home Phone Number
Mobile Phone Number
Email Id
ID: Permanent Account, Passport Number, Driver License number, Voter Id, Aadhar UIDAI and any other id issued by Central or State govt.
Photo copy of : house registration document, ration card, Life Insurance policy document,
Bank Account Number, Bank Code, Bank Address
Copy of telephone/electricity bill.
Copy of ration card
Copy of passport
Uhhhh.. isn't it too much information? The criminals can see it as a goldmine.
With the help of the information that will be collected in the KYC form, one can empty your bank account in couple of hours. I know how can your bank account be robbed with the help of this information (I'm not going to tell you this ... :) ). But, imagine what will happen if these information come in the hand of criminals - Catastrophic !!!
Before submitting these information to the dealers, we should ask the dealers if they are certified to collect these sensitive information.
No comments:
Post a Comment