Kerala High Court raps state govt on IT deal with US firm for processing COVID-19 patients' data

Kerala High Court raps state govt on IT deal with US firm for processing COVID-19 patients' data
Kochi, Apr 21 () The Kerala High Court on Tuesdaytook potshots at the state government's IT contract with a USfirm for processing data related to COVID-19 patients anddirected it to file a statement by April 24 on the details ofthe deal.

Considering a plea seeking quashing of the stategovernment's contract with the US-based IT firm Sprinklr, theHigh Court sought to know as to why foreign jurisdiction wasincluded as a clause in the deal for adjudication of possibledisputes.


Expressing concern over the confidentiality of thecitizen's data processed by a third party, a division benchcomprising Justices Devan Ramachandran and T R Ravi alsosought to know why the sanction of the law department was nottaken before finalising the agreement.

The court hailed the state government's fightagainst the pandemic but said it was concerned about the dataconfidentiality.

It also directed the government to explainthe reason for engaging a foreign firm for such works whenthere are government IT wings to do such jobs.

Noting that a citizen is not privy to the dealsigned between the state government and the foreign company,the court observed that the state government will be held asresponsible, if the firm misused the data.


The court also asked why the contract was notreferred to the law department before signing it.

When state government counsel said the datacollected did not constitute sensitive personal information,the bench said data confidentiality in the present world isthe most important.

The state government said the agreement with theSprinklr has safeguards for data protection in accordancewith the standard practices of software as a service models.

In his plea, petitioner Balu Gopalakrishnansaid he was concerned about the manner in which the dataregarding the COVID19 patients in the state are collected,stored, analysed and retrieved.

The state government had entered into acontract with the IT company based out of the US, owned by anon resident Keralite, wherein the data of suspected andactual patients of the COVID-19 virus will be collectedusing government machinery and is uploaded to the foreignfirm's web server on a daily basis.


The IT company in turn will provide actual datato the State machinery after analysis, for betterunderstanding and treatment of the pandemic.

The petitioner said only concern is whetherthe data stored in the web server of company is safe andwhether it can be used by the company for monetary gains.

"Even if there is a non-disclosure agreementbetween the parties, how can a violation of the agreement bepenaly enforced upon a foreign company and whether it will beeffective.

The IT department of the state cannot feignignorance of the perils of data theft and answer questionsflimsily and callously," the petitoner said.

More than 1.5 lakh sensitive medical informationof the COVID-19 patients are uploaded on a daily basis, tilltoday, the petitioner alleged.

Noting that the government agencies are wellequipped to deal with the storage of data, the petitionersought to know why did the state prefer the foreign companyfor storage of sensitive information. COR TGB BNWELCOME BNWELCOME

(This story has not been edited by Business Insider and is auto-generated from a syndicated feed we subscribe to.)