SUMMARY
Until now, the authority to delete surveillance data rested with the security agency that requested the surveillance
Under the amendments, both the state and central home secretaries now serve as the competent authority authorised to request the deletion of surveillance orders
Furthermore, the IT Ministry has amended the rules to designate computer resources associated with the National Investigation Agency
In a major development, the government has amended the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) rules, under which both the Union and State home secretaries now possess the authority to instruct deletion of surveillance data, including orders for interception, monitoring or decryption, along with the actual information of an individual under surveillance after six months.
This amendment was notified by the IT Ministry on February 26 in the Rule 23, sub-rule 1 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules of 2009.
“Every record, including electronic records pertaining to such directions for interception or monitoring or decryption of information and of intercepted or monitored or decrypted information shall be destroyed by the security agency and competent authority in every six months except in a case where such information is required or likely to be required for functional requirements,” the amended Rule 23 (1) of IT Rules 2009, said.
Until now, the authority to delete surveillance data rested with the security agency that requested the surveillance, either through the home ministry or a competent court.
Under the amendments, both the state and central home secretaries now serve as the competent authority authorised to request the deletion of surveillance orders and associated records.
Furthermore, the IT Ministry has amended the rules to designate computer resources associated with the National Investigation Agency (NIA) and their dependencies as critical information infrastructure.
The first rule amendment provides clearer guidelines by designating the Home Ministry, at both central and state levels, as the primary agency responsible for executing orders related to interception, monitoring, and decryption of information.
“This is just a technical clarification. Since the home secretary is not a ‘security agency’, it was done to prove that clarity,” an IT ministry official said, as per an ET report.
The second amendment classifies computer resources associated with the National Investigation Agency (NIA) as critical information infrastructure. This designation ensures that individuals attempting to attack or steal information from these resources may face more severe consequences than usual.
According to officials, ongoing investigations will remain unaffected by these amendments. Typically, when surveillance against a person or entity is ordered, it is carried out by the local police operating under the state government. However, in certain instances, surveillance orders may be executed by central agencies operating under the Ministry of Home Affairs at the Centre.
