--- layout: default title: "Your Private Data May Be Online, Courtesy Govt" description: "A Business Standard investigation by Somesh Jha and Surabhi Agarwal examining how government transparency initiatives inadvertently exposed sensitive citizen data online, featuring commentary from Sunil Abraham on data protection gaps, privacy-transparency tensions, and risks of financial fraud through database aggregation across welfare schemes and electoral rolls." categories: [Media mentions] date: 2013-10-28 authors: ["Somesh Jha", "Surabhi Agarwal"] source: "Business Standard" permalink: /media/private-data-online-govt-business-standard/ created: 2026-01-09 --- **Your Private Data May Be Online, Courtesy Govt** is a *Business Standard* investigation published on 28 October 2013 by Somesh Jha and Surabhi Agarwal. The article exposes how central and state government departments published sensitive citizen information—including bank account numbers, income details, and photographs—on public websites whilst pursuing transparency objectives, featuring analysis from Sunil Abraham, then Executive Director of the Centre for Internet and Society, on privacy risks, regulatory conflicts between transparency and data protection laws, and vulnerabilities to profiling and financial fraud. ## Contents 1. [Article Details](#article-details) 2. [Full Text](#full-text) 3. [Context and Background](#context-and-background) 4. [External Link](#external-link) ## Article Details
📰 Published in:
Business Standard
📅 Date:
28 October 2013
👤 Authors:
Somesh Jha, Surabhi Agarwal
📄 Type:
Investigation
📰 Article Link:
Read Online
## Full Text

To push the government's agenda of greater transparency and accountability, several states and central departments might be, unwittingly, following a bare-it-all approach in posting citizen data online. And, even sensitive and personal information, such as bank account numbers and income status, is not being spared. A Business Standard investigation reveals, with so much citizen data already in the public domain and more getting added every day, the government could be jeopardising the privacy of its 1.2 billion citizens, who stand exposed to a variety of risks, including those of 360-degree profiling and financial frauds.

For instance, the Centre's National Rural Employment Guarantee Scheme puts out full bank account numbers of its beneficiaries, along with details like the amount they received. So, one can easily know the bank in which most residents of, say, Punjab's Machhiwara district have their accounts. Also, their account numbers are complete, with photographs. In the case of Haryana's 25-year-old Ram (surname withheld), the photograph is not available but one can get his financial details on the portal, along with the first eight digits of his Aadhaar number (the last four have been muted).

Sample this: The occupation and yearly income of one Amrita of Uttar Pradesh are just a matter of a few clicks and so are her ration card number, full address, age, father's/husband's name, category and poverty status. A farmer from Amethi district, she doesn't have a gas or an electricity connection, but Lucknow-based Manu, who earns Rs 4 lakh a year, does have. Amrita's yearly income is Rs 1.2 lakh a year. These details are all there on their respective ration cards, out in the open on the government website of Uttar Pradesh, a state that might have gone overboard in revealing citizen data under the ongoing computerisation of the public distribution system.

"If people start publishing information like these and the government doesn't regulate it through a data protection law, criminal minds can harvest and combine all databases accurately," says Sunil Abraham, executive director of Centre for Internet and Society, a Bangalore based think-tank. People often create passwords and PINs based on dates and numbers very important to them. "A little bit of intelligence and some amount of social engineering could lead to guesses... and financial fraud." Even by sifting through just three databases, it is quite easy to get a random person's details like voter identity card number, address, name, age, date of birth, ration card number, information on family members, along with income status and photograph.

One can argue the electoral roll is a public document and there is nothing wrong with a person's voter identity card number, full address, name, age, father's name and even date of birth being easily searchable online. But a few states like Uttarakhand have even published photographs, an element barred from online posting under the law. Experts argue a massive digitisation exercise is underway in the country and, with the lack of standards and clear advisories from the Centre, the situation could worsen in the future.

A Cabinet minister, who did not wish to be named, said there was a continuous tug-of-war between the imperative of privacy, which doesn't allow you to share information; and transparency, which says you should share it. "Also, the Right to Information Act says if somebody is receiving government subsidy, it is public information." However, the Indian laws might not be consistent on this issue as "under Section 43a of the Information Technology Act, any kind of financial information is classified as 'sensitive personal information' and can't be put online," says an official of the communications and information technology ministry who has closely worked on drafting of the IT Act.

But, the IT Act provides an exception for matters covered under the RTI Act. This could infer that when the recently-approved Food Security Act comes into being, the income status of two-thirds of the population (that the Act covers) could be posted online. Also, the law would permit bank account numbers of beneficiaries of various welfare schemes like cooking gas subsidy under the ongoing direct benefit transfer scheme to be made public, as subsidies are transferred directly to accounts under the project.

A statement from the office of Rural Development Minister Jairam Ramesh explained the National Rural Employment Guarantee Act provided for "making available for public scrutiny" all accounts and records related to the scheme. It added "there appears to be no evident risk of misappropriation or financial fraud". Sudhir Kumar, secretary in the Department of Food and Public Distribution, says the whole system needs to be transparent, especially when huge government subsidy is going out in the case of PDS. However, "if states are putting unnecessary details online, it can be looked into". Deputy Election Commissioner Alok Shukla says, according to an EC order, states are not allowed to put photographs of voters online to ensure their privacy is safeguarded. These will be removed if such cases are found. He adds a standard protocol is also being worked out for states.

{% include back-to-top.html %} ## Context and Background This investigation appeared in October 2013 as government digitisation initiatives collided with absent data protection frameworks, creating systematic privacy violations across welfare programmes. The article documented MGNREGA portals publishing complete bank account numbers with beneficiary photographs, Uttar Pradesh's PDS system revealing income details and family compositions, and electoral databases including prohibited voter photographs. These exposures stemmed from misinterpreting transparency mandates rather than malicious intent, but the consequences—enabling identity theft, financial fraud, and invasive profiling—remained severe regardless of governmental good faith. Abraham's warning that "criminal minds can harvest and combine all databases accurately" identified database linkage risks that privacy scholars call the "mosaic effect." Individually innocuous data points—voter ID numbers, ration card details, MGNREGA payments—become powerfully invasive when aggregated, enabling reconstruction of comprehensive personal profiles. His observation about password derivation from personal dates and numbers highlighted practical fraud vectors: attackers harvesting birth dates, family member names, and addresses from government portals could systematically attempt common password patterns against banking systems. The legal conflicts described reflected deeper confusion about transparency's scope. The Right to Information Act 2005 mandated disclosure of subsidy recipients to enable accountability, whilst IT Act Section 43A classified financial information as sensitive personal data requiring protection. Officials resolved this tension by asserting RTI supremacy, but this interpretation ignored proportionality principles: disclosing aggregate subsidy expenditure or anonymised statistical distributions could satisfy transparency whilst protecting individual privacy, yet systems defaulted to maximum disclosure. ## External Link - [Read on Business Standard](https://www.business-standard.com/article/economy-policy/your-private-data-may-be-online-courtesy-govt-113102800020_1.html)