Over a year after the revelation that a private vendor, previously employed by the ministry of defence, may have walked away with the personal data of over 50 lakh military personnel and their families, the government is yet to take action on the alleged theft.
The matter was highlighted last year in March when a retired naval commodore Lokesh Batra received information through RTI, claiming that the data pertaining to the Ex-servicemen Contributory Health Scheme (ECHS) was compromised. The ministry claimed that, in the system of smart card which was introduced in May 2015, the biometric data (thumb impression) of the individual was stored in the smart card. But after termination of contract, the ministry was not certain if the company had returned all the data or copied it for third party use.
The issue was raised in the parliament by Rajya Sabha member Majeed Memon in December 2018. The then ministry of state for defence Subhash Bhamre stated that "the data has been handed over to ECHS by SITL (private vendor). However, some source codes and keys were not handed over. SITL has not given any confirmation regarding retention of a copy of data of ESM despite repeated reminders. Action has been initiated for taking legal action against the firm." But, till today, the ministry has not taken any step to penalise the offender.
Navy officer Batra, who filed an RTI to seek an update on the matter, was called by the ministry on July 25. "When I inspected the files on July 25, there was no move to take action, something that should have been done on war footing. Even now, after seven months of committing to the Parliament, the government is yet to take legal action against the said firm," Lokesh Batra told THE WEEK. Batra has now written to the secretary, department of ex-servicemen welfare.
When the issue was raised, the ministry of defence admitted that “data regarding ex-servicemen is a sensitive issue”. But, the department of ex-servicemen, which works under the ministry of defence, was not certain whether the vendor, after termination of their contract, had returned the stored data or retained a copy of it. MoD feared that, in the worst case scenario, the vendor could have shared it with a third party.
