white_paper_on_data_protection_in_india_171127_final_v2
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CHAPTER 7: STORAGE LIMITATION AND DATA QUALITY<br />
7.1 Introducti<strong>on</strong><br />
(i)<br />
Storage Limitati<strong>on</strong><br />
As discussed <strong>in</strong> Part III, Chapter 5 of the White Paper, the pr<strong>in</strong>ciple of purpose specificati<strong>on</strong><br />
requires that the purpose for which <strong>data</strong> is be<strong>in</strong>g collected must be specified at the time of<br />
collecti<strong>on</strong>, and subsequent use of such <strong>data</strong> must ord<strong>in</strong>arily be limited to such purpose(s).<br />
Adherence to this pr<strong>in</strong>ciple is necessary to ensure that the process<strong>in</strong>g of <strong>data</strong> is lawful. A<br />
closely c<strong>on</strong>nected pr<strong>in</strong>ciple is that of storage limitati<strong>on</strong>. This pr<strong>in</strong>ciple requires that <strong>data</strong> must<br />
be reta<strong>in</strong>ed by an organisati<strong>on</strong> <strong>on</strong>ly for the time period that is reas<strong>on</strong>ably necessary to fulfill<br />
the purpose for which it was collected. Thus, when <strong>data</strong> no l<strong>on</strong>ger serves a purpose, it may be<br />
necessary, if practicable, to have it erased or an<strong>on</strong>ymised. 532<br />
(ii)<br />
Data Quality<br />
The related pr<strong>in</strong>ciple of <strong>data</strong> quality is an obligati<strong>on</strong> <strong>on</strong> <strong>data</strong> c<strong>on</strong>trollers to create, ma<strong>in</strong>ta<strong>in</strong>,<br />
use or dissem<strong>in</strong>ate pers<strong>on</strong>al <strong>data</strong> <strong>in</strong> such a manner as to ensure the reliability of such <strong>data</strong> for<br />
its <strong>in</strong>tended use. 533 The OECD Guidel<strong>in</strong>es stipulates that ―Pers<strong>on</strong>al <strong>data</strong> should be relevant to<br />
the purposes for which they are to be used, and, to the extent necessary for those purposes,<br />
should be accurate, complete and kept up-to-date.‖ 534 Such an obligati<strong>on</strong> exists s<strong>in</strong>ce<br />
process<strong>in</strong>g of <strong>in</strong>correct or <strong>in</strong>accurate <strong>data</strong> can have detrimental c<strong>on</strong>sequences for the<br />
c<strong>on</strong>cerned <strong>in</strong>dividual, such as denial of services like loans, credit etc. Data quality is also<br />
closely l<strong>in</strong>ked with <strong>in</strong>dividual participati<strong>on</strong> rights (discussed <strong>in</strong> Part III, Chapters 8, 9 and 10<br />
of the White Paper) s<strong>in</strong>ce an <strong>in</strong>dividual can, by access<strong>in</strong>g <strong>on</strong>e‘s <strong>data</strong>, require the organisati<strong>on</strong><br />
to correct it <strong>in</strong> case it is <strong>in</strong>accurate.<br />
7.2 Issues<br />
(i)<br />
Implementati<strong>on</strong><br />
The pr<strong>in</strong>ciple of storage limitati<strong>on</strong> requires an organisati<strong>on</strong> to store pers<strong>on</strong>al <strong>data</strong> <strong>on</strong>ly for a<br />
time period that is ―reas<strong>on</strong>ably necessary‖ for the purpose for which it was collected. The use<br />
of a subjective term such as ―reas<strong>on</strong>ably necessary‖ may affect implementati<strong>on</strong> s<strong>in</strong>ce it will<br />
be difficult to impose a tangible obligati<strong>on</strong> <strong>on</strong> the organisati<strong>on</strong>. For <strong>in</strong>stance, an organisati<strong>on</strong><br />
532 OECD, ‗OECD Guidel<strong>in</strong>es <strong>on</strong> the Protecti<strong>on</strong> of Privacy and Transborder Flows of Pers<strong>on</strong>al Data‘ (2013),<br />
available<br />
at:<br />
http://www.oecd.org/sti/iec<strong>on</strong>omy/oecdguidel<strong>in</strong>es<strong>on</strong>theprotecti<strong>on</strong>ofprivacyandtransborderflowsofpers<strong>on</strong>al<strong>data</strong>.ht<br />
m (last accessed 31 October 2017).<br />
533<br />
CIPP Guide, ‗The HEW Report: Def<strong>in</strong><strong>in</strong>g the Fair Informati<strong>on</strong> Practices‘, available at:<br />
https://www.cippguide.org/2012/08/23/the-hew-report-def<strong>in</strong><strong>in</strong>g-the-fair-<strong>in</strong>formati<strong>on</strong>-practices/, (last accessed 26<br />
October 2017).<br />
534 OECD, ‗OECD Guidel<strong>in</strong>es <strong>on</strong> the Protecti<strong>on</strong> of Privacy and Transborder Flows of Pers<strong>on</strong>al Data‘ (2013),<br />
available<br />
at:<br />
http://www.oecd.org/sti/iec<strong>on</strong>omy/oecdguidel<strong>in</strong>es<strong>on</strong>theprotecti<strong>on</strong>ofprivacyandtransborderflowsofpers<strong>on</strong>al<strong>data</strong>.ht<br />
m (last accessed 31 October 2017).<br />
117