The Madhavan Nambiar-Gulshan Roy expert committee handed over the report to the state government, revealing certain key points. The report indicates that data of over 1.8 lakh people leaked, but adds that it is not a national security risk. The committee mentions that the data does not include private information but relates to the symptoms and diseases of the individuals. While the leaked data reportedly returned to C-DIT servers, the committee says that state machineries are incapable of identifying data leaks and so cannot confirm if there aren’t copies out there.
The committee points to M Sivasankar, former Principal Secretary of Kerala CM, as having taken the decision on the deal without conferring with senior officials. Moreover, the latter did not approach the Law Secretary to check with the contract. This failure in protocol greatly affected the contract, noted the committee. The Opposition had already accused the government of not referring with law, finance and other departments before signing the deal.
The committee has made some recommendations regarding the contract and future cyber security risks. One such concerns C-DIT (Centre for Development of Imaging Technology), and its personnel. The report suggested strengthening the institute’s IT infrastructure and cyber security. Moreover, the state must regularly train C-DIT employee on various cyber security protocols. This also relates to the state’s IT Mission.
The row began when the Congress-led Opposition accused the government of not following due protocol before signing with the US-based Sprinklr. The contract allowed the company to collect and collate data of patients without individual consent. However, the state government replied that the deal was necessary since data collection was done on massive scale.