The taxpayers’ GST information does not pose any risk towards violation of people’s privacy as the data is not shared with anybody and even the Goods and Services Tax Network or its Board members cannot view it, GSTN said on Thursday.
GSTN is the information-technology backbone of the Goods and Services Tax (GST).
The statement comes against the backdrop of Supreme Court ruling on Thursday which declared the Right to Privacy as a fundamental right and must be protected as an intrinsic part of life and personal liberty and freedoms guaranteed by the Constitution.
“The Supreme Court order applies to everybody. Right to privacy applies to everybody. But the security of the GST data will not be compromised because we are not sharing it with anybody,” GSTN Chairman Navin Kumar told IANS.
Kumar said that the data of the taxpayers is encrypted, which remains on the servers and goes directly to the tax department.
On being asked if ownership of private stakeholders in GSTN might compromise data security, he said: “Why should it impose any risk? ICICI Bank, HDFC Bank, HDFC are on the Board. They don’t have any access to the data. We also do not have access to the data. The data is on the servers, it comes from taxpayers and goes to the tax department.”
GSTN is a private organisation with the Centre and state governments owning 24.5 per cent stake each, while HDFC, NSE Strategic Investment Corporation, HDFC Bank and ICICI Bank own 10 per cent each. LIC Finance holds 11 per cent stake in GSTN.
BJP MP Subramanian Swamy had also earlier raised doubts over the majority stake of GSTN being held by private players, which he said might compromise the data security.
But Kumar said: “We have elaborate security system. We have ISO 27001 certified information security managment system (ISMS). which is best standard of information security system.”
“We have layered security structure, starting with physical security, network security, application security, data security, etc. These are the various layers at which security is ensured. There is also a third party audit,” he added.
GSTN also has in place 24×7 security operations centre, which keeps a watch on the data coming and going.
“If there is any suspicious activity, they can raise alarm and action can be taken. We have elaborate security. There is a team of people monitoring it,” he added.
The Supreme Court’s decision on Right to Privacy may have an impact on the petitions challenging the making of Aadhaar mandatory. Kumar said that the Aadhaar information is shared with various traders and organisations but this is not the case in GST.
In some cases, though taxpayers themselves share the information with private GST Suvidha Providers (GSPs), but GSTN does not come into the picture. “GSTN cannot prevent taxpayers not to give data to GSPs. Taxpayers are giving their data to GSPs, not us. So the data leak cannot happen from GSTN,” he added.