How safe are our Income Tax Returns? CIC order raises serious questions about privacy
Sai Krishna Muthyanolla
April 12, 2017
A latest CIC order involving the Income Tax department raises some serious questions about the privacy of the IT returns filed by tax payers.
At a time when there is a fierce debate over privacy of citizens in the wake of Aadhaar being made mandatory for many schemes and even for filing Income Tax (IT) returns, a recent order of the Central Information Commission (CIC) raises some serious questions about the privacy of the IT returns filed by tax payers.
IT Returns of the Appellant downloaded by a third party
The appeal in the CIC was filed by one Mr. Badal Satapathy of Bhubaneshwar. He had earlier filed an application under the RTI act with the IT department seeking information on 08 points including the details about the data security/sharing policies practiced by the income Tax Department, and the grounds on which the financial details filed by an IT assesse could be made available to a third party/public. The appellant contended that his ITR details for the Financial Years 2005 to 2011 were downloaded on 19th December 2012 by the owner of two different USER IDs and shared with a third party without his consent. He also sought to know if the above mentioned activity attracts penal provisions under Indian Penal Code/ IT Act,1961.
The RTI application makes rounds and transferred from one to another 16 times
During the course of the appeal hearing, it was revealed that the appellant was notified of the transfer of his RTI application 16 different times. The original application was transferred to the Central Public Information officer (CPIO) in the office of DGIT(Systems), New Delhi. Later it was transferred to the CPIO in the office of ADG(Systems)-3. Subsequently it was transferred to the CPIO in the office of ADG(S)-1, New Delhi and ITO, Jeypore. Thereafter, it was transferred to the CPIO in the office of CIT-TDS, Ghaziabad.  Dissatisfied by the response of the CPIO, the Appellant made a first appeal.
The IT Department has very often denied disclosure of IT Returns to a 3rd Party
During the course of the hearing, the CIC observed that the IT department, the Supreme Court and various High Courts have often denied disclosure of IT returns. The Supreme Court in  Girish Ramchandra Deshpande vs. Central Information Commission & ors held that the details disclosed by a person in his income tax returns are “personal information” which stand exempted from disclosure under clause (j) of Section 8(1) of the RTI Act, unless involves a larger public interest.
The same was reiterated by many High Courts including the Bombay High Court which held that the records relating to Income Tax are held by the Department in a fiduciary capacity, hence the Department owes a bounden duty to ensure that personal and confidential information of a tax payer was held in the safest and secure manner.
As a matter of fact, the IT department has itself routinely denied disclosure of IT returns on multiple occasions citing the court judgments and Sec 8(1)(j) of the RTI act. They often cite privacy” and data held in “fiduciary capacity” as the reasons for denying information.
‘Revamping IT Systems to ensure maximum Data Privacy’ says IT Department
When the IT department was asked about the mechanism in place to protect the privacy of the assessee, it was mentioned that the IT Department was in the process of revamping their system software to ensure maximum data privacy.  A new module was proposed to be inducted which is undergoing trials currently. The department added that the new software would address most of the issues pertaining to data security. In other words, the department accepted that the current system was not fool proof.
The CIC had in fact observed that the record keeping in the IT department was in an outdated format and not upgraded utilizing the modern technological tools. The CIC in its order directed the IT Department to investigate the root cause of the leakages of confidential data filed by the Tax Payers and plug the loopholes. The CIC gave 30 days for the investigation.
It is ironic that the IT department which regularly denies disclosure of IT returns citing the privacy clause of the RTI act does not seem to have the necessary mechanism in place to protect the privacy of the tax payers.
Featured Image: How safe are our Income Tax Returns