Rediff News
All News

NewsApp (Free)

Read news as it happens
Download NewsApp
Rediff.com  » Business » Is investor data secure enough?

Is investor data secure enough?

xTo get such articles in your inbox
January 04, 2006 13:50 IST

The Securities and Exchange Board of India's 'MAPIN' system has elicited enormous controversy. Many people have instinctively flinched from the prospect of a database of fingerprints. But after a protracted process of public discussion, Sebi has now decided to go ahead with MAPIN (Market Participant and Investor scheme).

On balance, this appears to be a wise decision. MAPIN is crucially important to solve two problems: insider trading and market manipulation.

Orwellian as it may seem, securities regulators in mature market economies do maintain a database of the individuals who make up the senior management of listed companies, their relatives, and so on.

The typical pattern found in India is that a sharp movement in prices comes before a public announcement. Once proper databases are in place, it will become possible to identify which insiders traded ahead of the announcement. MAPIN is a necessary foundation for that next step.

Similarly, market manipulation typically involves concerted actions by a few people who violate position limits by spreading their transactions across multiple brokers. It will become possible to identify the full position of a wrongdoer by using MAPIN. Indeed, there is no meaning to 'market wide position limits' in the absence of a system like MAPIN.

In other countries, the infrastructure for establishing citizen identity -- such as the social security number in the United States -- is available off the shelf for financial sector policy.

In India, such identity infrastructure is lacking. It was supposed to be the job of the department of posts to build it. However, if you want to get something done, do it yourself: hence the securities markets have chosen to build this complex piece of infrastructure themselves.

Given the inherent ease of opening multiple accounts in India, Sebi has resorted to using fingerprints to ensure the uniqueness of each account. This is a milestone for India.

Experience has shown that it is possible to obtain multiple passports, multiple drivers' licences and multiple PAN numbers. It is a struggle to have one unique EPFO account number. But it is not possible for one person to obtain multiple MAPIN numbers.

These strengths of MAPIN do not deny the very real concerns about privacy of data. If a private investigator could tap Amar Singh's Reliance telephone on the basis of a forged authorisation letter, what is to ensure privacy of the information with MAPIN? Can computer-scanned thumbprints, obtained from MAPIN, be used to frame a person at a crime scene?

The Amar Singh case involved attack by a private individual. More often, in India, the worst perpetrators in terms of violation of privacy are employees of the government. Are all MAPIN data available to the income tax department? Can the police query one's record? Can the police run a search on the full database?

Advocates of civil liberties view MAPIN with great concern, given India's traditional weaknesses on the core principles of a liberal society.

So far, the experience with protecting the privacy of demat account data has been satisfactory. However, with the increasing complexity of information systems, such as the Tax Information Network, the MAPIN database, and the Central Record Keeping Agency of the New Pension System, these concerns about privacy need to be taken very seriously. Hence, what is needed is a white paper on the privacy of these information systems, which answers all the above questions.
BS Bureau
Source:
SHARE THIS STORYCOMMENT