Chandigarh, Oct. 30 -- Coming down heavily on Haryana Shehri Vikas Pradhikaran (HSVP) for not implementing its data protection policy, the Haryana Right to Service Commission has expressed concern over HSVP officials purportedly assuming broad powers to amend or edit plot identity (ID) details while avoiding any corresponding responsibility. In an interim order of October 27, chief commissioner TC Gupta has asked the HSVP chief administrator to ensure maintenance of activity logs and full implementation of the Data Protection Policy in letter and spirit. "The chief administrator is requested to provide an action taken report to the commission by November 21, 2025,'' the order said. A data protection policy is a set of procedures for protecting personal and sensitive information with an aim to ensure that data is handled securely, confidentially, and in compliance with law. The commission which was hearing a complaint by a Faridabad resident, Indu Prabha Sharma regarding issuance of possession certificate for a HSVP plot by treating the period of unauthorised deactivation of the plot as a zero period noted that what began as an accountability exercise has revealed significant lapses on the part of HSVP, ultimately causing hardship to the allottees. "HSVP generally prides itself on being a tech-driven organisation managing plot files of lakhs of allottees. Therefore, it should be assumed that it takes the utmost care to ensure the safety of plot data. What is particularly concerning, as also noted in the NIC report, is that HSVP has not been maintaining activity logs and could furnish only the server IP address when asked to identify the officials or systems responsible for the deactivation of a plot ID in the said case. It was subsequently learnt that no such logs were being maintained, effectively avoiding accountability. Maintenance of activity logs is a fundamental requirement for any tech-driven organisation. No historical edited data is retained in the database, with only the latest version displayed as output,'' Gupta said in his order. The chief commissioner further said it was also learnt that the system has triggers for plot ID deactivation, such as when an allottee has not fulfilled financial obligations. It was also learnt that a simple search on the web portal could automatically deactivate the plot ID in some cases. However, in this case, the complainant's sixth instalment was due on August 26, 2022 but the plot ID was deactivated much earlier on October 22, 2021. This indicated that manual intervention was both intentional and deliberate, the order said. It further said that this was not the first time that such an issue has come before the Commission. During a sensitisation meeting conducted by the commission at HSVP HQ in Panchkula on October 24, 2024, one HSVP official himself acknowledged that his plot ID had been deactivated and that he was made to run from pillar to post to get it resolved. Interestingly, the same plot ID was activated by the time the meeting ended. "Furthermore, similar data tampering in the plot and property management was highlighted before the high court in Dharam Singh Yadav vs State of Haryana (CRMM number M-26292 of 2013) in its orders of Nov 29, 2018. The commission also received another complaint through email of October 15, 2025, requesting that the period during which his plot ID was deactivated be treated as zero period. The complainant was advised to approach the Commission after following the due process. These instances illustrate that such cases have been recurring for a long time, bringing disrepute to the organisation and the state government," the order said. In his September 12, 2025 reply, HSVPs chief information and technology officer stated that logs are captured only for sensitive data. "However, this approach is found to be unsatisfactory, as such a bifurcation of data in the context of plot files is redundant. All information contained in a plot file should be treated as sensitive. HSVP cannot arbitrarily draw distinctions and take shelter behind this justification. Although not explicitly defined in the reply, generally, financial transactions and records are considered sensitive data. Does this imply that the name of an allottee is not sensitive enough to warrant protection against unauthorised alterations?" the chief commissioner asked....