Over the last few weeks public sector oil refiners have engaged in large scale collection of personal data of employees at petrol pumps. Ostensibly, the personal data is being collected for a skill development programme. The reason this exercise by state controlled companies has led to anxiety is that it is difficult to understand how details of a retail pump employee's caste, religion, Aadhaar and bank account can help in enhancing skills. Consequently, it has led to speculation about the true motive behind the data gathering exercise. Purpose limitation is one of the bedrock principles of a data protection architecture. This is a principle which has been strongly recommended by the experts government has consulted in its attempt to have a frame of reference when it writes a data protection law. Currently, in the absence of a law, different arms of the government are engaged in data collection which clearly violates the purpose limitation principle. This approach has also taken root in states with Andhra Pradesh and Telangana, in particular, engaged in massive data collection. Other than this being a violation of privacy, there is a clear cyber security threat. Personal data is being collected by different agencies which often have low security standards. Ongoing data collection exercises may actually end up making a privacy law irrelevant as sensitive data is already floating around. Privacy and the purpose limitation principle must not be junked by government agencies. UK government has confirmed that economic fugitive Nirav Modi is present there, increasing the possibility that he can be extradited to face trial in India. He is at the heart of an Rs 14,356 crore fraud in Punjab National Bank, which exposed flaws in one of the largest public sector banks. Separately, Rajnish Kumar, head of State Bank of India, made some thought