Advertisement
Wednesday, Oct 20, 2021
Outlook.com
Outlook.com

The State Of Data Privacy In India

While The Personal Data Protection Bill is being scrutinised in the Joint Parliamentary Committee for over a year and a half now, major data breaches and cybersecurity incidents have taken place in India.

The State Of Data Privacy In India
Courts of the foreign land are setting precedents fining tech giants over data misuse. | Representational Image
The State Of Data Privacy In India
outlookindia.com
2021-08-08T21:03:56+05:30

Major Data Breaches have occurred in India while the Personal Data Protection Bill (PDPB) has been hanging in the Parliamentary ad-hoc committee for over a year and a half now.

The Personal Data Protection Bill is a bill that puts India on the map of countries with dedicated data protection laws. It seeks to provide for the protection of personal data of individuals, and establishes a Data Protection Authority for the same. The Bill was introduced in Lok Sabha on December 11, 2019 and was referred to the Joint committee of the Parliament. The committee was to present it to the parliament after reviewing it and suggesting changes but it has been seeking extensions right from the budget session of 2020 to the current one till the Winter Session of the Parliament, 2021.

While this bill is being scrutinised in the Joint Parliamentary Committee for over a year and a half now, major data breaches and cybersecurity incidents have taken place in India.

IRCTC’s data leak in October 2020 contained Full Names of about a million users along with their mobile numbers, e-mail IDs, dates of birth, marital statuses and cities of residence. This data was available for free on dark net. While IRCTC denied the data leak at that time, there’s no deniability in the fact that this was not the first time that a cybersecurity incident was happening at IRCTC and the leaked data’s authenticity was substantiated by various cybersecurity experts.

Air India’s passenger system service provider SITA’s data was leaked recently where personal data of 45 Lakh passengers with data pointers as grave as passport information and credit card details were also leaked. SITA is based out of Geneva in Switzerland which all the more raises concerns for data localization that the PDP Bill raises.

Around the same time as IRCTC’s last year, Dr. Lal Path Labs also suffered a data leak. According to a media report, the personal data of millions of users was stored on their AWS server, not protected by a password. The company clarified that it was a misconfiguration issue and only involved 0.5% of its records. Incidents like these did not bother the companies at a kinetic, let alone legal, level back then but some major cybersecurity attacks like the one on Dr. Reddy’s servers forced it to shut down its operations worldwide, for a day. Both of these incidents occurred during the pandemic. Dr. Reddy’s was, in fact, in the middle of its vaccine trials.

These malicious attacks also swayed the corporates  with the harshest impacts. In March 2021, a major data leak of 8.2 Terabytes happened at MobiKwick. KYC documents of around 10 Crore people were available for sale on the dark web. While the company denied the data leak, the photos of people’s passports, aadhar cards, etc. along sensitive personal data pointers were floating around on the dark web, ready to go in the hands of the highest bidder.

India witnessed one of the biggest and most dangerous data leaks in its history when, in May 2021, personal data of Domino’s India was leaked. Unlike other leaks, this data was available on the surface web and was presented in a user-friendly search engine format.

Users could search for mobile numbers/email IDs of their targets and get their order addresses with geo coordinates. While the company denied the leak of any financial data, this information was enough for anyone to misuse. “I started getting calls from people complaining that they have started receiving spam messages and random calls all of a sudden, after the Domino’s data leak,” said Nitin Pandey, a cyber consultant with the UP Police and a dark web researcher. He further added, “Data Leaks like these have far reaching implications when this data gets in the hands of malicious entities. From petty spammers to hitmen to terrorist organizations, anyone can misuse this data, especially the big data which gives them exposure to large cross sections of our population.”

The Personal Data Protection Bill had provisions for classifying sensitive data and imposing data protection standards for organizations collecting it but it also had its own shortcomings. While there is no record of the JPC’s meeting after 29th December, 2020, Meenakshi Lekhi, the committee’s former chairperson, told the media in January that the committee recommended 89 changes in the initial draft and presentation in parliament would take some time. Committee’s new head, PP Chaudhary has sought further extension till the first week of the winter session.

Meanwhile, courts of the foreign land are setting precedents while fining tech giants over data misuse. Found in the violation of EU’s General Data Protection Regulation, Amazon was recently fined for $850.6 million. Zoom, on the other hand just settled a lawsuit for $85 million in the land of stringent Data Protection laws, the USA. Data security is more than what meets the eye. While some events go unnoticed, some are outrightly denied and some are severe enough to shed light on the need of robust data protection practices.

Advertisement

Outlook Newsletters

Advertisement
Advertisement
Advertisement

Read More from Outlook

LIVE: Uttarakhand Rescue Operations | 11 Trekkers Go Missing

LIVE: Uttarakhand Rescue Operations | 11 Trekkers Go Missing

The National Disaster Response Force (NDRF) has rescued over 1,300 people from flood-affected areas of Uttarakhand so far.

Poonch: Locals Asked To Remain Inside As Army Plans Large Scale Operation To Hunt Down Militants

Poonch: Locals Asked To Remain Inside As Army Plans Large Scale Operation To Hunt Down Militants

Indian Army's operation comes as a retaliation to the October 11 killing of an army officer and four soldiers during an encounter in Poonch sector.

PAK Vs SA, T20 WC, Warm-Up Live: Pakistan Lose Azam, Rizwan Early

PAK Vs SA, T20 WC, Warm-Up Live: Pakistan Lose Azam, Rizwan Early

Follow live cricket scores and updates of Pakistan vs South Africa in Abu Dhabi. Both teams are in the T20 World Cup 2021 Super-12 stage.

Lakhimpuri Kheri: Supreme Court Asks UP Govt To Speed Up Investigation

Lakhimpuri Kheri: Supreme Court Asks UP Govt To Speed Up Investigation

The Supreme Court asked the Uttar Pradesh govt to record statements of remaining witnesses in the Lakhimpur Kheri case.

Advertisement