Data means raw facts and figures, a small word for big concept. Data encompasses of every single bit of information, which could pertain to just about anything including information on you, such as where you live, what you do, where do you keep your money, your likes, dislikes almost everything is data. Data is both a boon and bane depending on who controls it, after all knowledge is power. Even big Companies and businesses generate a lot of data with regards to their financials, products, clients etc. Hence in the light of the importance attached to data, it is pertinent that it is protected.
Nowadays data is mostly stored electronically on data drives and other data storage devices. Data in the wrong hands could be disastrous and leave a person or business vulnerable. A lot of this data is generated through a network of computers, leaving data vulnerable to cyber-attacks or misuse, further wrong use of data is also an eminent threat for the person furnishing it.
Why does data protection matter?
With a populace of over a billion, there are around 500 million dynamic web clients and India's online market is second just to China.
Collecting the information of individuals along with their behavior has become a profitable business plan. However, it is also a matter of grave concern as it can lead to revelation of private information of an individual. Organizations, governments, and political parties use this information to advertise the information to your, based on your interests and likes.
Also, until now, there are no laws on the use of individual data and thwarting its maltreatment, despite the fact that the Supreme Court kept up the privilege to protection as a central right back legitimately in 2017.
Data Protection law India
To prevent the misuse of data and to protect data from leaking, the governments throughout the world have enacted data protection legislations. In India there is no specific legislation dealing with data protection yet, however currently data is protected and governed under the Information Technology Act of 2000 (the Act) and its allied rules.
Under the Act, data means the representation of information, knowledge, facts, concepts or instructions which are prepared or have been prepared in a formalized manner, and are intended to be processed or have been processed in a computer system or computer network. Chapter V of the Act deals with data protection, particularly section 16 which necessitates the requirement of following security procedures and practices for the protection of electronic records (which includes data) especially by intermediaries (persons collecting, using or storing the data and or providing services using the data). Pursuant to section 16 of the Act the ministry of electronics and information, issued the following rules for the protection of data:
- Information Technology Rules, 2011:
Reasonable security practices and procedures and sensitive personal data or information
- Information Technology Rules, 2009:
Procedures and Safeguards for Interception, Monitoring or Decryption of Information: These rules allow the government to appoint certain agencies to monitor, intercept and decrypt data that is dealt with on internet, thereby allowing the government to prevent any cyber-crimes.
Procedure and Safeguards for Blocking for Access of Information by Public: These rules allow the government to appoint certain officers who may issue directions to intermediaries to block access to information that is available to the public as in the case of banning of websites or certain content on it.
Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information: These rules allows the government to appoint agencies which can monitor traffic data (that is any data to identify any person, computer system or network or location including communications origin, destination, route, time, data, size, duration or type of underlying service) for the purpose of preventing cyber-attacks, identifying viruses investigation of security practices of intermediaries.
DATA protection bill
Keeping in mind the need for a specific legislation for data protection, pursuant to a direction to the Government by the Supreme Court in the famous aadhar judgment, the government set up a committee of experts under the chairmanship of Retd. Justice B.N. Saikrishna, which drafted the Personal Data Protection Bill, 2018 (the bill).
The bill categorizes data into three heading:
All the data which is related to financial data, passwords, health data, official identifier, sexual orientation, religious or caste data, biometric data and genetic data is sensitive data. It can only be processed outside India with the explicit consent of the user.
Critical data, once in a while will be characterized by the government and can only be stored and must handled in India.
Data that is not sensitive nor critical is general data and has no limitation to where it can be stored or managed.
The highlights of the bill are:
- In terms of applicability following the practice similar to the GDPR the bill has extended the applicability of the Act to platform, websites, online services, networks located outside India but providing services or operating in India.
- The bill lays down the obligations of data fiduciary in regards to the dealing and handling of data provided by a user, especially with the collection of data, and seeking confirmation and consent of the user.
- The bill lays down the rights of persons furnishing data to any data fiduciary, including rights to modify wrong data and the right to have the data forgotten.
- The bill provides for a copy of data being collected by data fiduciaries located outside to be made available at data servers or centers located in India.
- The bill also provides for the establishment of data protection regulator, the Data Protection Authority.
The government pursuant to its initiative of e-governance under its digital India programme has been actively taking steps towards improving the regulatory aspect of e-governance in India, realizing the importance of data protection it has taken steps to protect and safeguard data, one of the first steps being the data protection bill, the bill certainly is a welcome change as data protection is no longer a plethora of law scattered around, but streamlined and made articulate.
Article 19(1)(a) of the Constitution of India grants every citizen the right to express himself, this includes through a network on a computer, and such a right must be protected in every way possible. Such expressions need to be in the control of the citizen making it, the new data protection bill aims to do away with the autonomy networks, websites, applications etc. work in and provide a say to the provider of data.
As the COVID-19 lockdown is expected to continue in India, the digital payments sector is seeing a growth, as more people are currently buying online. During the first two weeks of the lockdown, digital payments constituted a whopping 72.5% of the total 2.2 billion transactions in India. This will increase instances of data piracy as scammers will find new ways to con people
According to ZoomInZ0D, a Mumbai-based "ethical hacker," the scammers can mine information from various sources.
"The real name of the user can be identified from email IDs. A legitimate-looking fake WhatsApp message asking for phone numbers, email IDs or even addresses can do the trick. Information can also be mined from Google forms," warned ZoomINZ0D.