- Increased emphasis on digitalisation cannot be curbed as the focus is on the same in line with the technology-driven modern-day development witnessed around the world. The internet and the allied services associated with the medium have leapfrogged multi-folds in every walks of life. The penetration of the internet in our daily lives is so profound and complete that nothing goes unnoticed without the medium making its presence felt in more than one way. Indeed, the world community witnessed mindboggling changes over the last two years when the pandemic compelled citizens across the globe to stay put in their homes.
PC:
- The moot point to ponder over here is whether the digital medium is suitably protected from inimical elements. The answer is no. People closely following the happenings would have noticed how the digital medium poses security challenges vis-à-vis data protection. Apart from gullible citizens being fleeced of their hard-earned monies courtesy of increasing cybercrimes, the last two months of this year especially brought India’s cyber vulnerabilities into sharp relief as well. In November, securities depository CDSL said it had detected malware in some machines and disconnected itself from the capital market.
- Later, AIIMS, New Delhi, found its services compromised. The Union Government told Parliament that five servers were affected due to improper network segmentation. These two incidents are examples of a larger challenge confronting India. Further, CERT-In’s India Ransomware Report for the first half of 2022 said that there’s been a 51% year-on-year increase in ransomware incidents. A majority of attacks are on datacentres. Mind you, data has a unique quality, it’s non-rivalrous. Simply put, it can be used simultaneously by different people and not necessarily with the consent of the data owner. It’s this quality that makes even temporary data loss deeply problematic.
PC: Security Magazine
- As India moves apace to a digital operating system for social and economic activities, loss of data or even temporary access to it has emerged as a public security challenges. This problem is global in nature. Note that last year Ireland was forced to shut down its public healthcare service for a while following a ransomware attack. Coping with this challenge starts with everyone following basic steps to safeguard their data. Data suggests that the most serious problems come from organised cyber-attacks on large data repositories and critical public infrastructure. Ringfencing data repositories from cyber-attacks is paramount.
- Thus, India’s forthcoming personal data protection bill needs to emphasise on two aspects. Purpose limitation in collecting data by all regulated entities needs to be strictly enforced. Highly sensitive data such as biometrics are collected by different government organisations that may not all have high standards of cybersecurity. Thus, the collection of biometrics needs to be limited. The other essential principle is narrowing down the discretion enjoyed by a regulator in choosing when to let potential victims know about data breaches. Given the data’s non-rivalrous quality, offering a regulator too much leeway protects a regulated entity at the expense of potential victims. Hopefully, these two aspects will be incorporated in the data protection bill.
