Why India urgently needs a cybersecurity law
When digital guru Fredrik Bergstrom described data as the new gold, he probably indicated that future years will witness more data heists than bank robberies. Cyber pirates, unscrupulous analytics and dodgy marketers in the last few years have stolen data unlawfully for their benefit. Sample the three biggest data thefts in last three years to understand the import of your personal information falling into wrong hands:
Debit Card Breach, 2016: About 3.2 million users lost their debit card PINs as well personal banking details due to ineffective implementation of payment security standards. The breach took place across ATM networks of a number of popular banks.
Food Tech Database, 2017: This scam jolted the Indian market when personal details of over 17 million users were found at risk. The privacy of the registered users was invaded by the hacker named "nclay". All the important details such as email addresses and passwords were stolen obscurely. Another 120 million users reportedly suffered an invasion of personal data.
Cambridge Analytica, 2018: Political marketing firm Cambridge Analytica (CA) suspiciously gained access to the data of the world’s biggest social media network, Facebook. The heat of the international scam cast its shadacrossoss national boundaries leading to political mud-slinging between various parties. According to Facebook, millions of users’ personal information was accessed illegally, including about 5.6 lakh Indians.
While the latest data theft has now turned into a political slugfest between warring parties across the Indian political landscape, the need for a strong data security regulatory mechanism for Indian users has been ignored, rather conveniently.
The government of the day probably believes that their responsibility is limited to sternly demanding clarifications from CA about possible misuse of data harvested from Facebook in influencing voting preferences.
The magnitude of this vulnerability lies in the fact that the number of Indians experiencing cyber-attacks have increased to 84 per cent in 2017 as compared with 73 per cent in 2016, an alarming 11 per cent jump. India has been ranked fourth in online security breach by Semantic Study. The published reports and the recent data leak scandals at the national as well as at the global front point towards the immediate need of a credible data security framework.
With the continuing exponential increase in the number of smartphone users, data sharing through mobile apps will maintain its rapid rise. Whereas this transformation has indeed made life easier, we are however supremely vulnerable to data and privacy breach. Consistent data sharing and use of apps have led to several cybersecurity scams. Many applications including WhatsApp, Facebook and TrueCaller entered the Indian market, consuming as much as 70 per cent of the total mobile usage by 2017.
Regulatory bodies have routinely stressed the need for a framework to protect information of the app users, server location and third-party services including the Prime Minister’s personal app NaMo and With INC app.
Cybersecurity Law
Although various companies and government agencies are working to create tools that will help protect user data, a proper balance between privacy and digitisation remains the main concern. While security firewalls must not affect the ease of operating an app, care must be taken that safety of the data is not compromised either.
Shorn of the heavy legalese and through a layman’s eyes, an effective data protection law should ensure that the information is:
1.) Used fairly and lawfully.
2.) Used for limited and specifically stated purpose.
3.) Stored for no longer than is absolutely necessary.
4.) Handled according to people’s data protection rights.
5.) Kept safe and secure.
6.) Not transferred outside the country without adequate protection.
7.) Unequivocal and stringent penal consequences in case of a data breach.
In a country like India, a data security legal framework is urgently required to be put in place, wherein privacy concerns must be adequately addressed. However, such a mechanism must not hamper the innovation and digitisation process, which are key to the country’s growth. Only a comprehensive and balanced data privacy law can curb the mushrooming scandals and protect the country’s digital infrastructure.
(The author of the piece is founder and MD of mymoneymantra.com)