What is Data Privacy?
To understand this let us compare the houses of 1980’s to those of today and make a list of those which are missing in the later ones. You shouldn’t be surprised that most of the physical things are replaced by one single smartphone, and these physical things includes alarm clock, letters, important documents, cd’s-dvd’s etc. These were the things which were needed back then but now they are satisfying our needs as digital stuff. This clearly shows that digital has dematerialised our world but on the other side it has also dematerialised people. We live in a digital reality presently. We have become nothing but a collection of individual pieces of data; we call it Personally Identifiable Information or PII.
People have always been concerned about their personal privacy but now as we have been dematerialised, personal privacy has taken a new shape. Each person’s right to privacy is more easily overthrown, because we are not moving physical material around in the space, but manipulating bits and bytes that composes a person.
Consent and consciousness.
For the personal data, one school of thought says “just stay offline”, while other thinking says “data may be used(or misused), it’s no big deal”. But some of us may contend “That’s my data & that’s who I am”.
First of all “just stay offline” isn’t reasonable for a 21st century person. The digital world is where things are happening now-a-days, that is why it is called the Digital Transformation. Business, Government Schools, researches and even in the time of pandemic, friend to friend interactions are happening on the digital platforms.
For those saying ‘ no big deal ‘ their thoughts will be totally different when they will be getting harassed or stalked by someone in the physical world. Even if they don’t care about the use of their data but other people do and not only they care but also they want assurances that their privacy is secure.
Data privacy in India
We can clearly see that why data privacy is all the rage presently. It’s not just about social media data scrapping to create ‘fake news’. We see many institutions like hospitals, universities, school and even the governments all fail to safeguard data privacy of individuals and themselves as well.
Data privacy goes through the heart of what we value as a society which demand that we do our best to protect that digital person in our care.
Decoding ‘The Indian Data Protection Bill 2019’
What it means for consumers?
-: Data can be processed or shared by any entity only after consent.
-: Safeguards including penalties, introduced to prevent misuse of personal data.
-: All data to be categorised under 3 heads i.e. general, sensitive and critical.
The government and regulatory role
-: Government will have the power to obtain any user’s non – personal data from companies.
-: The bill mandates that all financial and critical data has to be stored in India ( Data Localisation)
-: Sensitive data has to stored in India but can be processed outside with consent.
What companies have to do?
-: Social media firms to formulate a voluntary verification process for users.
-: Sharing data without consent will entail a fine of INR. 15 cr. or 4% of global turnover.
-: Data breach or in action will entail a fine of INR. 5 cr. or 2% of global turnover.
Controversy over the Bill.
- Data Localisation raises the questions on the bill i.e. 1. Is this localised data going to be used to put surveillance of us ? 2. Isn’t it going to put a threat over innovations made in ‘Artificial Intelligence’ or ‘Block-chain Technology’?
- Government may process our data out side the consent.
Owner is responsible for it’s belongings
In 2018, 33% of successful attacks targeted personal information and while at the same time cyber criminals were doing their part, data privacy regulations were popping up all over the world. We are trying to win a battle on two fronts.
-: Defeat the attackers, and
-: Stay audit-ready to satisfy regulatory needs.
Doing these at once is not at all easy. Here are few tips which can the digital you safer.
- Change the definition of IT assets as a machine only ( physical or ritual) rather consider it a scanner which knows everything.
- Now, as we will be more aware, it will be easier to identify where the sensitive data is hiding.
- Once the location of the sensitive data can be found it’s easier to analyze that data. Rationalize the follow-up actions needed.
- This brings us to the final step. Here it will be finalized that we are audit ready. We are needed to reach the device with the commands of very controlled and tuned nature to restore privacy protection every time. When automatically generating controls, apps and agents are disabled we will be less vulnerable to cyber criminals.
Protecting data privacy is a moral concern because it has the potential to cause harm to real-life of people. This is something in which we are the only one who can do everything.
Sources- The Hindu, Live mint, YouTube, Internet.
-Saket Pathak