Data Protection In Digital India

India is on the way of digital transformation and this journey has accelerated after initiation of the Digital India Mission. Digitalization encourages us to re-think everything, including how we function and deliver value to our customers. It not only impact individuals but also industries and businesses of all sizes.

Digital transformation has created huge number of digital data with sensitive information like Personally Identifiable Information (PII), financial information such as credit and debit cards data, medical health information, Aadhaar and Voter Card details, et al and industry sensitive information such as Intellectual Property (IP).  The data protection is a critical challenge for organizations today, as meaningful information from this data may lead to a big compromise/ breach as evident from recent data security threats.

The data digitization comes with two major challenges, i.e. – data protection and data privacy. Data protection ensures access of data to authorized person and privacy specifies level of access to the data. As per industry sources, at least 7.9 billion records, including credit card numbers, home addresses, phone numbers and other highly sensitive information, have been exposed through data breaches in 2019.

Increasing number of cybercrimes and security breaches has resulted in the rise to data mining, data reselling, and use of data for other purposes. Data breaches are causing reputational, financial and legal damages to companies that mishandle sensitive data. Therefore, in today’s world, data security is a vital factor and a major challenge for every organization.

As per multiple RBI Reports, Indian banking system detected Rupees 71500 crore worth of frauds in financial year 2018-19 which is bigger than the amount of recapitalization package of the Government for public-sector banks.

The Personal Data Protection Bill, 2019 designed and developed by Indian Government (PDP Bill) is a landmark Protection Bill and a milestone for the digital age. It has introduced new rights to individuals. These include the right to:

(i) Get validation from the fiduciary on whether individuals personal data has been processed and shared,

(ii) seek correction of inaccurate, incomplete, or out-of-date personal data,

(iii) have personal data transferred to any other data fiduciary in certain circumstances, and

(iv) Restrict continuing disclosure of their personal data by a fiduciary, if it is no longer necessary or consent is withdrawn.

The Bill allows processing of data by fiduciaries only if consent is provided by the individual. However, in certain circumstances, personal data can be processed without consent.  These include: (i) if required by the State for providing benefits to the individual, (ii) legal proceedings, (iii) to respond to a medical emergency (iv) national security.

Apart from this, Payment Card Industry Data Security Standards (PCI DSS) is a specific standard which applies to all organizations worldwide that accept, transmit or store any Payment Card (Credit or Debit card) data, regardless of size or number of transactions. Although, it is not a legal requirement, yet merchants all over the world need to comply with it in order to be allowed by banks and Card Brands to accept card payments, whether over the phone, at the terminal (ATM/POS) or through online interfaces.

Considering the importance of Data Protection and Privacy, Government of India has drafted data protection bill. As a responsible corporate entity, every organization should work towards implementing transparent and secure mechanisms to ensure Data protection. With the right security controls and proper auditing, companies can achieve the freedom and flexibility they need to succeed in a digital economy with confidence.

The successful implementation of Data Protection Bill by Government of India is possible with robust awareness program both at masses and industry levels. Organizations must include Cybersecurity awareness program as a part of their Corporate Policy.―Business World