In India, the Joint parliamentary committee is examining the PDP bill. The sectoral regulators monitor data protection in payment systems, healthcare, telecoms, and e-pharmacies. The Information technology act, 2000, SEBI data sharing policy, 2019, and RBI guidelines on cyber security framework for banks and information security, 2016 are the compliances that support data protection in India. These laws analyse data, smooth functioning, and technical and financial perspectives. Indian Government has withdrawn the personal data protection bill, 2019. The sensitive data collected as biometric information, medical history records, mental health records, financial records, passwords, and any other information falls under sensitive data. The authorities dealing with personal data need to follow the principles said by the regulations.
Data breaches create problems for businesses that go online. The joint committee of parliament proposed amendments to data protection. The Netherlands cybersecurity firm Surf shark VPN says India stands as the second country for data breaches in the half of 2022. IBM also concludes that the data breaches in India are at an all-time high with several $4.35 million. The cost of a data breach grew in the years 2020 and 2022. There is an average increase of $2.32 million from 2.21 million. Government officials said in parliament that Indian banks undergo data breaches from 2018 to 2022. Private and public sector banks report shows that approximately 6,861 crores were lost because of fraudulent activities. In 2018, the maximum loss of data was from the Aadhaar database run by the government. The world economic forum global risk report says that the largest breach in that year was from India. Indian businesses must be protected through the data protection bill.
Compliances that support data protection:
In the first half of 2022, India stands in second place in the data breach. Russia is the number one country for data breaches. The central information technology minister said that the digital ecosystem consists of 12 recommendations and eighty-one amendments. The data protection laws around the globe are not perfect. The challenges that other countries face are independence, accountability, exemptions, localization of data by companies, and the need to regulate personal and non-personal data. Data protection ends as against liberty. It should preserve fundamental rights and privacy as well. SEBI and RBI have a set of rules for data protection.
How the SEBI data sharing policy aids data protection?
The data from SEBI has been used for the analytics project and research process. The policy of SEBI regarding data sharing is as follows:
• The researcher or analyst needs to fill out the data-seeking request form.
• The recipient institute must approve the data collection with an authoritative signature.
• A copy of the data-seeking request form is sent online and posted to the data analytics controller.
• The data analytics controller and the recipient of the institute approve undertaking the analysis.
• The data sharing is through the approved media and devices.
• After completing the project, the data seeker sends the details to the data analytics controller.
• During the project, the data analytics controller may visit the data seeker’s place and check confidentiality.
• If the data seeker wants to extend the period of data, he needs to place the request twenty days before the data analytics controller.
• The data analytics controller may accept or reject the request.
RBI guidelines for banks and information security:
• RBI implement the following guidelines for cyber security.
• Adopt a cybersecurity framework that is functional and adaptive.
• Continuous surveillance of cyber security.
• Conduct cyber security testing.
• Check the system network and database for security.
• The bank is responsible for the customer’s information.
• Promote cyber crisis plan with CERT guidance and review.
• Define the indicators to understand the cybersecurity process.
• Report the cybersecurity incident to RBI.
• Monitor the organisational structure for cyber security.
• Create awareness about the cyber security concerns among the employees and management team.
Six principles of GDPR:
Lawfulness, limitations, minimization of data, data accuracy, data storage, and confidentiality are the six principles of GDPR. The application of these principles enhances cyber security.
• The usage of data should be for commercial purposes only.
• Data is about quality and quantity. The quantity of data is controlled with data minimization rules.
• Data accuracy is important to predict customer behaviour. The users can claim if there is inaccuracy with the data.
• Data storage and its security is also given importance.
• The encrypted data is confidential. It should be maintained with integrity.
Principles of other countries:
Comparison with Russia and USA. Five principles of other countries regarding data protection intrigue the readers with simple terms. The privacy principles followed generally in other countries are as follows:
• Informing the readers, users and visitors about personal data protection.
• Getting consent from the users about the usage of personal data. The collection, storage and management are as per the choice of the user.
• The assurance from the business owner that the data is used by the right people with high-end security is an important one.
• There must be no unauthorised access to personal data.
• The service and solutions are in line with the compliances mentioned by the government.
In 2022, India is after Russia in data breaches. So, there is a necessity for data protection in India. The legal system and regulators need to monitor data breaches. Professionals with high qualifications like chartered accountancy and cost accountancy need to analyse the data protection laws and make amendments that improve productivity and security.