This Data Privacy Day, we are pledging for a #SafeDigitalIndia by 2022

28th January is an important day for anyone who considers privacy a basic tenet of human rights. On 28th January 1981, the world’s first data privacy policy was signed. The convention for the protection of individuals with regard to automatic processing of personal data, also known as Convention 108, is a treaty signed by the Council of Europe to protect the right to privacy of data provided by individuals to organizations for automatic processing. To commemorate this historic day, International Data Privacy Day is celebrated annually on 28th January.

Necessary Awareness

Data breaches have become common news these past few years. Some of the recent breaches that affected millions of users across India include SBI, Facebook, JustDial (2019), Aadhar, Quora, Marriott (2018), and Zomato (2017). Millions of people are unaware of how their personal information is being collected, used or shared online. Data Privacy Day aims to inform individuals and companies about their rights over their data and empower them to take action to protect it.

Global Data Privacy Policies

As technology has changed and evolved, the importance of data privacy is also evolved. Data is processed differently, and hence, needs a different approach when it comes to its protection against misuse. As individuals too have become more aware and concerned about how their data is used, landmark policies such as General Data Protection Regulation (GDPR) and the California Consumer Privacy Act are further improving providing data privacy and protection safeguards.

India too has caught up with global standards of data protection and is taking the privacy of user data very seriously. The Ministry of Electronics and Information Technology (MeitY), constituted a committee to prepare robust and comprehensive Data Protection Laws applicable to India in July 2017. This committee submitted a draft in July 2018 known as the Personal Data Protection (PDP) Bill 2018. Section 96 of the Bill specifies that the provisions of the bill will prevail over any inconsistent laws and focuses especially on consent, data retention, Sectoral Regulator for fair code of practices, erasure of irrelevant personal data, processing of sensitive personal data social media intermediaries and localization and cross border data transfers.

Responsibilities of Companies

Collecting data is a great way to get to know your users and make future interactions/transactions easy. Companies are bound by law to protect user data, but also have to understand their moral standing to make sure user data is well protected.

Similarly, for companies that deal with other companies, taking the right steps to protect data becomes extremely necessary. SaaS companies that regularly transact in enterprise solutions have to wire large amounts of funds online. This makes it extremely important to take the right steps to safeguard data related to accounts and transactions.

Some steps companies can take to protect data are:

  1. Up to Date Security Softwares
  2. Encryption and Data Backup
  3. Regular Risk Assessments
  4. Staff Training and Awareness
  5. Surety of Vendors and Partners maintaining high Data Protection Standards
  6. Third-Party Security Evaluations

Future of Data Privacy

Data privacy laws and policies will have to keep evolving to encompass a plethora of modern technologies. As more data is processed using artificial intelligence (AI) and machine learning (ML), lawmakers will have to alter their understanding of data privacy and protection.

Most data privacy guidelines pertain to personal data of a user such as name, location, financial information, etc. But non-personal data has faced a more ambiguous debate when it comes to ownership. Non-personal data points such as travelling patterns collected by map apps, lifestyle collected by social media networks, location data collected by weather apps, etc. are also being increasingly processed by AI. In some cases, this data could well be traced back to identify an individual. Thus, laws pertaining to the protection of data privacy will have to be a lot more complex and layered.

Protecting Your Data

While laws and policies are there to protect your data, individuals too need to follow certain steps to make sure, they’re not giving it all away and compromising on their data.

  • Use strong passwords for sensitive accounts.
  • Disable lock-screen notifications on your phone and keep an eye out for device attacks.
  • App permissions can be customized, especially if you use an Android phone. Make use of this setting and give phone, camera, location permissions only to apps you can trust.
  • Always read the privacy policies on websites before clicking on Submit or I Agree.
  • Using a VPM while browsing can be very beneficial, especially if you’re connected to a public network.
  • Be careful when connecting to open networks or unknown devices via Bluetooth. Your device and all the data on it can become vulnerable in such cases.

In the end, data privacy is a shared and collective responsibility. Respecting privacy is a balancing act between the companies collecting data and the users providing it. While companies need to show meaningful transparency and legal compliance for the data they store and use, users also need to be proactive when it comes to their personal data – what they share, where they share, who they share it with, etc. are questions that need to be asked before submitting data to companies. Users also need to hold back on what they share online and all of it is classified as public information.

Anti-virus software and passwords are no longer the only guards against data theft. The digital world has evolved beyond that. As legal policies and user understanding also evolve with it, we shall see a more safe and sound future for online data.

Let us pledge commitment to make a #safedigitalindia by the year 2022.

HAPPY DATA PRIVACY DAY from Team Telemerge!

Author

Kalyani Deshpande

CISA Certified and PRINCE2 Practitioner,
Cybersecurity Expert, Pune