Two recent reports of alleged data breaches in firms that may have led to theft of consumer data highlight the loopholes in India’s legal safeguards. Last month, mobile wallet firm Mobikwik had to deal with charges that consumer data had been stolen after a breach. The firm denied this but was ordered by RBI to conduct a forensic audit. Now, pizza brand Domino’s faces the same allegation which it’s denied. Such reports are not uncommon.
Government records show that cybercrimes are on the rise. In 2019, registered cases more than doubled to 44,546 over a two-year period. On data breaches, Indian Computer Emergency Response Team (CERT-In) says they increased from five in 2018 to 36 last year. Two factors make redressal both urgent and challenging. Digitalisation is shifting more economic transactions online. It opens up an entirely new dimension in terms of security as cybercrime is not constrained by borders. Legal safeguards in this space need to be mindful that the Supreme Court has upheld the right to privacy as fundamental. The existing umbrella legislation was introduced over two decades ago and needs to be replaced with a personal data protection law.
Government introduced a data protection bill in Parliament in 2019. Presently, it’s being scrutinised by a parliamentary committee. The bill has a drawback in relation to protecting consumer privacy in case of a data breach. A firm that has been breached will inform the regulator who will then decide if the owners of the data need to be informed. This aspect relegates the victim in the overall scheme of things. This approach needs to change. Personal data is sacrosanct. That should be the central pillar of a legal safeguard. With or without a law, potential victims need to be informed right away. It’s only fair and limits damage.
This piece appeared as an editorial opinion in the print edition of The Times of India.
END OF ARTICLE