India Needs Strong Data Privacy Law

A stringent data protection law is urgently needed in India to address the mounting concerns over privacy of citizens as the country is moving in a big way towards digital governance. There has been a growing concern in India over the safety of the Aadhaar database. The Supreme Court is also examining issues relating to various aspects of Aadhaar. There is an urgent need for data privacy laws and also about awareness among people and industry for respecting people’s personal data as there are no laws for data privacy in India.

While there is no authority, which will take action against the company if they fail to abide by data privacy laws, we can have one such authority in future. Similarly, people must be made aware of their right to delete their digital footprint.

However, the health industry should comply with Health Insurance Portability and Accountability Act (HIPPA) norms, the credit cards and debit cards companies should follow Payment Card Industry Data Security Standard (PCI DSS) norms. In IT industry, we have ISO 27001 standard of information security management, which takes care of data privacy of customers.

Although the government appointed Justice BN Srikrishna Committee and they are working on framing the laws, we hope we get it soon. In the majority of cybercrime cases, we have seen that data is phished, stolen by the fraudster before a cybercrime takes place, and in such cases, we need to be aware of data privacy rules. People are taking steps for data privacy all over the world and so in coming future, we will see strict norms. As the Information technology (IT) Act does not take much care about data privacy, as the cyber security expert, Dr. Herald Dcosta.

The IT Act talks about the hacking of data and copyright laws but when it comes to data privacy, laws need to be framed. The IT Act section 43 talks about unauthorised access to data and talks nothing about data privacy.

If you certain quotes from the experts:

We are in the stage of digital economy, digital governance, and digital storage of all knowledge and Digital footprints are everywhere. The digital footprints will identify you, Is it good, is it bad that is the debate. Said, Justice B N Srikrishna.

Technology has brought about a sea change in governance and asserted that the Aadhaar database is secured by design. Said, J Satyanarayana, Chairman- UIDAI.

The Information Technology Act, 2000 has recently been amended to meet challenges in cybercrime, the amended Act is yet to come into force, it has introduced two important provisions that have a strong bearing on the legal regime for data protection. These are sections 43A and 72A, inserted into the IT Act by the amendment Act. But the provisions pertaining to data security and confidentiality are grossly inadequate.

According to this Act , the persons and organizations which store personal data must register with the information commissioner, which has been appointed as the government official to oversee the Act. The Act put restrictions on collection of data. Personal data can be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or purposes. The personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed.

Hope the report of Justice Srikrishna committee will have all the answer to the data security ,expected to come in this month.