Is your personal data in safe hands? In this era of Internet and Big data, where plethora of data flows from one source to the other, how do we make sure that our information is safe?
Data misuse is a highly debated topic presently and there are various interpretations of it. The new digital economy even brings more risk into the system. Nowadays, all the critical information like bank details, identity proofs, etc are stored online and are very difficult to properly protect.
But it is doable, as has been the case in some of the developed countries. There are different kinds of issues that can take place. Be it data misuse, or data theft or the famous case of data encryption violation. There are third parties who buy and sell data and make money out of it and the worst part is an agency can actually use your personal information against you, which you provided to some other entity.
Last year, Facebook admitted that millions of user passwords were stored in plain text format, without any encryption, on the servers and a small glitch can expose the entire database to the public. What does it mean for you? It means that all the conversations that a person has with their friends can actually be compromised in public. Imagine if all your conversations were out in the public!
Uber has admitted that it monitors your device’s battery level. So one example of how it can be misused is that if your battery levels are low, and you are trying to book a cab, there can be a surge applied and you will be charged more.
Let’s give you yet another possibility. Lets say your mobile has an application which tracks your daily food intake and helps you maintain your health. Before the login, it asks about your health and past history.
Now in a situation where there are no proper checks and balances in the system, the data can actually be sold to an insurance company to ask for a higher premium or may God forbid, deny an insurance to you. Let’s not even get started on the kind of close monitoring the Fitbits on your wrists do!
Hard to believe right?
In any case if you are still not convinced that it can happen with you, here are certain live examples of data misuse:
- Uber: In 2014, a high profile and very sensitive case came into picture where an employee used a feature of Uber to track down an executive who was late for the meeting with an Uber exec. The access was limited to the higher executives but nonetheless a misuse of data.
- Truecaller: In 2012, Truecaller admitted that the details of 300 million users was exposed to some theft and was on sale on the dark web.
- Morgan Stanley: In 2015, the credentials of around 10% of the clients of Morgan Stanley were found on a website.
Now are there some rules and regulations in place to save us from this kind of violation?
Recently, in December 2019, India finally came up with its data protection Bill. India, with a vast majority of the world’s population has the power to dictate the world’s data protection laws and enjoys a huge bargaining power with the companies doing business here in India.
Some of the aspects of the Bill concentrates on is Right to Privacy, data being an important aspect of business and the urgency of data protection. The main aspects of the Bill are:
- Accountability when it comes to sharing data of a person and the purpose of sharing
- Parents’ permission before collecting the data of a child
- There are also exemptions from obtaining permission before sharing data. But this is restricted to specific Government agencies or certified authorities.
- The organisations dealing in online payments have to store the data locally that means inside India. Because once the data is in another country, the laws change and we might lose control over the data.
Though the bill has been drafted after much deliberation, individuals and organisations are still ignorant about the rules in place. A proper implementation has to be ensured and followed religiously.
What can we do personally to save ourselves from cybercrimes?
Refrain from providing unnecessary information on any kind of website. File an RTI in case you notice any breach of personal information.
The moral is that it is the duty of the Indian constitution to safeguard the personal privacy of its citizen and the data protection law also come under its ambit.
It is imperative that organisations are held accountable and responsible for the data misuse and heavy penalty is imposed. This way we can call India a safe place with data security.