Protecting privacy in age of data breach

Today, cybercriminals are increasingly relying on innovation, organisation and sophistication, observes Symantec’s Internet Security Threat Report 2018 even as Internet of Things (IoT) targeted attacks rose by a whopping 600% and mobile malware variants increased by 54%.

Despite the government and the industry racing towards a digital economy, most Indians remain blissfully ill-informed about threats to their personal information and its implications.

According to the European Commission, personal data is any information or collection of attributes, whether in byte-sized pieces, encrypted or anonymous forms, that can be used to identify a particular individual.

Businesses need to collect a database of population trends, consumer preferences and behaviour to predict future sales and revenues, make strategic decisions and personalise experiences to win brand loyalty.

Social media platforms are where you share most of your information, talk about planned vacations, things you wish to buy, foods you prefer and incomes you earn.

Increasing cybercrimes

Identity theft can be used to open new credit or loan accounts in your name with no intention of paying them off, make illicit withdrawals, launder money, commit phone or utilities fraud or obtain an official ID in your name and perform criminal activity.

Cyberbullies can gain access to personal data for the purposes of obtaining contact details for nefarious purposes of stalking.

Privacy matters because it impacts the dignity of individuals and helps them control their reputations. This, in turn, affects incomes and opportunities in life. Breach of that trust can lead to manipulation, deception and fraud.

Edward Snowden’s exposure of disturbing surveillance practices by the American NSA on unsuspecting citizens in 2013 and the recent allegations of election rigging during the US elections give enough evidence on how personal data can be used to influence the course of development and free speech in one nation or the world.

Challenges of law

As of now, current provisions of law that govern the use of personal data provide for compensation in case of wrongful disclosure, misuse of personal data and violation of the
terms of contract regarding personal data.

The problem with existing laws is that wrongful loss has to be proved in terms of its money’s worth. There exists a clear need for a generalised law that proactively addresses data protection and its concomitant rights to privacy and the right to be forgotten.

Following the introduction of the General Data Protection Regulation (GDPR) in the European Union on May 25 this year, many other jurisdictions have realised the importance of protecting consumers and citizens against theft of personal information.

India’s Ministry of Electronics and Information Technology constituted a Committee of Experts on a Data Protection Framework under Justice B N Srikrishna in August 2017 and it submitted a report and a draft bill to legislators on the July 27, 2018.

Right to Privacy

Because the individual is dependent on the service, the provider has an obligation to use personal data fairly and for authorised purposes only. There should also be an obligation to notify the user where and how this data is being procured and intended to be used.

The draft bill proposes to create a Data Protection Authority to enforce the provisions of the bill. Sensitive personal data would consist of passwords, financial data, biometric data, genetic data, caste, religious or political beliefs, or any other category of data specified by the authority.

Consent should be informed and meaningful and the law should provide for protection of vulnerable groups, such as children, from exposure against their interests.

Laws by themselves are no good unless internet users make themselves aware of the threats and challenges that the anarchic online world poses. It is important to educate oneself with basic digital literacy through certifications such as the Security+ or the A+ to understand how vulnerable your computer or smartphone is to attempts at data theft.

Encrypting sensitive information, maintaining data backups, using malware protection software, installing operating system and other software updates regularly, encrypting data in portable devices, using firewalls and overwriting old files, especially from online cloud servers, using firewalls and checking
privacy settings on web browsers and apps will help you maintain anonymity in an increasingly dangerous cyber-world.

(The writer is Regional Director, CompTIA India)