An increase in the number of data breaches makes an urgent case for better data security laws in India
Our reliance on technology and digital payments is unavoidable. Look at the age will live in. With disease, natural disasters, vagaries of temperature, and our general chaotic daily lives spent under unrelenting conditions in the cities, it's technology that has provided ease and speed. A life without technology and its many saviours is unthinkable. But since we depend so much on tech, we are that much more vulnerable to data leaks and virtual theft. In the last few days, multiple reports of data leaks have taken over headlines. From the data breach at Mobikwik that allegedly leaked the data of 100 million users onto the dark web (Mobikwik has now denied the leak but evidence to the contrary is overwhelming) to 533 million Facebook and 500 million LinkedIn users' data being compromised — this threat is real and alarming.
To check if your data has been part of the Facebook data breach, you can visit 'https://haveibeenpwned.com/', enter your email address and let the website do its magic. It also shows up past breaches, and I was shocked to see that my email address too has been part of data breaches on 12 occasions! Companies are constantly under cyber-attack with some hacker or the other holding them to ransom or profiteering by leaking personal data onto the dark web. In 2020, many well-known entities faced the wrath of hackers — Twitter, Zoom, Unacademy, BigBasket, Nintendo, Marriott, SBI, JustDial, and many more. Even the police exam database and Covid-19 test results were hacked into. In February this year, a team of alleged ethical hackers called Sakura Samurai claimed to have breached an Indian government server containing financial details, police reports of victims' data, other confidential government information and leading to the exposure of Personally Identifiable Information (PII) of 13,000 government employees and citizens as well. Today, data is as valuable as oil and other natural resources, and going forward, it will be the most precious commodity.
Last year, in a news report, IBM said that one in two Indian firms have faced a data breach in the last two years and lost more than 1,000 records of confidential customer or business information. Since the Covid-19 pandemic, the IBM X-Force Incident Response and Intelligence Services (IRIS) team also noticed a staggering 6,000 per cent increase in Covid-19 related spam. With mass scale work-from-home trends, employees of several tech firms in the initial lockdown days, were not equipped or prepared to handle cyber threats.
So, what usually happens in a data breach? Your most personal details fall in the wrong hands. Telephone numbers, email addresses, and even sensitive bank details get leaked, and you can well imagine the seriousness of such a threat. Now the question remains that while hackers will keep trying to hack, why aren't Indian companies adequately protecting themselves and their consumers' precious data? Maybe because India still lacks data laws with teeth. The Personal Data Protection Bill, inspired by General Data Protection Regulation (GDPR) passed by the European Union, is still languishing in Parliament since 2019. Once ratified, the law would be a deterrent to the callous attitude of companies towards data security. From mandatory disclosure of data collection to consumers to barring unnecessary data collection by private firms to even levying fines and prison terms on data breach.
The stakes are high and companies, especially startups, must protect themselves and safeguard the consumers' data. Stricter privacy and more engagement of automation, Machine Learning, and Artificial Intelligence are the need of the hour, say experts. And what can consumers like you and I do? While most apps and portals require us to register using our email addresses and phone numbers, consumers must refrain from storing their bank account and/or debit cards details on the app/portal. Credit cards still have a security cover wherein dubious transactions can be reported but debit cards don't. Most accounts encourage a one or two-step account verification process — do this religiously. Transact using OTPs and pins, don't share passwords with anyone especially telemarketers, and don't store them on your phones. While even all these may not protect against future cyber-attacks, at least they will help to strengthen our cyber resilience.
The writer is an author and media entrepreneur. Views expressed are personal