PUNE: With massive rise in cyber crime cases in the city and across India, experts have highlighted the need for strong data privacy laws and norms that will help keep people’s data secure and help in curbing such crimes.
Over 5,000 cyber crime complaints were lodged with the Cyber Cell Department last year and as majority of crimes are associated with ‘digital data,’ be it text, audio or video, protecting data becomes important. The recent data leak case of Cambridge Analytica also pointed to the need for strong data privacy laws.
Following the urgent need of data privacy, the European Union (EU) enforced the General Data Protection Regulation (GDPR) on May 25 and on the first day of its enforcement, lawsuits worth $8.8 bn were filed against two tech giants for coercing users into sharing personal data.
Speaking about the need for data privacy laws, Harold Dcosta, a Cyber Security Expert, said that there are no laws for data privacy in India. “Although the government appointed Justice BN Srikrishna Committee and they are working on framing the laws, I hope we get it soon. In the majority of cybercrime cases, we have seen that data is phished, stolen by the fraudster before a cybercrime takes place, and in such cases, we need to be aware of data privacy rules. People are taking steps for data privacy all over the world and so in coming future, we will see strict norms,” added Dcosta, who highlighted the Information technology (IT) Act does not take much care about data privacy.
“The IT Act talks about the hacking of data and copyright laws but when it comes to data privacy, laws need to be framed. The IT Act section 43 talks about unauthorised access to data and talks nothing about data privacy,” added Dcosta.
Another cyber expert Pankajj Ghode said that GDPR will be applicable for companies dealing with data of people from EU. “Similarly, IT Act section 43 can be of little help,” added Ghode.
Speaking about data privacy, cyber expert Anil Raj of Cyber Vault Security Solutions Private Limited said that there is an urgent need for data privacy laws and also about awareness among people and industry for respecting people’s personal data.
“While there is no authority, which will take action against the company if they fail to abide by data privacy laws, we can have one such authority in future. Similarly, people must be made aware of their right to delete their digital footprint,” added Raj.
The cyber expert highlighted that people should also look for various compliance level that a company is following. “The health industry should comply with Health Insurance Portability and Accountability Act (HIPPA) norms, the credit cards and debit cards companies should follow Payment Card Industry Data Security Standard (PCI DSS) norms. In IT industry, we have ISO 27001 standard of information security management, which takes care of data privacy of customers. If companies have these compliance levels, then a person can have trust that companies are following a basic standard of data privacy,” added Raj.