Data Protection Law Should Be In Place At The Earliest: Experts

Sunil Pradhan
Friday, 4 October 2019

In last three months the Indian Computer Emergency Response Team has issued more than 10 alerts to make people aware of increase in malware trying to hack into systems to phish data. With the rising incidents of data theft, data phishing and data mining, Sakal Times in a three-part series highlights the action people should take to tackle these cyber problems.

Pune: On August 30, the Indian Computer Emergency Response Team (CERT) issued a warning against Camscanner mobile application malware in which the agency highlighted that the attacker can steal money from the victim’s bank accounts using bank credentials stored in the application by its paid users.

In another warning Computer Emergency Response Team highlighted the issue of ‘Monokle’ malware with capabilities of stealing target’s contact details, call records, photos, videos and other important information.

Presence of such malware clearly raises the point that fraudsters are finding ways to steal data from people. 

The fraudsters are aware of ways in which the stolen data can be beneficial.  But as data privacy laws are yet to be implemented in the country, experts say it is high time agencies take quick action.  

Cyber security expert Harold D’Costa said it is important to bring in the data protection law at the earliest. “A comprehensive data protection law can protect people against violations of their privacy in the digital world. Our Information Technology Act should also be updated and offences be made more strict,”  added D’Costa.

Speaking on data privacy issues faced by people as many tech giants holding massive data are not based in India, D’Costa said there is need to increase nodal points of service providers out of India. “These nodal points can help our agencies better when it comes to data protection. We also lack a treaty with the service providers on data protection,”  added D’Costa.

Cyber expert Niranjan Reddy said agencies should inform users about the purpose of data collected. 

“Information collected from an individual should never be disclosed to other organisations or individuals unless specifically authorised by law or by consent of the individual. Data collected should be deleted when it is no longer needed. Similarly the Indian Data Privacy Law, should be mapped with General Data Protection Regulation (GDPR),” added Reddy.

Related News