See Also: Threat Intelligence - Hype or Hope?
Industry experts believe that the volume of online transactions, the explosion of e-commerce opening up multiple financial gateways and growth in digital infrastructure have resulted in the data traversing in all directions. This has only enhanced data privacy issues, showcasing the trouble that users have to establish the authenticity as well as the privacy of the data that they share.
The subject of privacy came into focus as the theme of a plenary session on 'Public Policy Dilemmas of Cyber Security and Privacy' at the DSCI's 10th Annual Information Security Summit held this week in New Delhi.
Leaders argue that security practitioners need to emphasise the importance of cybersecurity and data security, and protect critical information from being leaked or misused, as it could result in huge legal ramifications.
"It is no exaggeration that information security practitioners are going through a tough challenge in protecting customer data privacy, given that there are about 3 to 4 billion customer transactions happening online every month," says Arvind Gupta, Head IT Cell, Bharatiya Janata Party.
"With explosion in data owing to these transactions, it is getting highly impossible to track them, as the data is traversing in multi-directions," Gupta says. "Ensuring that it is protected against misuse is a huge responsibility."
The leaders echo a similar sentiment with regard to the challenges involved in data protection and data privacy. The situation is getting murkier, and digital India is constantly providing them with more data than they can handle.
The panel highlighted that most individuals are ignorant about privacy and data protection laws and regulations, and oblivious that a person is entitled to his or her privacy, and other users can only have limited access to information about them.
They highlight that while there have been certain ambiguities and dilemmas around what exactly the privacy and cyber security policies and legislations cover, the Centre has been making an effort to resolve the shortcomings and reviewing the clauses.
"There are practical issues with regard to understanding the privacy, data protection and cybersecurity law by citizens at large," explains Prof. M.V. Rajeev Gowda, Member of Parliament, Rajya Sabha. "Even the best and most clued-into security systems often overlook privacy clauses and tend to sign up on every document or software without an iota of skepticism, which is a risky proposition."
Gupta believes that citizens should be informed about how organizations plan to secure, use or exchange their personal data, and that they should be asked for their consent. Unfortunately, due to lack of knowledge, no one is objecting to sharing any information.
"It is all about lack of awareness," Gupta says. "People must know that they can choose to withhold information, and that is what the Right to Privacy legislation under Article 21 of the Constitution says."
Raman Roy, chairman and managing director, Quattro, reiterates the need for a policy framework based on the public debate on the topic. "Government should invite public opinion on the privacy and cybersecurity issues and also around the concept of ethical hacking to create a robust policy framework," he says.
Measures to Tackle Cybersecurity, Privacy and Protection
The leaders claim that privacy and protection rights vary in different contexts and must be balanced against the other rights of citizens. This is in the interest of national security.
"A fine balance between what the consumer wants and what the country needs is most essential, as it would ensure that the policy framework is transparent and guidelines are adhered to," Gupta says.
"This is where the encryption laws come in to protect consumer data. This is sought after by the government for social security reasons," he says. In many countries, there have been concerns around using biometrics. A person's entire personal data is collected by the firms, and no one knows where the data is going or how it is being used.
Most often, they say the question that pops up regarding who owns the data is unanswered. Hence, the consumers need to be conscious about sharing vital information, as it is likely to be misused.
Gowda strongly recommends that the Indian government introduce a concept that has been followed by the US. They launched the Center for Ethical Social Legal Dimension of Human Security, which handles data protection issues.
"With the fourth generation coming after the GenY, their new ideas and engagement models and new perspectives of communicating will roll out huge data, and there should be laws to establish privacy of these," asserts Gowda.
To help the government establish a robust policy for cybersecurity and privacy, the leaders recommend a strong social media platform where the government can seek comments/feedback from all the stakeholders on required clauses as part of the privacy bill.
"Policy makers need to take into account new technological advancements, cybersecurity challenges, new forms of frauds and the new forms of data collection methods before prescribing a dynamic policy legislation that is futuristic," argues Gupta.With inputs from Varun Haran