View from India: Data protection is crucial today
India is working towards fulfilling its vision of Make in India and Digital India. Both goals are fuelling innovative ideas, opening up new avenues and services that harness tons of data. In the process, the country is shaping into a data-driven economy.
Data generation and data exchange for both these goals are being facilitated by mobile devices. Millions of people are using the mobile even before the computer. To that extent, they are going digital for the first time.
“India is a ‘mobile first’ country, where there are 460 million smartphone users who generate a huge amount of data for availing many services across verticals. Traditional sectors like banking have opened out Internet options, apart from new-age business models like mobile wallets, taxi aggregators and social media. All these have contributed to the data pie, as consumers give away data explicitly and sometimes, even implicitly,” said Siddharth Vishwanath, leader, cyber advisory PwC, speaking at the 2nd Global Summit on Data Protection, Privacy & Security – Reforms, Challenges & Opportunities organized by ASSOCHAM, an acronym for the Associated Chambers of Commerce and Industry of India, which is the representative organ of corporate India.
Though realistically individuals have always tried to safeguard their information, the present mandate to give out information digitally has raised security concerns. Consequently, security measures for information and data protection is being scaled up. “An avalanche of data could probably put consumers at risk if organisations monetise data for profit. Naturally with so much data generated and being siphoned out, there’s a need for robust protection in order to avoid data breaches,” Vishwanath commented.
The general consensus is that smaller enterprises are prone to data breaches. Large organisations have invested on data protection through encryption and are supported by a legal framework. These organisations have begun to restructure their operations to include newer portfolios. Chief data officers (CDO) are being appointed to exclusively handle data-related requirements. Other positions are occupied by data processors. Seen in relation to personal data, these are professionals who process the data on behalf of the data controller. The data controller determines the purpose and the manner in which any personal data is processed. “Today it’s easier to cull out an individual’s data. Take the case of bank accounts, which can be updated through a combination of data mining, algorithms and artificial intelligence,” reasoned Payal Malik, an adviser to the Competition Commission of India.
With changing reforms in India, a framework for handling or protecting data is a prerequisite. This is why the Justice BN Srikrishna Committee Report on Data Protection and draft of the Personal Data Protection Bill has just been submitted to the Ministry of Electronics and Information Technology (MeiTY). “As a digital identity is necessary for protecting data, specialised companies have come forward with customised options to cater to the emerging demand. There are various issues that call for attention especially because many of our companies have business transactions in Europe for which they have to adhere to the norms set by European Union’s General Data Protection Regulation,” added Harihara Natarajan, chairperson, ASSOCHAM National Council for FinTech, Digital Assets & Blockchain Technology and chief architect, Wipro Technologies Ltd.
Data is not confined to mere information about an individual. Large swathes of data are being used as a tool for competition. “How internal data interacts with external parties must be figured out. It’s important to see what data can do and at what price. This can open out allied services that offer a value-add to the existing scenario. For instance will there be an algorithm provider to alert an enterprise when the competitor increases the price so that the enterprise can also do the same,” reasoned Manas Kumar Chaudhuri, chairman, ASSOCHAM National Council for Competition Law and a partner at Khaitan & Co.
Data protection is a challenge because privacy needs to be maintained in a world of borderless internet. And this is where technology steps in as an enabler facilitating processes through privacy management software.
It’s imperative to evaluate web compliance tools and processes that help tighten internal privacy. Individual profiling should be automated. Through electronic measures, data should be collected and ensured that privacy and regulation are maintained throughout the value chain of data processing. Cookie consent tools should be created for consumers to give consent to enterprises to purge or delete data. Tools are required for data inventory and data loss prevention (DLP), while data breach notification should happen through web and SMS alerts.