Major Data Breaches have occurred in India while the Personal Data Protection Bill (PDPB) has been hanging in the Parliamentary ad-hoc committee for over a year and a half now.
The Personal Data Protection Bill is a bill that puts India on the map of countries with dedicated data protection laws. It seeks to provide for the protection of personal data of individuals, and establishes a Data Protection Authority for the same. The Bill was introduced in Lok Sabha on December 11, 2019 and was referred to the Joint committee of the Parliament. The committee was to present it to the parliament after reviewing it and suggesting changes but it has been seeking extensions right from the budget session of 2020 to the current one till the Winter Session of the Parliament, 2021.
While this bill is being scrutinised in the Joint Parliamentary Committee for over a year and a half now, major data breaches and cybersecurity incidents have taken place in India.
IRCTC바카라s data leak in October 2020 contained Full Names of about a million users along with their mobile numbers, e-mail IDs, dates of birth, marital statuses and cities of residence. This data was available for free on dark net. While IRCTC denied the data leak at that time, there바카라s no deniability in the fact that this was not the first time that a cybersecurity incident was happening at IRCTC and the leaked data바카라s authenticity was substantiated by various cybersecurity experts.
Air India바카라s passenger system service provider SITA바카라s data was leaked recently where personal data of 45 Lakh passengers with data pointers as grave as passport information and credit card details were also leaked. SITA is based out of Geneva in Switzerland which all the more raises concerns for data localization that the PDP Bill raises.
Around the same time as IRCTC바카라s last year, Dr. Lal Path Labs also suffered a data leak. According to a media report, the personal data of millions of users was stored on their AWS server, not protected by a password. The company clarified that it was a misconfiguration issue and only involved 0.5% of its records. Incidents like these did not bother the companies at a kinetic, let alone legal, level back then but some major cybersecurity attacks like the one on Dr. Reddy바카라s servers forced it to shut down its operations worldwide, for a day. Both of these incidents occurred during the pandemic. Dr. Reddy바카라s was, in fact, in the middle of its vaccine trials.
These malicious attacks also swayed the corporates with the harshest impacts. In March 2021, a major data leak of 8.2 Terabytes happened at MobiKwick. KYC documents of around 10 Crore people were available for sale on the dark web. While the company denied the data leak, the photos of people바카라s passports, aadhar cards, etc. along sensitive personal data pointers were floating around on the dark web, ready to go in the hands of the highest bidder.
India witnessed one of the biggest and most dangerous data leaks in its history when, in May 2021, personal data of Domino바카라s India was leaked. Unlike other leaks, this data was available on the surface web and was presented in a user-friendly search engine format.
Users could search for mobile numbers/email IDs of their targets and get their order addresses with geo coordinates. While the company denied the leak of any financial data, this information was enough for anyone to misuse. 바카라I started getting calls from people complaining that they have started receiving spam messages and random calls all of a sudden, after the Domino바카라s data leak,바카라 said Nitin Pandey, a cyber consultant with the UP Police and a dark web researcher. He further added, 바카라Data Leaks like these have far reaching implications when this data gets in the hands of malicious entities. From petty spammers to hitmen to terrorist organizations, anyone can misuse this data, especially the big data which gives them exposure to large cross sections of our population.바카라
The Personal Data Protection Bill had provisions for classifying sensitive data and imposing data protection standards for organizations collecting it but it also had its own shortcomings. While there is no record of the JPC바카라s meeting after 29th December, 2020, Meenakshi Lekhi, the committee바카라s former chairperson, told the media in January that the committee recommended 89 changes in the initial draft and presentation in parliament would take some time. Committee바카라s new head, PP Chaudhary has sought further extension till the first week of the winter session.
Meanwhile, courts of the foreign land are setting precedents while fining tech giants over data misuse. Found in the violation of EU바카라s General Data Protection Regulation, Amazon was recently fined for $850.6 million. Zoom, on the other hand just settled a lawsuit for $85 million in the land of stringent Data Protection laws, the USA. Data security is more than what meets the eye. While some events go unnoticed, some are outrightly denied and some are severe enough to shed light on the need of robust data protection practices.
