Behind the United States India is the second largest populated with English as its primary language and it has one of the fastest growing demographics of personal computer and Internet usage.Data is basically an information that is presented in raw and inorganised pieces which is stored by a computer in the form of text documents, files, software programs, etc.This information is collected for its analysis or reference. With social, economic, legal, corporate and governmental activities the flow of data is expanding in great speed.India is experiencing a major paradigm shift to using a multitude of technologies due to tremendous technological growth And therefore in today’s economy, need for protection of such online data is of paramount importance which must be protected.Data protection is a process of protecting and safeguarding such vital information from either misappropriation, misuse, corruption or loss or from unauthorized access which can be concerned with an individual, enterprise or even a government.Along with such fields mentioned above protection of data must also be applied to personal data.Personal data generally refers to the information or data which relate to a person who can be identified from that information or data whether it is collected by any Government or any private organization or an agency.Such privacy laws, policies and procedures aim to minimise intrusion into one’s privacy caused by the collection, storage and dissemination of personal data. The significance of data protection is increasing with the amount of data created and processed.The general population is still primarily unaware of consequences related to identification theft.Subsequently, Data Protection Strategies are also assuring and ensuring us that the lost data can be recovered and restored, if any misfortune or misappropriation happens with the impugned data.
NEED FOR DATA PROTECTION LAW IN INDIA:
1.As we all know that right to privacy is now our fundamental right so for our protection we should have data protection law.
2.By bringing these laws we all will be aware and can check on all unauthorised leaks, hacking, cyber crimes, and frauds.
A very good example is case of Aadhar card leaks by Gujarat based websites who were found disclosing their adhere numbers as well as in Jharkhand where 1.6 million people’s aadhar card details were leaked.
3.It will help us in our growth and improvement of business process and will secure our digital payments.
4.It will also help us to restrict use of data by data colonising companies such as Facebook, Whatsapp
Example: In case of Cambridge Analytical Scandal ,they allegedly involved collection of personally identifiable information of up to 87 million Facebook users attempt to influence voter opinion.
STEPS TO PROTECT DATA:
Data Collection:
The first step for data protection is to start with data collection itself.There must be strict data collection policy by the top authority.Data should be collected by the agencies authorised by the government.All the information collected should be of lawful purpose only.
Data Security and Storage:
All data captured should be kept upto date and accurate.It should applied appropriate technical and organizational measures.
Data Process:
Processing of data must be fair and lawful.Data shall be processed only when the consent of user is involved or if user or any one of its party is in contract.Data should be processed only for given purposes like if its for judicial proceedings, legitimate use for national interest or vital interest of subject.
Data Access:
The data access must follow NEED TO KNOW basis.There must be proper control that information should not go beyond the Indian territory.If it does then proper measures should be taken to ensure that information is protected outside India.
Indian Laws For Data protection:
In our constitution we does not patently have a law for data protection. However courts have implied this data protection law into existing fundamental rights that is under article 21 however its interpretation was fond insufficient to provide adequate protection for our data.
In the year 2000, our legislatures made efforts to embrace privacy issues relating to computer system under Information Technology Act(IT), 2000 which deals with the issues relating to payment of compensation (Civil) and punishment (Criminal) in case of wrongful disclosure and misuse of personal data and violation of contractual terms in respect of personal data.
UNDER IT ACT 2000
SECTION 43:
This section provides protection against unsanctioned access of the computer system and unsanctioned downloading, extraction and copying of data by imposing heavy penalty upto 1 crore.In which clause “c” imposes penalty unsanctioned usage of computer viruses and clause “g” imposes penalty for for assisting these unsanctioned access.
SECTION 65:
This section is for someone who intentionally destroys or causes another to do as such shall also be charged with a penalty of imprisonment or fine up to 2 lakh rupees.
SECTION 66:
This section is for protection against hacking person hacking our data or giving us knowledge about our data to be hacked in future by giving information residing in a computer resource shall be penalised by imprisonment of three years or fine up to two lakh rupees or both on the hacker.
SECTION 70:
This section provides protection against our protected system like computer system or network however in breach of this section will be liable for punishment of imprisonment which may extend to ten years and shall also be liable to fine.
SECTION 72:
This section provides protection against contravention of confidentiality and privacy of the data which means if any person tries to disclose any facts or proofs which are kept secured shall be punished with imprisonment which may extend to two years or with fine which may extend to one lakh rupees or both.
In the year 2006, the Rajya Sabha our legislature has also introduced a bill known as ‘The Personal Data Protection Bill’ on December 8th 2006 so as to provide protection to the personal information of the person which didn’t showed any further respond.
PERSONAL DATA PROTECTION BILL (PDPB) ,2019:
After so many data protection bills this new bill came up with great dim of light.This bill was introduced by the Minister of Electronics and Information Technology, Mr. Ravi Shankar Prasad, on December 11, 2019.This bill was most importantly made for the protection of personal data of individuals and side by side establishment of a Data Protection authority for the same.Before coming upto this bill in July 2017 the Government of India formed a committee of experts to study the issues related to data protection in the country.All the experts worked on this issue almost for a year and found that most of the population in our country gives personal details to these service providers which give them their free services and these details are usually stored on servers outside India’s boundaries, which worried the Government of India and in July 2018 they submitted a draft of this bill and requested feedback from the public, Ministers, stakeholders, and other industry experts.However on December 11,2019 they submitted a revised draft of the bill in the lower house of the parliament that is in Lok Sabha and also has been sent to joint parliamentary committee (JPC) for further thinking before taken up for passing.
There was widespread hope of passing this bill by 2019 which has now been postponed to become a law or act in 2020.
About the bill:
This bill was the first attempt to domestically govern mechanisms for personal data protection and also to set up Data Protection Authority in our country.
This bill also permits personal data processing without the consent like government providing benefits to the individual, for legal proceedings, and in medical emergencies.
This bill regulates three kinds of data :
- Personal data (personal details like name, number, etc)
- Sensitive Personal data (healthcare details shared with doctors,banking details)
- Critical Personal data (not yet defined)
The most important advantage of this bill is that personal information can’t be collected, processed, and shared without their consent and only necessary data can be collected and used.The Bill also permits customers to move their data from one provider to another and allows users to know the number of companies with whom the data is shared.
Private organisations are also forced to limit their customers details.
According to this bill a very serious and tough penalties will be imposed on any organization sharing customers’ data without their consent will entail a fine of INR 15 crores or 4 percent of its global turnover.Similarly data breach or delays will lead to a fine of INR 5 crores or 2 percent of global turnover.
Personal Data Protection Bill, gave rise after European Union’s General Data Protection Regulation (GDPR) which aims at protection of an individual’s personal data globally and preventing it from misuse and misappropriation.
Example :Recently, Microsoft India launched free online courses to allow the relevant section of public who are concerned with such issues to understand the data compliance and other best practices concerning their privacy and security which help safeguard customer data.
NASSCOM along with Data Security Council of India (DSCI) has been advocating in India.
Conclusion:
Indian legal system still have to provide a proper data security and privacy protection laws to safeguard people in our country as well as to attract international clients. Data security is not only a legal requirement but a factor to compete globally.For our country’s future growth a secured information technology and other strong data protection laws are must.Our country must be aware that not only processed information regarding legal system but also sensitive information of individuals need to be protected.Failure to recognize these issues can negatively impact our country’s reputation.In addition like all other countries such as United States and United Kingdom laws, Canada, Japan, and the European Union are increasingly becoming stricter on data privacy and protection and defining what measurements must be taken to protect data.So to attract International countries aw well we all too should look upon these matters effectively by appointing privacy commissioner, establishing self regulating organisation etc.
Eduindex News 