Data Protection (Privacy) law need of an hour to safeguard critical Information or PII (Personally Identified Information)

"India is moving towards Cashless or less cash economy"

"An employer (Govt. or Private) who has more than a lakh employees and decided to re-collect the personally identified information through online mode but somehow with server mis-configuration it expose the some crucial pre-identified primary data such as Name, Father Name, PAN Number, Employee ID, PF Account Details, DOB, DOJ the employer and few other critical details. Do we have a privacy law in first place to protect individual fundamental rights and avoid getting the individual exploited financially, mentally and physically from the malicious intent users on the World Wide Web? "

In view of the several hacking incidents in the country by the so-called hacker group ‘Legion’, the ministry of electronics and IT has ordered a series of measures including audit of the financial sector starting immediately with the National Payment Corporation of India (NPCI), review of the IT Act to make it stronger and setting up a crack team to respond to unusual incidents on a war footing. Social networking site Twitter has also been asked to strengthen its network and all stakeholders of the financial industry including payment and wallet firm have been asked to immediately report any untoward incident. 

All said and done as we are moving towards the Cashless economy and our vision for Digital India we will come by hurdles but we need to keep people of our nation aware security is just not government responsibility instead this has to be shared equally. Organizations can protect your data from being compromised from Hackers but keeping your LOGIN details safe and secure is individual responsibility.(CYBER SECURITY AWARENESS IS KEY).

The hacker group (“LEGION”) had said that the Indian banking system is "deeply flawed". Would LIKE to emphasize on re-examination of IT Infrastructure and following best practices such as (PCI-DSS, PA-DSS, PCI-PIN and Privacy Standards) but with right intent would help entire banking, financial, airlines, and retails to protect themselves against cyber attacks

Since October 16 2012, the Group of Experts on Privacy, Chaired by Mr. A. P. Shah, submitted its Report to the Planning Commission. The Expert Group was appointed to set out the principles that Indian privacy law should abide by.  Even though privacy has been held to be a fundamental right as long back as in 1962, India does not have a law that specifies safeguards to privacy. Moreover, Government initiatives, such as the UIDAI, Digital India and as we speak we are moving toward cash less economy involve collection of personal information and storage in electronic form. The absence of a law on privacy increases the risk to infringement of the fundamental right.

Work began on the bill in 2010 after the Niira Radia tapes leaked into public domain, raising concerns over breach of privacy of individuals. Leading industrialist Ratan Tata went to the Supreme Court complaining that his privacy was violated by the leak of the tapes. The government also set up an expert group in 2011 headed by former Delhi High Court Chief Justice AP Shah to suggest privacy legislation. This panel submitted its report in 2012 and the DoPT factored it in while drafting the legislation.

Now the situation is slightly different and seems we need to re-look /re-draft the legislation based on the present scenarios with new government initiatives on Digital Payment through different mode of channels (Focus on Less Cash Economy)

Recommendations of the Expert Group on Privacy 

(Report of the Group of Experts on Privacy (Chaired by Justice A P Shah, Former Chief Justice, Delhi High Court)

• The Expert Group recommended that the new legislation on privacy should ensure that safeguards are technology neutral. This means that the enactment should provide protections that are applicable to information, regardless of the manner in which it is stored: digital or physical form.
• The new legislation should protect all types of privacy, such as bodily privacy (DNA and physical privacy); privacy against surveillance (unauthorized interception, audio and video surveillance); and data protection.
• The safeguards under the Bill should apply to both government and private sector entities.
• There should be an office of a ‘Privacy Commissioner’ at both the central and regional level.
• There should be Self-Regulating Organization’s set up by the industry. These organizations would develop a baseline legal framework that protects and enforces an individual’s right to privacy. The standards developed by the organizations would have to be approved by the Commissioner.

The legislation should ensure that entities that collect and process data would be accountable for these processes and the use to which the data is put. This, according to the Group, would ensure that the privacy of the data subject is guaranteed.

 Present status of the Right to Privacy

While the Supreme Court has held privacy to be a fundamental right, it is restricted to certain aspects of a person’s life. These aspects include the privacy of one’s home, family, marriage, motherhood, procreation and child-rearing. Therefore, to claim privacy in any other aspect, individuals have to substantiate these are ‘private’ and should not be subjected to state or private interference. For instance, in 1996 petitioners had to argue before the Court that the right to speak privately over the telephone was a fundamental right.

Risks to privacy

1. Government departments, Financial Institution’s, E-commerce Websites, Wallet companies, CIBIL, Indian Railways, Airlines and Hospitals (Pathology Lab/ Surgeons) collect data under various legislation's and sometime unknowingly or knowingly they made it available to public over the cyber space which is serious matter of concern. 
2. For instance, under the Passport Act, 1967 and the Motor Vehicles Act, 1988 persons have to give details of their address, date of birth etc. These enactments do not provide safeguards against access and use of the information by third parties.
3. Furthermore, recent government initiatives may increase the risk to infringement of privacy as personal information, previously only available in physical form, will now be available electronically. Initiatives such as the National e-Governance Plan- 2006, UIDAI and Digital India programs would require maintenance of information in electronic form. Under the initiative, bio-metric details of the beneficiaries, such as retina scan and fingerprints are collected and stored by the government.