According to a McKinsey report, India is estimated to have 650-700 million smartphones as the number of internet users will cross 800 million by 2023. This is not only indicative of the huge magnitude of data collection that will follow, but also the privacy threats this can entail.
With the rise in data breaches across the country, data privacy has become the utmost priority for individuals and businesses. India is ranked third in the world in terms of the number of data breaches, with 86.63 million coming under attack until November 2021. Moreover, as per Israel-based cyber security firm Check Point, data breaches and cyber-attacks are expected to grow in 2022 to a large extent with the adoption of digitisation by both consumers and businesses.
Last year, Air India witnessed a privacy breach where the personal details of about 4.5 million customers were compromised, including passport, credit card details, birth dates, name and ticket information. Dominos India witnessed a data breach of over 18 crore orders leaked on the dark web, including order details, phone numbers, email addresses, credit card details, etc. The list goes on, and data breaches also include government portals.
So, what is the solution here? Before we delve into answers, let us look into some of the privacy concerns arising from data collection, particularly in the business context.
How to make Indian citizens aware of privacy issues
For citizens, data privacy is all about setting necessary boundaries and ensuring they are safe in the digital world at all times. Failing to safeguard one’s privacy could not only be fatal, but also can give hackers a chance to misuse your data for fraudulent activities.
With the increased usage of instant messaging platforms and social media platforms like WhatsApp, Instagram, Telegram, etc., people are concerned about protecting their data more than ever.
To ensure the information is safe and stays private, many platforms have released security features like end-to-end encryption. However, governments worldwide are putting pressure on internet companies to allow them access to these conversations – by creating a back door entry for regulators and law enforcement to snoop on the conversations as a measure to put an end to misinformation and fake news.
While certain things are out of the control of the citizens, there are a few ways in which individuals can safeguard their privacy. Some of them include two-step verification, Touch ID or Face ID lock, platforms with disappearing messages, admin control, end-to-end encrypted backup and others.
Privacy issues and how businesses can solve them
Some of the privacy concerns that arise due to data collection include –
- Embedding data privacy
Businesses need to be proactive in their approach. They should use tools and platforms that support their privacy policies. A good data strategy and staff training should be at the heart of the business, ensuring all the departments are data literate and making sure customer data is safe at all times.
- Proliferating devices
Often, more devices lead to more data. Businesses and individuals need to manage compliance and data privacy from any source, different OS and multiple applications. Proper data governance procedures should be put in place.
- Increasing maintenance costs
Investing in software and systems to secure and prevent data privacy issues of your customers can be expensive. But, it is better to be safe than sorry. Hence, it becomes important to automate processes and invest in tools and platforms that help in reducing the number of data silos, eliminate points of friction and manual processing, reduce the risk of human error, more opportunities for de-duplication, improve governance, and control, lower costs, etc.
- The ever-increasing scale of data
With rapid digitisation, alongside cloud storage and compute costs coming down, businesses are swimming in data. The challenge of managing these large volumes of data is huge. Therefore, it becomes important to develop a solution that can handle such a large amount of scale data.
- Bad data culture
Businesses need to train their data science and IT teams not just to balance the value of collecting, storing and processing large volumes of data but also to understand the value of data and data privacy.
- Getting visibility into all your data
Businesses need to be aware of customers’ data’s location, nature, and sensitivity. Therefore, leveraging tools to discover and classify data becomes essential. This helps in protecting sensitive data from any privacy issues.
- A long list of regulations and documentation to follow
With so many rules and regulations to follow, keeping track of the data privacy you need to achieve for various datasets becomes cumbersome. Therefore, you can make it easier to handle the complexity of various regulations by automating processes.
Policies & rules around data privacy
With privacy being the fundamental right of every citizen in the country, somewhere along the line, it feels like it is being compromised to a large extent. Therefore, the right to privacy needs to be embodied in laws on consumer protection, IT, health, and the financial sectors, among others, with a special focus on data privacy and data protection.
In the last few years, the Indian government has been actively looking at clamping down on data breaches and tightening rules for holding sensitive data and laws against invasion of data privacy. Some of the rules include Information Technology Act, 2000 (aka the IT Act) and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rule, 2011 (aka the SPDI rules); Consumer Protection Act, 2019 (CPA) and Consumer Protection (E-Commerce) Rules, 2020.
Besides these, other policies and drafts are still at various stages of discussion or implementation, including the PDP bill or Personal Data Protection Bill, 2019; the NPD framework, also known as the Non-Personal Data Governance Framework; DISHA or Digital Information Security in Healthcare Act, 2017; National Digital Health Mission (NDHM); and Health Data Management Policy issued by the Ministry of Health and Family Welfare.
This article is written by a member of the AIM Leaders Council. AIM Leaders Council is an invitation-only forum of senior executives in the Data Science and Analytics industry. To check if you are eligible for a membership, please fill out the form here.