A majority of citizens have alleged that their personal data has been compromised by the government, telecommunication service providers and banks, as the Digital Personal Data Protection Bill, 2022, makes its way to parliament. A survey showed that 72 percent people said their data had been leaked while at least half of them said their Aadhaar or PAN were in the public domain.
According to the survey, conducted by social media community platform LocalCircles, 81 percent of those who feel that their data has been breached hold state or local government offices – regional transport office, municipality, hospitals, public distribution system, property registration – responsible. At least 75 percent of the people feel telecom service providers are responsible for data leaks while 69 percent pinned it on banks and other finance-related firms.
The survey also indicated that 56 percent of the people hold central government offices, databases and staff (EPF, passport, CoWIN, Aarogya Setu, Aadhaar, vehicle ownership) responsible. People are strongly in favour of disincentives and penalties to be put in place if any entity, including central and state governments, compromise personal information, the survey showed.
What is a data breach?
A breach takes place when unauthorised individuals are allowed to read data that they are not permitted to access. Stolen data can lead to identity theft, which can have several repercussions including financial fraud. Depending on the type of data involved, consequences can include destruction or corruption of databases, leaking of confidential information, theft of intellectual property and regulatory requirements to notify and possibly compensate those affected.
The latest to make headlines has been the leak of Covid vaccination data, which the ministry of health and family welfare has tried to downplay. It has directed the Indian Computer Emergency Response Team (CERT-In), the cyber security arm of the central government, to probe how data of people registered on CoWIN was freely available on the Telegram app.
The breach of data is not just confined to personal information. In August 2022, the government told parliament that Indian banks (both public and private) reported the most data breaches between June 2018 and March 2022 in attacks that stole business and personal information leading to frauds of Rs 6,861 crore in the first quarter of FY 2022-23. This shows that India urgently needs an improved and strong data protection law that can ensure more privacy.
What did the survey ask?
The survey first sought to know if personal details are in the public domain and what kind of data has been compromised. Seven in 10 citizens surveyed believe one or more of their personal data elements are already in the public domain or in databases that have been compromised. At least 72 percent of respondents indicated that “personal details were leaked or are in public domain”, while only 9 percent said they do not feel that their personal details have been leaked or are in the public domain.
Among those who shared that their personal information has been leaked, the largest group of 72 percent said it was their mobile phone number; 63 percent indicated it was email address; 53 percent indicated Aadhaar number; 50 percent said PAN number; 25 percent indicated voter ID number; 22 percent indicated credit/debit card number; 9 percent stated salary; and 19 percent mentioned others.
Most citizens said various arms of the government, telcos and banks are responsible for the leak of their personal data, the survey stated. At least 81 percent blamed state or local government offices, databases, staff (RTO, municipality, hospitals, PDS, property registration office among others); 75 percent telecom service providers; 69 percent banks and financial service providers; 56 percent central government offices, databases, staff (EPF, passport, CoWIN, Aarogya Setu, Aadhaar, Income Tax, vehicle ownership, voter ID among others); 44 percent eCommerce apps or websites; 31 percent payment apps or websites; 25 percent education institutes or apps; and 25 percent other businesses or entities.
What were the results?
The survey indicates a worrying scenario where citizens believe that their personal data is being compromised. Such data leaks make people vulnerable to identity theft and financial fraud, which have significantly increased in the last five years.
Another key aspect that the survey brings to light is that a majority of the people hold the government (both central and state), banks, telcos and other private organisations responsible for data breach.
The central government’s promised legislation to replace the draft Personal Data Protection (PDP) Bill, 2019, which was withdrawn from parliament in August 2022, is creating more ripples than a sense of security. The draft Digital Personal Data Protection Bill is likely to be placed in parliament with no changes despite a dissent note by a member of the standing committee on communications and information technology.
What is upsetting the opposition and activists is that the draft bill expands the scope of information that can be denied on grounds of privacy but is vital in public interest. This denial can range from trying to find out the true beneficiaries of a government-supported scheme like PDS or healthcare, children benefiting through a scholarship scheme or even information about big loan defaulters.
Comments
0 comment