Hyderabad: With privacy concerns over personal and sensitive data on the rise, the Ministry of Electronics and Information Technology is expediting the process of bringing in the Data Protection Bill.
A committee comprising experts on data protection, chaired by retired Supreme Court Justice BN Srikrishna, brought out a draft Personal Data Protection Bill (PDPB), on which consultations were conducted and the Bill will be tabled in Parliament soon.
The Bill seeks to bring in place a culture of privacy by design and to promote concepts such as consent framework, purpose and storage limitation, and data minimisation among various other privacy-oriented concepts. It also proposes penalties and compensation for violation of the provisions in the Bill, officials said.
Data Security Council of India, Cyber Security, Centre of Excellence, Chief Executive Officer (CEO) Sriram Birudavolu said personal information right from passwords and salary, SMSes, contact details, spending habits, lifestyle, Aadhaar info to residential address among others was valuable. However, these were being used for various purposes without the consent of the persons concerned.
“The information is shared or sold within the country and abroad and owing to this, there is more scope for fraud or manipulation. Once personal information falls in wrong hands, it means more danger,” he explained.
If the PDPB is enacted, companies or any individual cannot sell data without consent or else they would land in trouble. Those using the information should strictly explain the purpose for which the data was being used, Sriram added.
The Ministry took notice of reports about leakage of data by Facebook and Cambridge Analytica, and in responses to notices sent to them, Facebook conveyed that there had been unauthorised data leakage by Cambridge Analytica. However, since the reply given by Analytica was not convincing, the Central Bureau of Investigation (CBI) has been asked to investigate the matter with regard to possible misuse by the firm.
In addition, one incident related to breach of personal data of Indian users from a social media company was reported to the Indian Computer Emergency Response Team (CERT-In). As per information available, external actors exploited the vulnerability in the form of software bugs. This allowed unauthorised access to users’ accounts and information.
The CERT-In issued advisories to users regarding the best practices to be followed for the protection of account information while using social media.