We are required to fill our personal information almost everywhere, whether it is our office, educational institute, hospital, online shopping etc. We leave a trail of personal data on computer systems all over. If this data gets into the wrong hands, then it can be possibly terrible and destructive for us.In the recent time we have witnessed a rising concern regarding data privacy amongst people. Most of us don’t know much about data privacy or even if we do, we don’t know how to protect our data.
This article is all about data privacy and what could be the repercussions if we don’t prioritize protecting our data. Data privacy is the necessity to preserve and protect any personal information, collected by any organization, from being accessed by a third party. Moreover it helps an individual or an organization determine what data within a system can be shared with others and what could be restricted.
There different types of data or sensitive data which can be used maliciously. For eg:
1. Online privacy: This includes all personal data that is given out during online interactions. If someone could access your personal data(Name, Phone No, Email-Id etc.) which you have given out during online interactions then that data can be used to do a Phishing attack on you.
2. Financial privacy: Any information related to your finances, shared online, can be utilized to commit fraud. If you have stored your bank or card details on browser or entered your card or bank details on some malicious website then it can cost you your savings.
3. Geographical privacy: Sharing of address online can be a potential risk and needs protection from unauthorized access. Though nothing much can happen by just an address but your address could be used as a gateway to steal your identity.
4. Political privacy: In the recent times, it has become a major concern that political preferences should be privileged information. Like Facebook-Cambridge Analytica data scandal in which Facebook user’s personal data was harvested (without consent) by Cambridge Analytica to be predominantly used for political advertising.
5. Biometric privacy: Biometrics are a way to measure a person’s physical characteristics to verify their identity. These can include physiological traits, such as fingerprints and eyes. Later in the article we will get to know how Airtel used our biometric to commit fraud.
What form of data is commonly hacked?
- Personally Identifiable Information (42.9%)
- Personal Financial Information (32.9%)
- Personal Health Information (11%)
- Other Information (1.6%)
What caused these data breaches? The top nine causes of data breaches in 2016 are listed below-
- Theft of data (36.2%)
- Improper use of data (19.3%)
- Unclassified or other causes (19.2%)
- Phishing, Spoofing or Social Engineering (15.8%)
- Accidental data loss (3.2%)
- Loss or theft of device (3.1%)
- IT errors leading to data loss (1.6%)
- Network disruption or DDoS (1.6%)
- Extortion, Blackmail or Disruption (0.2%)
Indian companies in the IT and BPO sectors handle and have access to all kinds of sensitive and personal data of individuals across the world, including their credit card details, financial information and even their medical history. These companies store confidential data and information in electronic form and this could be vulnerable in the hands of their employees. There have been instances of security breaches and data leakages in high profile Indian companies. The recent incidents of data thefts in the BPO industry have raised concerns about data privacy. For ex : In 2016, 3 Wipro BPO employees were arrested for data theft.
Data Protection Law in India
Since 2010, there has been an increasing recognition by both the government and the public that India needs privacy legislation, specifically one that addresses the collection, processing, and use of personal data. The push for adequate data protection standards in India has come both from industry and industrial bodies like DSCI — who regard strong data protection standards as an integral part of business, and from the public, who has voiced increasing concerns that governmental projects, such as the UID, involved with collecting, processing, and using personal data are presently not adequately regulated and are collecting and processing data in such a way that abuses individual privacy.
India’s most comprehensive data protection standards are found in the ITA and are known as the Information Technology Act. The ITA contains a number of provisions that can, in some cases, safeguard online privacy. Provisions that clearly protect user privacy include: penalizing child pornography, penalizing hacking and fraud and defining data protection standards for body corporate.
There is no express legislation in India dealing with data protection. Although, the Personal Data Protection Bill has been introduced in Lok Sabha by the Minister of Electronics and Information Technology, Mr. Ravi Shankar Prasad, on December 11, 2019. The Bill seeks to provide for protection of personal data of individuals. The Bill presently has been referred to a joint parliamentary committee for approval. It is speculated that the 2019 Bill will be given the shape of a legislation in the near future and we will very soon have the (Indian) Personal Data Protection Act, in force. Also this bill was criticized by Justice B. N. Srikrishna (the drafter of the original PDP Bill). According to him, this bill is having the ability to turn India into an “Orwellian State”.
Data Protection Law in some other Countries
- European Union : In May 2018, the General Data Protection Regulation (GDPR) became applicable. The regulations set data protection standards for any company that handles EU resident’s personal information.
- South Africa : In December 2018 the long-anticipated Protection of Personal Information Act (POP) was officially published, although has yet to take effect. The law largely mirrors the GDPR, setting conditions for how companies should process personal information.
- US [California] : The state of California passed a new law set to go into effect in January 2020 that grants California the right to be informed, at the time of personal information collection, what information is being collected and the purpose for which that information will be used.
Data breach incidents in India have been higher compared to the global average, according to a survey conducted by defence grade technology maker Thales, “Around 52 per cent of Indian respondents reported a data breach last year, way above the global average of around 36 per cent. A full three quarters (75 per cent) of respondents in India reported data breach at some time in the past, compared with just 67 per cent globally,” James Cook, sales director South Asia, Thales eSecurity.
Some of the biggest data leaks, scams related to data and cyber-attacks in India :
1. UIDAI (Aadhaar Card) [“Aadhaar being abused by banks, telcos, and transport not to police entitlements, but as a proxy for identity-an improper gate to service”: India’s Ex-RAW chief]
- 1.1 Aadhaar whistleblower who first called UIDAI —[ “The journalists exposing the Aadhaar breach deserve an award, not an investigation. If the government were truly concerned for justice, they would be reforming the policies that destroyed the privacy of a billion Indians. Want to arrest those responsible? They are called UIDAI” : Edward Snowden]
- 1.2 How Airtel Pulled Off Its Rs 190 Crore Magic Trick
- 1.3 How CIA Spies Access India’s Biometric Aadhaar Database
- 1.4 Aadhaar data a Google search away
9. Personal information of covid patients were put on the Google maps and government websites, after Robert Baptise reported the government, those information were taken down, also Google Maps automatically takes down the page which reveals the personal data of Covid patients.
These are some of the data leaks and cyber-attacks that have happened in India.
Privacy has been made into a joke when 10 government agencies were given the right to carry out “interception, monitoring and decryption of any information generated, transmitted, received or stored in any computer”. Giving the government agencies such extreme level of power is unheard of.
Luckily there are still ways in which people who are concerned about their privacy and want to protect their online identity from these government agencies and the private firms. To keep your online and offline information secret you will have to make a few changes to the way you use internet. Now let us look into those ways through which we can protect ourselves from the prying eyes of intelligence agencies and private firms.
- Email Services : Generally these days people use Gmail or Yahoo Mail, but the problem with these services is that they have been proven to be unreliable in the past and have co-operated with the government agencies whenever they have been asked to give the data about the users. Instead of using these services I recommend you to use ProtonMail. It’s a secure Email based in Switzerland which supports end to end encryption. Even if you are on Microsoft outlook you can enable the option of End to End encryption.
- Instant Messaging : For instant messaging you can use “Signal”. It offers you all the services like WhatsApp and also it offers you high security as the messages that you send have end-to-end encryption. Though WhatsApp also offers end-to-end encryption but it also store your chats in Google Drive and if Google agrees to share information with the officials all your chats will be leaked.
- Browsers : I recommend you to choose Firefox / TOR browser. Don’t use chromium based browser like Google Chrome as they are less secure than Firefox or TOR. Google is one of the companies from which you want to stay away, if you respect your privacy.The best thing about Firefox is that you can configure it to be extremely more secure with the help of add-ons.
- File Sharing : The best place to share is SecureDrop, it is used by most of the journalists and news firms to share files securely and if you want to carry out this process anonymously then use OnionShare.
- Virtual Private Networks (VPN) : Use VPNs to keep your communication secure between two points. By using this, malicious hackers can’t carry out a man-in-the-middle attack and gain access to your data. You can use Nord VPN.
- Hard Disk Encryption : You can use BitLocker for windows and MacOS has inbuilt feature to encrypt the files and folders using Disk Utility. Moreover there are few Linux OS like Pop!_OS which offer Hard Disk Encryption option at the time of installation.
To get more recommendations on how you can protect your privacy you can visit PRISM-break website.It’s high time for us to keep security in the center and then build our lives around it, we do have to give up a little bit of ease of usage but at the same time there is a lot at risk if we do not priorities our privacy.Try to use open source software as much as you can.
The views and opinions expressed by the writer are personal and do not necessarily reflect the official position of VOM.
This post was created with our nice and easy submission form. Create your post!