How private is your private data?

By Ms. Kanwaljeet Kaur, Cyber fraud investigator, consultant and trainer, Committee Member of PHD Chamber of Commerce

In the world that we live in today, it has become the norm to share our date of birth on social platforms we post our holiday pictures , children cute videos and images on Instagram and tweet about our thoughts on various matters on twitter. Because this has become normality, we forget to sometimes sit back and think about exactly who can access this information. We normally post these stuff for our relatives and friends to see however, total strangers and cyber criminals are able to access personal data and are able to study your social media to gain insights and information about you which they can use to power criminal activity, such as fraud and phishing attacks.

According to a study by security researcher Atul Nair, 11 crore Indian farmers’ sensitive info was leaked via Aadhar misuse in 2022. As per another shocking report in 2018, some unidentified groups were found selling the Aadhaar data of over one billion people at just $7.88 (INR 500).

Latest report by IBM says that the average cost of data breach in India is Rs 17.6 crore in 2022. The number grew by 6.6 per cent since last year when the cost was Rs 16.5 crore.

Is our private data actually private

Source- https://www.riskbasedsecurity.com/quickviewreports/

Few shocking examples of DATA privacy breaches around the world

Facebook and Cambridge Analytica

018, news outlets revealed that the UK political consulting firm - Cambridge Analytica acquired and used personal data from Facebook users that was initially collected from a third party for academic research. In total, Cambridge Analytica misused the data of nearly 87 million Facebook users—many of whom had not given any explicit permission for the company to use or even access their information.

Google- Google was fined nearly $57 million in 2020 by the French data protection authority for failing to acknowledge how it used users’ personal data. Similar cases are pending against google in many countries now

Uber- God View” let Uber employees access and track the location and movements of Uber riders without their permission. Uber was fined

$20,000 by the Federal Trade Commission (FTC) for its “God View” tool in 2014.

What is data privacy?

As er definition; “Data privacy is the branch of data management that deals with handling personal data in compliance with data protection laws, regulations, and general privacy best practices.”

The example of personal data may include- your health history, banking information and your income tax related information.

Laws and regulations related to Data Privacy

Data privacy laws specify how data should be collected, stored, and shared with third parties. The most widely discussed data privacy laws include:

GDPR: The European Union’s General Data Protection Regulation (GDPR)is the most comprehensive data privacy law in effect. It applies to European Union citizens and all companies that do business with them, including countries not based in Europe. GDPR gives individuals the right to determine what data organizations store, request that organizations delete their data, and receive notifications of data breaches. Noncompliance may result in hefty fines and legal action.

Data Protection laws in india- India has no specific legislation on data protection. However, the Indian legislature did amend the Information Technology Act (2000) (“IT Act”) to include Section 43A and Section 72A, which give a right to compensation for improper disclosure of personal information. he proposed Personal Data Protection Bill (PDPB) seeks to bring about a comprehensive overhaul of India’s current data protection policies.

5 useful ways to protect data

While Indian regulators are working towards making stringent laws of data protection and cyber laws, its important that we follow few simple steps to protect our personal information ( as far as possible)

1. Don't Do Your Online Shopping and Banking with public wifi

When you use a shared computer or a business's WiFi connection, you don't know how secure the network really is. Avoid connecting to airport/ café wifi while doing secured transactions. Use your own device and secure network instead.

2. Update Your Software Regularly

Keep updating the phone and computer software’s including antivirus software. Cyber threats change frequently, and many updates address security issues.

3. Don't Give Out Personal Information on the Phone or Through Email or Text

Don't give out your info. If you think the request may be legitimate, separately look up the organization's phone number and follow up by phone.

4. Be Careful About Opening Email Attachments or Clicking Links

Either of these actions can infect your computer with malware.

5. Only log into sites that start with https://

If you’re about to log into any site, specially payment related sites like banking, make sure the address at the top of your web browser starts with https:// and not http://. You may also see a padlock symbol next to the site address.

The “S” stands for “secure,” and it means the site is encrypting your data.

There is no “completely secure” Internet, no one is ever completely secure online while you don't think you've been hacked, there's an increasingly likely chance some of your personal information has already been compromised by a data breach.