There is a thin line between both data privacy and data security

Pradeepta Mishra, Co-Founder & Chief Architect- Data Safeguard Inc.     

“What is the different between data privacy and data security? While data security is about restricting unauthorised access to data - somebody who is not authorised to access a data should be prevented from accessing that data. But what is data privacy? Do you want your personal information to be made public by someone else or marketing or branding purpose, probably not? There are many data breaches happening globally, and we have seen data privacy laws coming up with the government of almost every country formulating policies and guidelines around it - like GDPR, CCPA. These laws are designed to protect privacy of personal information which is not supposed to be shared on public platforms. A recent incident of the leaking of Aadhaar data of 80 crore Indians on the dark web is a major cause of concern. So how can we protect the personal data? On 11th August, 2023, the Digital Personal Data Protection (DPDP) Act was passed and organizations have been given a period of 18 months to be compliant, failing which they will have to face a penalty. The penalty is fixed at Rs. 250 crores, irrespective of the revenue the organization is making. But the bigger question is how do Indian organizations become compliant to the DPDP Act. Many organizations are looking for consultants to guide them or mentor them of what they are supposed to do or how do they proceed to become compliant with this data privacy act. Globally we have cases where big organizations like Salesforce, Oracle, and Facebook have already paid a fine.”