Is your private personal data actually private?
06/02/2022
Article by
According to recent reports, personal data of 815 million Indian citizens was leaked containing Aadhar and passport details. The person leaking the details allegedly wishes to sell the details for a mere $80,000. This is not just a data breach. It is a fire sale of national security. Every citizen’s privacy, reduced to a cheap pawn in a cyber criminal’s game. We deserve much better. We deserve data security that values lives and does not see it as mere numbers. The personal data according to the latest Digital Personal Data Protection Act 2023, means any data of an individual who is identifiable by or in relation to that information. The Digital Personal Data Protection Act, 2023 imposing a hefty fine of 250 crores, acts as a warning beacon highlighting the immense cost of negligence. But is this enough? The true cost of data breach goes beyond the monetary value. It is the erosion of trust and the constant feeling of vulnerability. The vast amount of data that is shared on social media and online paints a worrying picture. Data in today’s time is next to gold. From our social media posts to health records to financial statements, we leave a large digital trail nowadays. The amount of volume and diversity of data generated is staggering. It becomes more imperative to ensure that the data is handled safely and in a secure manner. It is also very crucial to maintain a balance between the benefits arising out of using data and safeguarding the rights and freedoms of individual rights. Let’s delve into the reason why our private personal data is no longer private.
The rise of data breaches: A growing threat
According to Cybersecurity Report by Surfshark, India is the 10th most breached country globally in Q3 of 2023, with 369,000 leaked accounts being reported. It is the third most breached country in Asia after China and Malaysia. These breaches come at a price. Recently personal data of 81.5 crore Indians was detected by an American Cybersecurity agency on the dark web for sale. It included sensitive information including details of Aadhar. According to IBM Security report, the average cost of data breach in India in 2023 was Rs. 17.9 crore. This is an increase of 20% from 2020. [2]
The hidden costs of surveillance capitalism- Organizations may blur the lines between using personal data and invading the privacy of an individual. Social media has managed to blur the lines between public and private spaces. This has been used in the advantage of giant companies like Amazon, Facebook and Google in sending targeted advertising, personalize experience and predict our behavior, thus generating millions of dollars of profits.
The double-edged sword of social media- Social media is a powerful tool which has revolutionized the way people communicate, access information and even socialize now a days. Social media platforms, though popular, are often underestimated in terms of data security risks. The vast amount of data being shared on social media sites can be easily exploited by cybercriminals. Some common dangers of oversharing are identity theft, stalking, loss of privacy and damage to reputation. Social media sites provide a significant unprotected channel for data leaks. This makes it more imperative to hide personal data online as much as possible.
Beyond the app-store: Understanding the Third-party landscape- We often give consent for online services without even reading the terms and conditions. A lot of these talk about how our data would be shared with third parties and to what extent it would be used. Third parties can often misuse the data due to lax privacy policies and inadequate security measures.
Data at risk: When security measures fail- According to MIT’s CyberDefense Index (CDI) 2022/23, India has been ranked 17 out of 20 nations. It compares the world’s top 20 largest and most digital economies on their preparation, recovery and response to cybersecurity threats.Key factors leading to this low rank were lack of legal and regulatory framework, weak cybersecurity regulations and shortage of skilled cybersecurity professionals. In response to the pressing need for enhancing data protection, India in August this year introduced the Digital Personal Data Protection Act, 2023. Its core objective is to provide a comprehensive framework to protect personal data of individuals.
Privacy Settings are a maze – The privacy settings are sometimes not very user friendly. Navigating privacy settings can be very taxing. A lot of times the default settings are not the most secure. The huge sum of 345 million Euros on Tik Tok, the Irish DPC found that the sign-up process for teen users automatically made their profile public by default. This becomes more serious since underage children also use the platform and it becomes very important to have parental consent on such access. In the light of the above-mentioned challenges, it is crucial for an individual to safeguard their personal data and take proactive steps to protect their digital privacy. Some of the recommendations to protect their personal privacy are as follows:
Unique Passwords: Use strong and unique passwords for different accounts and enable two factor authentication wherever possible.
Phishing scams: Beware of phishing scams by not clicking on any random or suspicious link or attachment in emails or websites in general. This is particularly common as email spoofing i.e. attackers create deceptive emails that appear from the trusted source of an organization.
Limit third-party access: Ensure to read the terms and conditions on how data will be used by third parties and limit their access if no such information is provided. This becomes more important when dealing with sharing data with vendors, cloud service providers, remote access and third-party data storage. A company using their services must ensure end-to-end encryption to protect data in transit, and rest, have strong passwords, anonymized data and use string encryption algorithms. Limit app permission: Only give permission for data that is necessary for the functioning of the app. Also regularly review the permissions granted.
Regular data backups: Regularly back up data to mitigate the impact of potential data breaches or leakages. This would be helpful in cases like ransomware attack, hardware failure, accidental deletion, and data breaches.
Secure Wi-fi: Ensure that the wi-fi connection is secure. Public wi-fi can put one’s personal data in danger. Wi-fi Protected Access3 (WPA3) is an example of the latest secure encryption protocol for Wi-Fi networks.
Access control: Limit access to only those who need it. Although technology and the internet has brought the world closer, it has also made it equally possible to invade one’s privacy easily. With a click of a button, we can now know very personal details of a person living thousands of miles away. With the Indian government emphasizing on Digital India and improved digital infrastructure, it is equally important to ensure that the personal data is secure and safe. Aadhaar data leaks have been reported in 2018, 2019, 2020 and now again in 2023. This is a major cause of concern for the Indian government. UIDAI had also recommended masking Aadhaar that displays only 4 digits of Aadhaar number, ensuring privacy. This must surely be implemented seeing the regular data breach with Aadhaar. With the coming of DPDP Act 2023, there is some relief with fines as high as 250 crores. Now we must wait for the Rules to get a clearer picture on how the Act will be expected to be implemented by the organizations.
Sources: [1] https://indianexpress.com/article/technology/tech-news-technology/indias-data-breach-cases-fall-by-75-in-2023-surfshark-8616094/ [2] https://economictimes.indiatimes.com/tech/tech-bytes/average-cost-of-data-breach-in-india-touches-high-of-rs-17-9-crore-in-2023-ibm-study/articleshow/102103336.cms [3] https://cio.economictimes.indiatimes.com/news/digital-security/cybersecurity-how-does-india-perform-at-the-global-stage/99628852