SlideShare a Scribd company logo

Data privacy Legislation in India

Download as PPTX, PDF
L
LATHA H C

Data protection law in India is currently facing many problem and resentments due the absence of proper legislative framework. There is an ongoing explosion of cyber crimes on a global scale. The theft and sale of stolen data is happening across vast continents where physical boundaries pose no restriction or seem non-existent in this technological era. India being the largest host of outsourced data processing in the world could become the epicentre of cyber crimes this is mainly due absence of the appropriate legislation

Education
1 of 30
Privacy Legislation - India Latha H C Senior Research Officer, Telecom Regulatory Authority of India Regional Office, Bangalore, Karnataka, India
Data is collected by various businesses and agencies as a by-product of the user’s interactions with them. This data is then retained by the business, and used to its advantage. People are increasingly making their personal information available publically. Today there is an unprecedented amount of personal data available with Government and Private Sector Players. Personal Data
• Publically available personal information pose a greater risk for Indians because majority of population is illiterate and there is no law mandating data protection. • Individuals are repeatedly transmitting their personal information for various activities. • In the present era most of the crimes are being done by the professionals through the easiest medium i.e. computers and electronic gadgets. Just by the single click, the criminals are able to get the secured information. The lust of information is acting as a catalyst in the growth of cyber crimes. Risk Factors
PwC’s survey (May 2017)- Indian organisations have detected a sharp increase in instances of crime from an average of 2,895 incidents a year to 6,284 incidents in 2015–16, According to PwC’s survey, Indian organisations have detected a sharp increase in instances of crime from an average
While people are getting comfortable with mobile wallets and banking through apps and smartphones, Wi-Fi networks continue to have major security flaws that can make it very dangerous to conduct transactions using mobile devices. Following are the major types of risks that you should be aware of: • Malware • Phishing • Public Networks • Ransomware No prescribed security standards under Indian e-wallet laws puts Indians financial data at risk Risk Factors
Privacy concerns exist wherever personally identifiable information or other sensitive information is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Data privacy issues may arise in response to information from a wide range of sources, such as: Healthcare records Criminal justice investigations and proceedings Financial institutions and transactions Biological traits, such as genetic material Residence and geographic records Privacy breach Location-based service and geolocation Web surfing behavior or user preferences using persistent cookies .
Why Indians are a softer target of Cyber Crimes and Identity Theft  The lack of awareness about cybercrimes  Lack of tools and guidance  Inadequate cyber crime laws
What are the data protection laws in India?
Future frameworks for privacy in India The report creates a set of recommendations for a privacy framework and legislation in India. Most importantly, the Report recognizes privacy as a fundamental right and defines nine National Privacy Principles that would apply to all data controllers both in the private sector and the public sector. In October 2012, a Group of Experts headed by (Retd.) Justice A. P.Shah, Former Chief Justice, Delhi High Court submitted a report to the Planning Commission on the subject of data privacy.
Nine national privacy principles Principle 1: Notice A data controller shall give simple to understand notice of its information practices to all individuals, in clear and concise language, before any personal information is collected from them. Example : A telecom operator must make available to individuals a privacy policy before any personal information is collected by the company.
Nine national privacy principles Principle 2: Choice and Consent A data controller shall give individuals choices (opt-in/opt-out) with regard to providing their personal information, and take individual consent only after providing notice of its information practices. Example : If an individual is signing up to a service, a company can only begin collecting, processing, using and disclosing their data after consent has been taken.
Nine national privacy principles Principle 3: Collection Limitation A data controller shall only collect personal information from data subjects as is necessary for the purposes identified for such collection, regarding which notice has been provided and consent of the individual taken. Such collection shall be through lawful and fair means. Example : If a bank is collecting information to open an account for a potential customer, they must collect only that information which is absolutely necessary for the purpose of opening the account, after they have taken the consent of the individual.
Nine national privacy principles Principle 4: Purpose Limitation Personal data collected and processed by data controllers should be adequate and relevant to the purposes for which they are processed. Example : If a bank is collecting information from a customer for opening a bank account, the bank can only use that information for the purpose of opening the account and any other reasons consented to..
Nine national privacy principles Principle 5: Access and Correction Individuals shall have access to personal information about them held by a data controller; shall be able to seek correction, amendments, or deletion such information where it is inaccurate; be able to confirm that a data controller holds or is processing information about them; be able to obtain from the data controller a copy of the personal data. Example : An individual who has opened a bank account, has the right to access the information that was initially provided and subsequently generated.
Nine national privacy principles Principle 6: Disclosure of Information A data controller shall only disclose personal information to third parties after providing notice and seeking informed consent from the individual for such disclosure. Example : If a website, like a social media site, collects information about how a consumer uses its website, this information cannot be sold or shared with other websites or partners, unless notice of such sharing has been given to the individual and consent has been taken from the individual.
Nine national privacy principles Principle 7: Security A data controller shall secure personal information that they have either collected or have in their custody, by reasonable security safeguards against loss, unauthorised access, destruction, use, processing, storage, modification, deanonymization, Example : If a company is a telecommunication company, it must have security measures in place to protect customers communications data from loss, unauthorized access, destruction, use, processing, storage, modification, denanonmyization, unauthorized disclosure, or other forseeable risk.
Nine national privacy principles Principle 8: Openness A data controller shall take all necessary steps to implement practices, procedures, policies and systems in a manner proportional to the scale, scope, and sensitivity to the data they collect, in order to ensure compliance with the privacy principles, information regarding which shall be made in an intelligible form, using clear and plain language, available to all individuals. Example : If a hospital is collecting and processing personal information of, for example, 1,000 patients, their policies and practices must reflect and be applicable to the amount, sensitivity, and nature of information that they are collecting.
Nine national privacy principles Principle 9: Accountability The data controller shall be accountable for complying with measures which give effect to the privacy principles. Example : To ensure that a hospital is in compliance with the national privacy principles, it must undertake activities like running trainings and providing educational information to employees on how to handle patient related information, conducting audits, and establishing an officer or body for overseeing the implementation of privacy.
CONCLUSION Clearly, privacy is an emerging and increasingly important field in India. As companies collect greater amounts of information from and about online users, and as the government continues to seek greater access and surveillance capabilities, it is critical that India prioritizes privacy and puts in place strong safeguards to protect the privacy of both Indians and foreigners whose data resides temporarily or permanently in India. The first step towards this is the enactment of a comprehensive privacy legislation recognizing privacy as a fundamental right.
The rapid evolution of telecommunications services in India has aided the overall economic and social development of the country. Privacy in Telecom Sector
TTRAI Regulations and Directions The Telecom Regulatory Authority of India was established by statute in 1997 to safeguard interests of consumers while simultaneously nurturing conditions for growth of telecommunications in the country. The Authority has issued several regulations on various subjects which are binding on TSPs. The following regulations touch on the subject of privacy: 1. Unsolicited Commercial Communications Regulation: In 2007, the Authority introduced the Telecom Unsolicited Commercial Communications Regulations which were aimed at creating a mechanism for registering requests of subscribers who did not wish to receive unsolicited commercial communications. 2. Privacy and Confidentiality Direction : In February 2010, the TRAI issued a direction seeking to implement the privacy and confidentiality related clauses in the service providers’ licenses (see previous sections). Accordingly by this direction, the TRAI ordered all service providers to “put in place an appropriate mechanisms, so as to prevent the breach of confidentiality on information belonging to the subscribers and privacy of communication”
Telecommunication Policies in India The current telecom policy of India is lacking adequate privacy laws and no effective mechanism through which telecom disputes of consumers can be effectively handled in India. Essential and private details of telecom consumers were openly available for sale in the markets and companies purchase this information and used the same without any fear of punishment as there were no deterrent rules or regulations in this regard. Constitutionally valid phone tapping law is not there in India
Communications revolution has led to the exposure of individuals to risks 1. During the normal course of their business, telecom companies heap up vast volumes of personal data including copies of identity documents, biographical information etc., which could potentially be misused; 2. The fact that a vast amount of communication now occurs with the involvement of electronic media, has rendered more susceptible to invasive electronic surveillance - whether lawful or not; 3. Much of the communications is now stored in digital form for unknown periods in corporate data centres; 4. Owning a mobile phone not only enables us to communicate with our business partners and loved ones, but also forces us to engage with a continual stream of „noise‟ – telemarketing calls and SMSs, prank/hoax calls, calls troubling us for the payment of bills and offensive/threatening calls. 5. subscriber signs the contract without even looking at the contract or its terms and conditions. 6. Consumer related transactions often occur between parties who have no pre- existing relationship, which may raise concerns of the person‟s identity with respect to issues of the person‟s capacity, authority and legitimacy to enter the contract. 7. The aforesaid points regarding the acceptance, timing and not reading the terms creates a loophole in an effort to protect the consumer privacy.
Communications revolution has led to the exposure of individuals to risks 8. The huge list of terms and conditions discourages the consumer to search for the privacy clause and thus leave himself vulnerable at the hands of the company. 9. Companies that keep sensitive information on their servers must ensure that they have adequate security measures to safeguard their servers from any unauthorised intrusion. A company could face security threats externally as well as internally. 10. Externally, the company could face problems from hackers, viruses and Trojan horses. Internally, the company must ensure security against its technical staff and employees. 11. Security can be maintained by using various security tools such as encryption, firewalls, access codes/passwords, virus scans and biometrics. 12. With the advancements in Internet, security breaches have become a daily scenario. TSPs need to protect their websites and servers for loss of private data since a company can also be held liable for inadequate security procedures on its servers
Spam calls: India has topped the list of most affected countries by spam calls in 2017 so far, according to data gathered by Truecaller. Highlights • India accounted for 22.6% of total spam calls received so far this year, followed by the U.S and Brazil (20.7%), Chile (17.4%), and South Africa (15%). • Free calls and data are major reasons in India • 3% of total spam calls in India are fraud The reasons why India is the most affected country by spam calls are operators and financial services, most of whom often promise free data and unlimited voice calls. India accounted for 22.6% of total spam calls
TRAI Initiatives To identify the key issues pertaining to data protection in relation to the delivery of digital services, TRAI has released Consultation Paper on Privacy, Secuirity and ownership of dfata in Aug 2017 and sought comments from stake holders on below mentioned issues, 1. Data protection requirements to protect the interests of telecom subscribers in addition to existing guidelines. 2. New capabilities that must be granted to consumers over the use of their Personal data? 3. Rights and Responsibilities of the Data Controllers. 4. Mechanism for regulating and governing the Data Controllers. 5. Technology enabled architecture to audit the use of personal data, and associated consent 6. Setup of a data sandbox 7. Measures to strengthen and preserve the safety and security of telecommunications infrastructure and the digital ecosystem 8. Key issues of data protection pertaining to the collection and use of data by various other stakeholders. 9. Measures to address the potential issues arising from cross
Recent Developments 25th Aug 2017 A nine judge constitutional bench of the Supreme Court of India has held the right to privacy is a fundamental right under the Constitution of India. The court has held the right to privacy is part of the right to life and is on similar terms with the right to human dignity. The judgments have by and large held the view the right to privacy is also part of the “freedom rights” under Article 19 (right to speech, movement, etc) or under all of the fundamental rights enumerated in Part III of the Constitution 3rd Sep. 2017 The Supreme Court has held that seeking information about individual bank employees which were personal in nature and devoid of any public interest, was exempted under the Right to Information (RTI) Act.
Resources 1. https://scholarshantanu.wordpress.com/2017/06/14/cyber-crime/ 2. https://cis-india.org/telecom/knowledge-repository-on-internet- access/internet-privacy-in-india 3. http://vrzone.com/articles/india-now-462-million-internet- users/121178.html 4. www.creditsudhaar.com/cs-identity-shield 5. https://www.techook.com/news/free-calls-and-unlimited-data-make-india- the-most-spammed-country-in-the-world-truecaller/ 6. http://indianexpress.com/article/india/what-is-india-data-privacy-laws- 4811291/ 7. http://www.financialexpress.com/india-news/seeking-bank-employees- personal-info-exempted-under-rti-supreme-court/838813/
Thank You

Recommended

An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
An Indian Outline on Database Protection
An Indian Outline on Database ProtectionAn Indian Outline on Database Protection
An Indian Outline on Database ProtectionSinghania2015
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill Mathew Chacko
 

Recommended

An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
An Indian Outline on Database Protection
An Indian Outline on Database ProtectionAn Indian Outline on Database Protection
An Indian Outline on Database ProtectionSinghania2015
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill Mathew Chacko
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About PrivacyNow Dentons
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesGiannisBasa
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowEamonnORagh
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020Christo W. Meyer
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Research on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsResearch on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsYogeshIJTSRD
 
1307 Privacy Act
1307 Privacy Act1307 Privacy Act
1307 Privacy ActZowie Murray
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
security issue in e-commerce
security issue in e-commercesecurity issue in e-commerce
security issue in e-commercePalavesa Krishnan
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in MalaysiaMSC Malaysia Cybercentre @ Bangsar South City
 
How to Protect Your Data
How to Protect Your DataHow to Protect Your Data
How to Protect Your DataNeopost Mailing Solutions, Digital Communications and Shipping Services
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_toAnne ndolo
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Andrew Sharpe
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal datamohd kamal
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Andrea Omicini
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)ProductNation/iSPIRT
 

More Related Content

What's hot

Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About PrivacyNow Dentons
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesGiannisBasa
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowEamonnORagh
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020Christo W. Meyer
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Research on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsResearch on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsYogeshIJTSRD
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
security issue in e-commerce
security issue in e-commercesecurity issue in e-commerce
security issue in e-commercePalavesa Krishnan
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_toAnne ndolo
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Andrew Sharpe
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal datamohd kamal
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Andrea Omicini
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 

What's hot (20)

Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization Issues
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To Know
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Research on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsResearch on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform Operators
 
1307 Privacy Act
1307 Privacy Act1307 Privacy Act
1307 Privacy Act
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
 
security issue in e-commerce
security issue in e-commercesecurity issue in e-commerce
security issue in e-commerce
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
How to Protect Your Data
How to Protect Your DataHow to Protect Your Data
How to Protect Your Data
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_to
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal data
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 

Similar to Data privacy Legislation in India

Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)ProductNation/iSPIRT
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxJaeKim165097
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalDr. Donald Macfarlane
 
iSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for IndiaiSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for IndiaProductNation/iSPIRT
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyDMI
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
IT Governance: Privacy and Intellectual Property
IT Governance: Privacy and Intellectual PropertyIT Governance: Privacy and Intellectual Property
IT Governance: Privacy and Intellectual PropertyCharles Mok
 
Data Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data SubjectData Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data SubjectJohn Macasio
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014UsmanMAmeer
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
chapter 6 Ethics and Professionalism of ET.pptx
chapter 6 Ethics and Professionalism of ET.pptxchapter 6 Ethics and Professionalism of ET.pptx
chapter 6 Ethics and Professionalism of ET.pptxAmanuelZewdie4
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 

Similar to Data privacy Legislation in India (20)

Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptx
 
Final projet
Final projetFinal projet
Final projet
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
 
iSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for IndiaiSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for India
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacy
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
 
IT Governance: Privacy and Intellectual Property
IT Governance: Privacy and Intellectual PropertyIT Governance: Privacy and Intellectual Property
IT Governance: Privacy and Intellectual Property
 
Data Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data SubjectData Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data Subject
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
chapter 6 Ethics and Professionalism of ET.pptx
chapter 6 Ethics and Professionalism of ET.pptxchapter 6 Ethics and Professionalism of ET.pptx
chapter 6 Ethics and Professionalism of ET.pptx
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 

Recently uploaded

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 

Recently uploaded (20)

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 

Data privacy Legislation in India

  • 1. Privacy Legislation - India Latha H C Senior Research Officer, Telecom Regulatory Authority of India Regional Office, Bangalore, Karnataka, India
  • 2. Data is collected by various businesses and agencies as a by-product of the user’s interactions with them. This data is then retained by the business, and used to its advantage. People are increasingly making their personal information available publically. Today there is an unprecedented amount of personal data available with Government and Private Sector Players. Personal Data
  • 3. • Publically available personal information pose a greater risk for Indians because majority of population is illiterate and there is no law mandating data protection. • Individuals are repeatedly transmitting their personal information for various activities. • In the present era most of the crimes are being done by the professionals through the easiest medium i.e. computers and electronic gadgets. Just by the single click, the criminals are able to get the secured information. The lust of information is acting as a catalyst in the growth of cyber crimes. Risk Factors
  • 4. PwC’s survey (May 2017)- Indian organisations have detected a sharp increase in instances of crime from an average of 2,895 incidents a year to 6,284 incidents in 2015–16, According to PwC’s survey, Indian organisations have detected a sharp increase in instances of crime from an average
  • 5. While people are getting comfortable with mobile wallets and banking through apps and smartphones, Wi-Fi networks continue to have major security flaws that can make it very dangerous to conduct transactions using mobile devices. Following are the major types of risks that you should be aware of: • Malware • Phishing • Public Networks • Ransomware No prescribed security standards under Indian e-wallet laws puts Indians financial data at risk Risk Factors
  • 6. Privacy concerns exist wherever personally identifiable information or other sensitive information is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Data privacy issues may arise in response to information from a wide range of sources, such as: Healthcare records Criminal justice investigations and proceedings Financial institutions and transactions Biological traits, such as genetic material Residence and geographic records Privacy breach Location-based service and geolocation Web surfing behavior or user preferences using persistent cookies .
  • 7. Why Indians are a softer target of Cyber Crimes and Identity Theft  The lack of awareness about cybercrimes  Lack of tools and guidance  Inadequate cyber crime laws
  • 8.
  • 9. What are the data protection laws in India?
  • 10. Future frameworks for privacy in India The report creates a set of recommendations for a privacy framework and legislation in India. Most importantly, the Report recognizes privacy as a fundamental right and defines nine National Privacy Principles that would apply to all data controllers both in the private sector and the public sector. In October 2012, a Group of Experts headed by (Retd.) Justice A. P.Shah, Former Chief Justice, Delhi High Court submitted a report to the Planning Commission on the subject of data privacy.
  • 11. Nine national privacy principles Principle 1: Notice A data controller shall give simple to understand notice of its information practices to all individuals, in clear and concise language, before any personal information is collected from them. Example : A telecom operator must make available to individuals a privacy policy before any personal information is collected by the company.
  • 12. Nine national privacy principles Principle 2: Choice and Consent A data controller shall give individuals choices (opt-in/opt-out) with regard to providing their personal information, and take individual consent only after providing notice of its information practices. Example : If an individual is signing up to a service, a company can only begin collecting, processing, using and disclosing their data after consent has been taken.
  • 13. Nine national privacy principles Principle 3: Collection Limitation A data controller shall only collect personal information from data subjects as is necessary for the purposes identified for such collection, regarding which notice has been provided and consent of the individual taken. Such collection shall be through lawful and fair means. Example : If a bank is collecting information to open an account for a potential customer, they must collect only that information which is absolutely necessary for the purpose of opening the account, after they have taken the consent of the individual.
  • 14. Nine national privacy principles Principle 4: Purpose Limitation Personal data collected and processed by data controllers should be adequate and relevant to the purposes for which they are processed. Example : If a bank is collecting information from a customer for opening a bank account, the bank can only use that information for the purpose of opening the account and any other reasons consented to..
  • 15. Nine national privacy principles Principle 5: Access and Correction Individuals shall have access to personal information about them held by a data controller; shall be able to seek correction, amendments, or deletion such information where it is inaccurate; be able to confirm that a data controller holds or is processing information about them; be able to obtain from the data controller a copy of the personal data. Example : An individual who has opened a bank account, has the right to access the information that was initially provided and subsequently generated.
  • 16. Nine national privacy principles Principle 6: Disclosure of Information A data controller shall only disclose personal information to third parties after providing notice and seeking informed consent from the individual for such disclosure. Example : If a website, like a social media site, collects information about how a consumer uses its website, this information cannot be sold or shared with other websites or partners, unless notice of such sharing has been given to the individual and consent has been taken from the individual.
  • 17. Nine national privacy principles Principle 7: Security A data controller shall secure personal information that they have either collected or have in their custody, by reasonable security safeguards against loss, unauthorised access, destruction, use, processing, storage, modification, deanonymization, Example : If a company is a telecommunication company, it must have security measures in place to protect customers communications data from loss, unauthorized access, destruction, use, processing, storage, modification, denanonmyization, unauthorized disclosure, or other forseeable risk.
  • 18. Nine national privacy principles Principle 8: Openness A data controller shall take all necessary steps to implement practices, procedures, policies and systems in a manner proportional to the scale, scope, and sensitivity to the data they collect, in order to ensure compliance with the privacy principles, information regarding which shall be made in an intelligible form, using clear and plain language, available to all individuals. Example : If a hospital is collecting and processing personal information of, for example, 1,000 patients, their policies and practices must reflect and be applicable to the amount, sensitivity, and nature of information that they are collecting.
  • 19. Nine national privacy principles Principle 9: Accountability The data controller shall be accountable for complying with measures which give effect to the privacy principles. Example : To ensure that a hospital is in compliance with the national privacy principles, it must undertake activities like running trainings and providing educational information to employees on how to handle patient related information, conducting audits, and establishing an officer or body for overseeing the implementation of privacy.
  • 20. CONCLUSION Clearly, privacy is an emerging and increasingly important field in India. As companies collect greater amounts of information from and about online users, and as the government continues to seek greater access and surveillance capabilities, it is critical that India prioritizes privacy and puts in place strong safeguards to protect the privacy of both Indians and foreigners whose data resides temporarily or permanently in India. The first step towards this is the enactment of a comprehensive privacy legislation recognizing privacy as a fundamental right.
  • 21. The rapid evolution of telecommunications services in India has aided the overall economic and social development of the country. Privacy in Telecom Sector
  • 22. TTRAI Regulations and Directions The Telecom Regulatory Authority of India was established by statute in 1997 to safeguard interests of consumers while simultaneously nurturing conditions for growth of telecommunications in the country. The Authority has issued several regulations on various subjects which are binding on TSPs. The following regulations touch on the subject of privacy: 1. Unsolicited Commercial Communications Regulation: In 2007, the Authority introduced the Telecom Unsolicited Commercial Communications Regulations which were aimed at creating a mechanism for registering requests of subscribers who did not wish to receive unsolicited commercial communications. 2. Privacy and Confidentiality Direction : In February 2010, the TRAI issued a direction seeking to implement the privacy and confidentiality related clauses in the service providers’ licenses (see previous sections). Accordingly by this direction, the TRAI ordered all service providers to “put in place an appropriate mechanisms, so as to prevent the breach of confidentiality on information belonging to the subscribers and privacy of communication”
  • 23. Telecommunication Policies in India The current telecom policy of India is lacking adequate privacy laws and no effective mechanism through which telecom disputes of consumers can be effectively handled in India. Essential and private details of telecom consumers were openly available for sale in the markets and companies purchase this information and used the same without any fear of punishment as there were no deterrent rules or regulations in this regard. Constitutionally valid phone tapping law is not there in India
  • 24. Communications revolution has led to the exposure of individuals to risks 1. During the normal course of their business, telecom companies heap up vast volumes of personal data including copies of identity documents, biographical information etc., which could potentially be misused; 2. The fact that a vast amount of communication now occurs with the involvement of electronic media, has rendered more susceptible to invasive electronic surveillance - whether lawful or not; 3. Much of the communications is now stored in digital form for unknown periods in corporate data centres; 4. Owning a mobile phone not only enables us to communicate with our business partners and loved ones, but also forces us to engage with a continual stream of „noise‟ – telemarketing calls and SMSs, prank/hoax calls, calls troubling us for the payment of bills and offensive/threatening calls. 5. subscriber signs the contract without even looking at the contract or its terms and conditions. 6. Consumer related transactions often occur between parties who have no pre- existing relationship, which may raise concerns of the person‟s identity with respect to issues of the person‟s capacity, authority and legitimacy to enter the contract. 7. The aforesaid points regarding the acceptance, timing and not reading the terms creates a loophole in an effort to protect the consumer privacy.
  • 25. Communications revolution has led to the exposure of individuals to risks 8. The huge list of terms and conditions discourages the consumer to search for the privacy clause and thus leave himself vulnerable at the hands of the company. 9. Companies that keep sensitive information on their servers must ensure that they have adequate security measures to safeguard their servers from any unauthorised intrusion. A company could face security threats externally as well as internally. 10. Externally, the company could face problems from hackers, viruses and Trojan horses. Internally, the company must ensure security against its technical staff and employees. 11. Security can be maintained by using various security tools such as encryption, firewalls, access codes/passwords, virus scans and biometrics. 12. With the advancements in Internet, security breaches have become a daily scenario. TSPs need to protect their websites and servers for loss of private data since a company can also be held liable for inadequate security procedures on its servers
  • 26. Spam calls: India has topped the list of most affected countries by spam calls in 2017 so far, according to data gathered by Truecaller. Highlights • India accounted for 22.6% of total spam calls received so far this year, followed by the U.S and Brazil (20.7%), Chile (17.4%), and South Africa (15%). • Free calls and data are major reasons in India • 3% of total spam calls in India are fraud The reasons why India is the most affected country by spam calls are operators and financial services, most of whom often promise free data and unlimited voice calls. India accounted for 22.6% of total spam calls
  • 27. TRAI Initiatives To identify the key issues pertaining to data protection in relation to the delivery of digital services, TRAI has released Consultation Paper on Privacy, Secuirity and ownership of dfata in Aug 2017 and sought comments from stake holders on below mentioned issues, 1. Data protection requirements to protect the interests of telecom subscribers in addition to existing guidelines. 2. New capabilities that must be granted to consumers over the use of their Personal data? 3. Rights and Responsibilities of the Data Controllers. 4. Mechanism for regulating and governing the Data Controllers. 5. Technology enabled architecture to audit the use of personal data, and associated consent 6. Setup of a data sandbox 7. Measures to strengthen and preserve the safety and security of telecommunications infrastructure and the digital ecosystem 8. Key issues of data protection pertaining to the collection and use of data by various other stakeholders. 9. Measures to address the potential issues arising from cross
  • 28. Recent Developments 25th Aug 2017 A nine judge constitutional bench of the Supreme Court of India has held the right to privacy is a fundamental right under the Constitution of India. The court has held the right to privacy is part of the right to life and is on similar terms with the right to human dignity. The judgments have by and large held the view the right to privacy is also part of the “freedom rights” under Article 19 (right to speech, movement, etc) or under all of the fundamental rights enumerated in Part III of the Constitution 3rd Sep. 2017 The Supreme Court has held that seeking information about individual bank employees which were personal in nature and devoid of any public interest, was exempted under the Right to Information (RTI) Act.
  • 29. Resources 1. https://scholarshantanu.wordpress.com/2017/06/14/cyber-crime/ 2. https://cis-india.org/telecom/knowledge-repository-on-internet- access/internet-privacy-in-india 3. http://vrzone.com/articles/india-now-462-million-internet- users/121178.html 4. www.creditsudhaar.com/cs-identity-shield 5. https://www.techook.com/news/free-calls-and-unlimited-data-make-india- the-most-spammed-country-in-the-world-truecaller/ 6. http://indianexpress.com/article/india/what-is-india-data-privacy-laws- 4811291/ 7. http://www.financialexpress.com/india-news/seeking-bank-employees- personal-info-exempted-under-rti-supreme-court/838813/