Data Breach is one of the most sensitive attacks on people’s private data. To understand how law can prevent the black haters from hacking accounts, we need to first know the phenomenon that happens behind the infamous word called – “Data Breach”.
Though prima facie does not involve such an issue, with an in-depth understanding you will get an idea about the threatening menace of the data breach.
Air India Data Breach is an impeccable example of a data breach and its implications. About four million people’s data was attacked and their information was displaced. The original attack was done on SITA which is a service provider to Air India in Geneva, Switzerland. The massive data leak was not indicated to Air India, but it was a part of a larger plan. Therefore, not only Air India passenger’s data but also airlines including Lufthansa, British Airways, Finnair and many more were affected.
In this incident, each passenger who has boarded Air India from the year 2011 to the year 2021, has all their data has been breached. The details of the data including their name, date of birth, passport information, contact information and credit card details were also affected. However, there was no direct risk to their bank deposits because the CVV / CVC which is key to executing transactions was not affected because it was not stored in the first place. But it could have been otherwise.
These data which might seem immortal still can be misused in various ways. From physical actions to various incidental hacking, to unauthorized use, anything can occur once your data is breached. Therefore, Data privacy has become an important right in today’s generation.
Data privacy is a right to control and limit your data reach. Data privacy is a regulation through which one can monitor, trace and regulate your own data and are able to identify anybody who can access the data.
However, it’s a myth that data can be identified only through online means. Data can be breached at any level, be it on online privacy, residential information, medical privacy, financial privacy etc. In order to prevent such breaches, regulations can be imposed on matters related to data collection and data storage.
Through Data Protection laws we can prevent data breaches in several ways.
- Limitations and Specification on the amount of data that has been collected. If such laws are not applicable then people would collect and store any amount of data that will be later subject to breaches. If few data are mechanized to be stored for a limited period of time then there is less chance of it being breached or invaded by any outsider.
- Consent taking – The controller of the data should be able to demonstrate that the data subject (i.e, the person whose data is concerned) has given their consent for data collection. The request should be clearly written and distinguishable, also stating one risk that might occur for non-compliance.
- Data – Subject Rights – Data subjects are the people whose data is concerned here, and they possess rights such as the right to access, the right to object to processing, the right to ratification “without undue delay”, and transparency to accuracy-principle. It includes every other right which if not present amounts to affect the data subject immensely.
- Recordkeeping – The best example of such a process is in the new GDPR, where recordkeeping obligations are essential when data is processed through cross-border transfers.
In India, there is no legislative framework that protects data privacy. However, there is a bill pending called the D
Article 12 of the Indian Constitution, after the case of Justice K.S Puttaswamy Vs UoI (2017), 10 SCC, the advocate general of India made a statement that the right to privacy is a fundamental right under article 12. Section 43(A) of the Information Technology Act of 2000 also acts as a protector shown in Vinit Kumar vs CBI and Ors (2019). Therefore, these do currently act as a substitute for a full-fledged data protection law, thus we expect a stringent and concrete one in the near future.
By Zoya Hossain