It is necessary that organizations give people the means to control how their personal data is to be used and inform them of who has access to the data.
Atlanta, United States; Bengaluru, Karnataka & Mumbai, Maharashtra, India: As an unfortunate flipside to the new data-fuelled World order, the growing digital interconnectivity has paved the way for greater vulnerability in the threat landscape. With an upward trend in the data-driven digital economy in India, the breach of sensitive data and critical personal information are a constant threat. According to the Indian Computer Emergency Response Team (CERT-In), the government agency responsible for tracking and responding to cybersecurity threats, over 3.13 Lakh cybersecurity incidents were reported in 2019 alone.
A survey conducted by the security firm Barracuda Networks, a California based leader in the field of data protection, revealed that about 66% Indian companies reported at least one data breach since the rapid shift to the work-from-home structure. Corporations need to take stock of this grim reality of the cyber security space and acknowledge that adequate and timely disclosure is the right move towards establishing customer trust and confidence in the long run. Data privacy principles adopted by firms need to be straightforward.
Beenu Arora, CEO of Cyble said, “Our own discoveries in 2020 more than confirm the alarming statistics by Barracuda. Organizations should take proactive measures for understanding their attack surface and taking a risk-based approach in managing it. Until regulations come into place, corporates would do well to step up self-regulation by establishing strong disclosure SOPs once a breach has been discovered.”
Cyble was recently invited by the Joint Committee on the Personal Data Protection Bill, 2019 to share their views on the bill. Cyble believes that the bill is the need of the hour and a significant step in addressing the rising data privacy and security concerns, besides providing a legal framework for the collection, use, and destruction of personal information. “Personal data protection is essential to fully capitalise on the benefits of India’s digital revolution”, says Beenu Arora.
Mandar Patil, VP of Business Development and Customer Success at Cyble said, “India is of significant importance to Cyble, and we are committed to assisting the Government, public and private sectors in assessing their threat exposure. We always advise our clients on focusing their security efforts right from the data collection stage, making sure that only relevant information is collected, securely managed across the entire data lifecycle, and appropriately destroying data when its utility for providing the service has been exhausted.”
Cyble also advises the marketplace that it is also necessary that organizations give people the means to control how their personal data is to be used and inform them of who has access to the data. To facilitate this, enterprises must be transparent and honest with end users whose data they are collecting, handling, and processing. An eminent example in the field of data protection is the European Union's General Data Protection Regulation (GDPR) law which specifies that in the event of a personal data breach, the organization is expected to notify the supervisory authority of the personal data breach within 72 hours after having become aware of it. The law also mandates that organizations must provide valid reasons for the failure to respond to breaches or even a delayed response.
Beenu Arora added, “This is a necessary step towards proactive measures that fight back and mitigate risks. By having a strong disclosure culture once a data breach has been discovered, corporates can play a big role in collectively dampening the incentives for hacking in the first place, while placing the interests of their customers foremost. It is imperative that businesses truly comprehend the implications and ethics of data security and data mining, not only as a regulatory obligation, but also as a means for achieving a basic alignment of the technology with the needs of the business. Like in many other countries, we believe that data breach disclosures in India should be made mandatory under the data security regulatory framework. These privacy regulations are expected to revolutionize the existing ways in which businesses secure, reserve, share and anatomize consumer data.”
Policies that make it mandatory for organizations to inform individuals whose data has been compromised of the details of data breach will allow data principals to better understand the information leaked. These privacy regulations are expected to revolutionize the existing ways in which businesses secure, reserve, share and anatomize consumer data.