An Indian armed with a cellphone leaves an enormous digital print. Concerns regarding data privacy and mining of personal information are legitimate.
If there was ever a time when India needed a sound data policy, it is now.
Last week, European Union’s General Data Protection Regulation (GDPR) policy came into effect. Under this, any organisation, working in any part of the world, which processes data of an EU citizen has to adhere to the new data security rules.
As a result, some of us, sitting here in India, were flooded with mails from organisations, telling us about their new data security policy.
Data and privacy are two words that have become a part of our daily lexicon. Any Indian armed with a cellphone today leaves an enormous digital print. Therefore, concerns regarding data privacy and how our personal information can be mined by organisations are legitimate.
These concerns came to the fore with the Cambridge Analytica scandal, where the data of over 87 million people, including an estimated 562,000 Indian users, was allegedly shared by Facebook with the political consulting firm.
Post the scandal, governments across the world are working at formulating stronger and stricter policies on data privacy.
India has two models to choose from: the European Union is tilted towards individual privacy while the US gives primacy to innovation over regulation.
In April this year, IT minister Ravi Shankar Prasad promised a “robust data protection law soon”.
One, however, has learnt to take such promises with a pinch of salt.
India’s National Cyber Security Policy, for instance, was rolled out in 2013 as a framework that would safeguard the country from external as well as internal cyber attacks.
Under the NCSP, the governments had grand plans of creating a workforce of 500,000 people, a secure network for trading, storing and obtaining strategic information, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective response and recovery actions, among others.
According to the latest reports, only 50,000 or 10 per cent of the workforce has been put in place. Although the policy seeks to protect the critical infrastructure of the country, it doesn’t specify which sectors/organisations come under “critical infrastructure”.
Government, one would like to believe, has the intent but the execution—as seen in the case of the NCSP—seems to the challenge.