Policy-makers and politicians are hell-bent on dragging us into a shining ‘Digital India’. But have they even bothered to check if we have the basic infrastructure in place or if there is any law to protect the consumer of this digital ‘moh maya’. Result? Data of every consumer is at the mercy of hackers (to attack us) and the government (to protect us). Currently, in India, there is no law or framework to protect consumers from data-theft or hacking. And there is no effective and fast grievance redress mechanism either.
In our day-to-day lives, we, as consumers, share our personal information with private companies or government. However, it is not limited to the information we feed in the forms or fields. Companies can easily collect information about the websites we visit, our Smartphones and apps installed, and even the places we visit often. Using all such information, they can create a complete profile of the user and her interests. Scary, isn’t it?
In most cases, it is difficult for a common consumer to know, and thus make an informed decision, about sharing private data or information. We do not know if the personal information we are sharing is safe and secure with service-providers like Google or Facebook. We do not know what types of security measures are used by service-providers to protect our data. And, remember, I am talking about two of the biggest companies that are solely dependent on online data consumption.
The less said the better for smaller companies and even the government, when it comes to protecting our data. Data protection is a costly affair; small companies cannot afford these costs and thus end up compromising our information. In the government, the majority of employees, who access data, are digital migrants or have shifted to computers from physical files and typewriters. They either fail to understand the consequences of data breach or they do not care. In most government offices, the official’s interaction with common people starts and ends with a physical form or application. Therefore, when it comes to carrying out digital interactions, they presume that every information on their PC is safely stored like the physical files in their ‘locked storeroom’.
The government and Unique Identification Authority of India (UIDAI) continue to maintain that there is no data breach or hacking in respect of Aadhaar and at the Central Identities Database Repository (CIDR). Last year, in July, in a written reply to the Lok Sabha, the minister of state for electronics, PP Chaudhary, however, admitted that personal identity or information of the residents including the Aadhaar number and demographic information, along with sensitive data like bank account, collected by government were ‘reportedly’ published online. Instead of destroying such stored and published data, all the government ordered was to ‘discontinue with immediate effect’ such practices.
UIDAI was set up without a data protection law. After collecting data from millions of residents, we are now in framing rules and regulation for data protection! Will we have defined standards for data storage and protection along with fixing liabilities, enforcement and quick grievance redress in case of data breach?
Until that happens, it is better for everyone to be more careful with what we share about our personal information and with whom. There is no point in making tall claims like: ‘I don’t have anything to hide so why should I not share’? Sharing information without proper precaution may not only harm you but may also endanger others associated with you. A false sense of ‘bravery’ does not work in cyberspace. What works and protects the user is precaution.
As I always recommend, share personal data or information only on a need-to-know basis. If the online form requires you to give the name of the city, then do not share your complete address. Be wary of sharing data with any website that lacks the security protocol in URL; it must be https and not just http. Lastly, keep track or preserve the records of your digital data-sharing.
