0.1710
900 319 0030
x

Need for a Data Protection Law

iasparliament Logo
February 07, 2020

Why in News?

A German cyber security firm reported that the medical details of many Indian patients were leaked and are freely available on the Internet.

What kind of data were leaked?

  • The firm listed 1.02 million studies of Indian patients and many medical images like CT Scans, MRIs and patients’ photos as being available.
  • Such information has the potential to be mined for deeper data analysis and for creating profiles.
  • These profiles could be used for social engineering, phishing and online identity theft, among other practices.

Why these critical data were made available?

  • These data were made available due to the absence of any security in the Picture Archiving and Communications Systems (PACS) servers used by the medical professionals.
  • These PACS servers seem to have been connected to the public Internet without protection.

How these data can be protected?

  • Public data leaks have been quite common in India. Even the data are leaked from the government websites, among others.
  • Unlike the data protection regulations in place in the European Union and US, India still lacks a legal framework to protect data privacy.
  • The Draft Personal Data Protection Bill 2019 is still to be tabled.
  • If tabled, it could enable protection of privacy.
  • The draft Bill follows up on the provisions submitted by the Justice B.N. Srikrishna committee to the Ministry of Electronics and Information Technology in 2018.

What the committee wanted to do?

  • The committee sought to codify the relationship between individuals and firms/state institutions as one between “data principals” and “data fiduciaries” so that privacy is safeguarded by design.
  • [Data principals - whose information is collected; Data fiduciaries - those processing the data].

What is the 2019 version of the Bill?

  • This version seeks to retain the intent and many of the recommendations of the Srikrishna committee, but it has also diluted a few provisions.
  • The Bill tasks the fiduciary to seek the consent in a free, informed, specific, clear form from the principal.
  • But, it has removed the proviso that said selling or transferring sensitive personal data by the fiduciary to a third party is an offence.
  • There are other issues with the Bill pertaining to the situations when state institutions are granted exemption from seeking consent from principals to process or obtain their information.
  • Yet, considering the manner in which public data are being stored and used by both the state and private entities, a comprehensive Data Protection Act is the need of the hour.

 

Source: The Hindu

Login or Register to Post Comments
There are no reviews yet. Be the first one to review.

ARCHIVES

MONTH/YEARWISE ARCHIVES

Free UPSC Interview Guidance Programme