“Data is the new oil” – this phrase was coined by Clive Humby, UK Mathematician and architect of Tesco’s Clubcard. Quite rightly said, data has become the commodity that runs as the fuel for every industry.
With the launch of 4G services in India and increase in the internet penetration, more people are accessing the World Wide Web from various devices, leaving behind a huge amount of data. It includes their personal details, browsing history, shopping behavior, payment account info etc., which are easy prey for hackers, if left unprotected.
To throw more light on this sector, Prof. Subramanya Sirish Tamvada, Dean - IFIM Law College answers our questions related to the laws pertaining to data protection along with the plethora of career opportunities that have opened up in big data, data protection and cyber security.
What is Data protection and how is it seen in the Indian context?
Data protection means legal control over access to and use of data stored in computers. In India Data protection is still not taken seriously. Big corporates such as Google, Microsoft, Facebook, Whatsapp and other similar have access to huge amounts of private information.
Thanks to the Supreme Court of India as it has made Right to Privacy as a Fundamental Right however, the Court is yet to give its observations with regard to the Aadhaar Issue wherein biometrics of individuals are being collected.
In India, the collection and use of personal data is regulated by the Information Technology Act 2000 (IT Act). Section 43A of the Information Technology Amendment Act 2008 is a strong provision that penalizes failure to protect data. The section clearly states that, “Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, not exceeding five crore rupees, to the person so affected.”
The sections is poorly drafted as it as it does not define sensitive personal data. Section 72-A of the Information Technology Amendment Act 2008 provides for punishment for disclosure of information in breach of lawful contract.
It provides that any person including an intermediary while providing services under the terms of lawful contract, has access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both. These sections are not effectively enforced.
What are the current challenges faced in Data protection in India compared to the rest of the world?
One of the major challenges faced with regard to Data protection in India is the absence of a strong and an effective legislative framework. Effective enforcement at all levels is another major challenge. Cybercrimes these days have reached a different level altogether.
Recent news around the world mentioned that government websites and other information sites were hacked and many computers across the globe were shut down or were affected. Under these circumstances, personal data is very vulnerable.
The latest draft of the Personal Data Protection Bill 2014 is yet to see the light of the day. In the European Union protection of people’s data has been included as of the fundamental rights under Article 8 of the Charter of the Fundamental Rights of the EU.
This also includes the right to access data. The new Data Protection Directive with the General Data Protection Regulation makes individuals as well as companies processing data responsible for data protection and provides for compensation to anyone who data has been breached.
Why Data Protection Law is necessary in India?
Data protection laws are important to control the way information is handled and to give legal rights to people who have information stored about them. Data not only includes personal information but may also include financial information. Key information such as employee records, customer records, financial transaction information or data collected should be protected from being accessed by third parties.
Recently, I gave my contact details to one company. I received few follow up calls from them and I refused to deal with them any further. Yesterday, a customer care executive of a different company with whom I have never shared any information called me and offered me similar services.
When I enquired how they got my details, the executive said, the marketing team got the information and that the executive is a mere employee. This is serious. Data could get into wrong hands and therefore, effective legislation should be in place.
What are the careers in cyber law, data protection and data security, its scope and future prospects?
Cyber law deals with the issues related to the internet, and communication technology including computers, software, hardware, and information systems. With the growth in demand for internet, many opportunities have open up especially for lawyers in this field. Lawyers practicing in Cyber law handle various cases of cybercrimes.
Cybercrimes are the illegal activities committed on internet against a person, property and government. Cybercrimes involve hacking, spreading virus, cyber terrorism to name a few. Criminals can also engage in fraud, theft, forgery, and defamation.
A lawyer gets to prepare, examine and defend a client involved in a cybercrime. The demand for cyber is going up and they are compensated quite handsomely. Opportunities are available in both public and private organizations, IT departments, police departments, corporations and in academia.
A cyber lawyer in addition to the above mentioned will get to work on protecting information access, privacy, communications and intellectual property and freedom of speech related to the use of internet, world wide web, email, computers, software, hardware, cell phones and data storage devices.
I am a degree holder and want to make a career in cyber law and data protection. How and where do I start?
A degree holder can start with getting a diploma in cyber law to get specialized knowledge in the field. The diploma could also help in developing the technical knowhow of various aspects related to technology. It will also help in developing an understanding how law plays a critical role in information technology.
Additionally, graduates could also pursue Master level courses from Universities and Institutes that offer specialized courses on Cyber Laws.
Is Indian government serious in hiring the security experts for its data? Are there any career scope for cyber security experts in Indian government sector?
Yes, the Indian government is very much serious in hiring security experts for its data. Aadhaar is one such example. The government claims that it is using the highest security standards to store and protect individual information.
With the population of the size of India, I am sure the government would not only be looking at computer experts but will also be looking at lawyers specializing in cyber law to prosecute the violators of private information. The scope will increase many folds once a legislation is passed in the country.