Mumbai: Since 2008, Jan 28 is marked as Data Privacy Day, however, it all started on the same day in 1981 when Convention 108 was signed in Europe. It laid the first legal foundation of an international treaty on data privacy and protection.
While Europe commemorates 28 Jan as Data Protection Day, other regions and countries around the world including India celebrate 28 Jan as Data Privacy Day.
Commemorations and celebrations play a progressive role in spreading awareness and educating people on key issues such as data protection and privacy. However, it is important to understand what Data Privacy Day means to tech enterprises and businesses along with the government in India.
A nation of over 1.2 billion people has been rapidly adopting technology and going digital across the spectrum in recent years. Though late, India is now gearing up for its personal data protection laws this year.
India’s data protection laws and educating employees
“As the union government gears up to introduce laws to protect consumer data, organisations should bear the onus of educating their employees. Data protection is only successful when all components within the infrastructure—including all employees—are prepared to handle it,” says Rajesh Ganesan, VP – ManageEngine, the enterprise IT management division of Zoho Corporation.
To educate employees efficiently, Ganesan points out that data protection must be built right from the design stages of all services and operations. “It should be present as a strong, invisible layer. It is best to educate employees on the do’s and don’ts of data protection in a way that is contextually integrated into their work, as opposed to relying solely on periodic trainings,” he suggests.
“Given the forthcoming legislation, corporate data management is more important than ever, and it’s up to business leaders to create the teams, structures, and expertise to keep all their corporate data well-protected and staying compliant in 2022,” emphasizes Ganesan.
Unlike the western countries which already have stringent data privacy and protection laws with stiff penalties. For India, it remains a relatively new concept both theoretically and in practice. With a lack of data protection and privacy laws in general, India has plenty of complex issues to deal with and their implications can trigger far too many consequences.
Data protection – the responsibility of organisations
Hence to start with, private organisations and businesses need to take up responsibilities to educate and spread awareness among their employees.
“Data Protection Day serves as a global reminder for one of the most important responsibilities of any organisation, which is to keep sensitive and mission-critical data secure,” says Ripu Bajwa, Director and GM – Data Protection Solutions at Dell Technologies, India.
“Today, many organisations in India and around the globe are exposed to sophisticated vulnerabilities, as their infrastructure and data security framework is inadequate,” adds Bajwa.
Further, “Malware, ransomware and cyber threats have become more specialized and penetrative. Once a lapse is identified, attackers can misuse the data and create situations in which data, once lost, may not be recovered,” Bajwa explains the consequences and risk arising in absence of an effective data security mechanism and laws.
However, to make situations more complicated the ongoing pandemic has pushed organisations around the world including India to operate with their remote workforce from non – enterprise environments, looming with threats of data thefts and cyberattacks.
Hybrid work model, emerging tech and risks to data
Although, some organisations have adopted a hybrid work model in recent months with the subdued impact of the pandemic. But this doesn’t mitigate those risks as the protection and security of corporate data remains a major concern for these organisations.
“With the hybrid work model, organisations also process complex amounts of data in environments where frequent exchange of data may occur from multiple touchpoints,” says Bajwa.
Besides, the growing influence of emerging technology like cloud-native applications, Kubernetes containers and AI in day-to-day business activities increases the risk of misuse of data. “The risk of misuse of data due to the lapse in the upkeep of cybersecurity goals and IT infrastructure makes organisations vulnerable to cybersecurity threats,” points out Bajwa.
Data and Cybersecurity
While this scenario is more from the perspective of organisations, it has another side too. And that is the data of consumers that organisations and businesses collect with or without their consent and misuse.
Often cybercriminals and hackers’ steal these sensitive consumer data from organisations and demand ransom in return. In addition, they even put those stolen consumer data for sale on Darkweb. For hackers, such acts of cybercrimes are very lucrative and monetarily rewarding. And that’s the modus operandi for most cybercriminals.
According to security experts, lack of data protection strategy, unpatched software and zero-day vulnerabilities, along with human errors remains prime factors that hackers exploit to hack data in organisations. This signifies why the protection and security of data remain extremely critical in organisations.
“Consumers are also constantly discovering the information that is collected about them, how that data is used, and how daily breaches put that information at risk. Consequently, organisations must make security a top priority to maintain consumer trust and remain compliant with regulations,” commented Bajwa.
Data Privacy regulations
To address these challenges, Bajwa suggests a few steps that organisations must take that include, an accurate inventory of data. “This is critical for adhering to data privacy regulations, such as GDPR. Many organisations may not know the information they have or where it is going, thereby making it difficult to protect it,” he points out.
“Additionally, solutions that dynamically allow or deny access based on contextual factors like a user’s location, device type, or job function are highly favorable, along with data loss prevention (DLP) capabilities,” Bajwa explains some technicalities of data protection solutions.
While India is also working on a data protection framework that incorporates many elements of the GDPR. In Bajwa’s opinion organisations in India need effective compliance strategies.
“Ultimately, in today’s highly regulated data environment, Indian organisations need to adopt and build effective compliance strategies to achieve business value. Organisations with low levels of data protection and data governance frameworks need to change quickly,” he opines.
Interestingly, ManageEngine’s Ganesan and Dell Technologies’ Bajwa firmly believe that India’s move to frame data privacy and protection laws are in the right direction. They are also equally emphasizing that organisations need to educate and inculcate data protection culture among employees, build compliance strategies and take help of technology backed data protection solutions.
Data privacy and ownership
However, for Kumar Vembu, CEO and Founder of GOFRUGAL – a cloud and mobile ERP solutions company it’s all about data privacy and ownership. Vembu strongly believes in what he calls “digital freedom” and “digital slavery.”
“It’s time to understand what freedom means, mainly digital freedom. We leave our digital trails whenever we engage digitally. Algorithms have started using the data to condition our minds, influence, and sometimes even dictate what we should be doing in the future,” says Vembu.
Data protection, according to Vembu is all about freeing ourselves from digital slavery. In his view, the goal of data protection is to give power to the data owner. “It is the capacity to decide what data should be stored, how it should be used or not used, and to make sure they don’t end up as slaves to the machines,” explains Vembu.
“Data protection means empowerment to the consumer so that they have the freedom of choice every time they shop. It is about establishing a level playing field and healthy competition in business. Most importantly offer a guarantee about the security and safety of personal and business data.” he adds.
Though some may think Vembu’s view is more philosophical. But certainly, his view abides by the very core fundamental rights and values of freedom, privacy, data ownership and the consent that businesses and organisations need to honour.
“On this data protection day, let us commit ourselves to understanding our rights to enjoy our freedom as digital citizens,” concludes Vembu.