Get proactive on data security
With the existing laws tilted in favour of companies, it’s tough for individuals to get any compensation in case of a data breach
With existing laws tilted in favour of firms, it’s tough to get compensation in case of data breach.
Incidents of data breach are occurring with increasing frequency. There’s little that you can do if your service provider does not take adequate security measures. But, if you take a few steps, you can ensure that hackers don’t get access to sensitive information that can cause you financial loss.
Recently, details of Reliance Jio customers were posted on a website. Earlier, a hacker stole email addresses and hashed passwords from Zomato’s database. In April, the secretary at the Ministry of Electronics and Information Technology had sent a letter to chief secretaries of all states and Union Territories stating that sensitive information, including bank details and Aadhaar numbers of individuals, had been published online, and that adequate measures should be taken to prevent a repeat of such incidents. Weak laws: The law says government departments, service providers and intermediaries need to take sufficient measures to protect customers’ privacy and data. If they fail to do so, they can be sued for unlimited damage. “But, the regulations are not comprehensive enough. The law, for instance, is silent on the minimum security measures a company needs to take. Companies or the government, therefore, get away easily. Also, if a customer wants to sue a company, the onus lies on him to prove that the company is at fault,” says Pavan Duggal, a Supreme Court lawyer and cyber law expert.
Since the law is tilted in favour of companies, compensation has never been awarded to an individual through the Information Technology Act, though it has been around for over 17 years and has seen many amendments, say experts.
As the laws don’t favour individuals, they need to protect their privacy by sharing data on a need-to-know basis, change passwords and PINs regularly, and not save card details on any website or device. Your valuable data is sold cheap: Financial information is sold to scammers who use card details for fraudulent transactions. Data on individuals containing their profiles and behavioural traits are also much sought after.
Scammers use personal information to earn your trust and then swindle you. Say, you get a call from a newly-launched website. The caller gives you a special discount on his website because you had spent ~5,000 the previous week at another retailer’s website. What you don’t realise is that if you shop on the caller’s website, the product will never be delivered to you and you will lose all your money.
It’s not just criminals who want your data. Social media platforms, chat apps and other service providers are also able to offer free services and products because they monetise your personal data with advertisers. “Besides scammers and telemarketers, big corporates also source data unofficially. They then use it to understand individuals' behaviour, profiles and habits, and then sell products and services accordingly,” says Duggal. Be proactive: As we move towards a situation where everything is connected to the internet — smart devices, smart televisions, smart lighting, smart refrigerators, etc. — everything can be hacked. A hacker can access any of these devices and steal data. One must, therefore, adopt basic security protocols.
“Across the globe, countries have woken up to the threat of massive cyber attacks that cybercriminals propose to unleash in the near future. India has emerged as one of the top targeted nations by cyber criminals,” says Sharda Tickoo, technical head, Trend Micro, India. Share information on a need-toknow basis: When creating a profile on social media websites, don’t go overboard sharing all your information, such as phone number, date of birth, email, etc. Even if sharing some information is essential, use privacy settings according to your needs. When shopping with e-commerce retailers, provide minimum information that gets the work done. “Avoid saving cards and bank account details on the platform. It will protect your sensitive data if the website gets hacked,” says Tickoo.
Create strong passwords:
Avoid obvious ones such as your birth date or spouse’s name. Create strong passwords by using a random combination of letters, numbers and symbols. “Keep multiple passwords for different websites. It will ensure that if a hacker gets the password to one site, your other accounts will stay protected,” says Udbhav Tiwari, policy officer at the Centre for Internet and Society, Bengaluru. When visiting a website, ensure that it is secure: Check for the symbol of a closed lock at the bottom right corner of the screen. Web addresses that begin with “https” are generally secure, and if you click on the lock symbol on the bottom right, it should also display the same “https” address. Avoid saving sensitive information on computers, mobile phones and other devices. Many save their bank account details, card information and passwords on devices and when any of it is hacked, the hacker gets all your sensitive data. Also, use a popular security software on all your devices. Don’t replicate your data across many devices. Sign up for real-time alerts with your financial service provider, even if they levy a charge. Also explore whether your bank or credit card company offers the option to restrict the amount of transaction. “Create a Google alert of your name. If data about you gets leaked in a prominent attack, you will get to know about it immediately,” says Prashant Mali, an advocate and international cyber law and cyber security expert. Also, avoid mobile apps that ask for access to your cell phone without requirement. A flashlight app, for example, shouldn’t get permission to access your contacts or location. Tiwari says that you can also use websites like haveibeenpwned.com to check if your details are present online on websites and make sure you secure the affected accounts.