As a concept, privacy is seeing a paradigm shift in terms of its importance. Traditionally, for a developing country like India with its myriad of sociological and infrastructural issues, privacy came quite low on the priority list. However, with the rapid development the country has seen in the last few decades with the growth largely driven by a digital economy, the right to privacy is now being examined in a new light.
Looking back, this shift can be traced back to August 2017 when a nine-judge bench of the country’s Supreme Court declared the Right to Privacy to be a fundamental right for Indian citizens under the Constitution. Following the lines of the European Union’s (EU) much-vaunted General Data Protection Regulation (GDPR), India is also working on a data protection legislation which was tabled in parliament in December 2019 as the Personal Data Protection Bill 2019. This law is currently being examined by a Joint Parliamentary Committee but should come into existence very soon.
Focus on data privacy in the banking & healthcare sectors
The COVID-19 pandemic of 2020 has also led to an increase in vision documents and legislation on privacy. The Reserve Bank of India (RBI), India’s central bank, took cognizance of the rise in digital banking precipitated by the coronavirus crisis and released a Technology Vision Document for Cyber Security for the Urban Co-operative banking sector to enhance the sector’s cybersecurity posture in September 2020.
The country’s healthcare sector will also soon be regulated by legislation similar to the United States’ landmark Health Insurance Portability & Accountability Act (HIPAA). The Digital Information Security in Healthcare Act (DISHA), which is currently in the draft stage, aims to provide a framework for electronic health data privacy and confidentiality, while also proposing various penalties for digital health data breaches.
What is clear from the above is that India’s institutions are taking data privacy very seriously and following in the footsteps of the world. Enterprises, hence, cannot afford to overlook the implications of data privacy; the ensuing legislations mandate substantial financial penalties if compliance on data privacy is not achieved. There is the risk of reputational damage caused due to the negative media coverage that privacy breaches routinely cause nowadays.
Compliance with regional data protection laws is necessary for the new normal
To begin with, enterprises must conduct a thorough audit of their current data protection, status if not already done. Depending on where they are located, every country will have different laws that enterprises must adhere to. Also, similar to the GDPR, enterprises may also be responsible for compliance with regulations from the states from where their customers are located. Enterprises are required to be compliant with and aware of all relevant data protection regulations – if required, a legal option should be taken.
Secondly, enterprises must examine what kind of data is being collected from consumers and how it is used. Customers are now increasingly aware of their rights and will question the data that is being collected to them. They also want to know how their data is being used and may also use the famous “Right to be Forgotten” option to ensure that their data is erased.
Does your enterprise have these mechanisms in place? Can customers be assured of how their data is being used and how it is being protected? Enterprises should ensure they follow strict and stringent data protection mechanisms like access controls, encryption and backup.
Privacy will be the buzzword of the new decade and organizations will find that they can set themselves apart from the competition by assuring customers of data privacy in an increasingly invasive world. Seqrite’s suite of comprehensive solutions and services can be an enterprise’s ally in this environment providing the tools required to comply with required data privacy laws.
