Interpol recently reported that there has been a surge in cybersecurity attacks since the pandemic. This highlights the magnitude of the problem, and this trend shows no sign of letting up.
Today when personal data is the key to gain a competitive edge, data ethics is at the heart of business success. Under these circumstances, it becomes very important to understand the difference between development of technology and putting the technology to use. A law cannot control the development of technology but it can regulate the use of technology and fix accountability for misuse thereof.
But as soon as the law will have to take into consideration the machine learning and artificial intelligence, it will be more complex and cumbersome to fix accountability.
Please note that a machine cannot be punished or held responsible for a harm caused to the human beings, even if by any legal fiction, it is held accountable. We shall face in near future another complex task of finding a remedy against harm caused by a machine not controlled by human beings.
Data leaked included Aadhaar, PAN and mobile numbers, bank account numbers, IFSC codes and mostly every personal information of all individual cardholders.
If it wasn't enough shocking, anonymous sellers were selling Aadhaar information of any person for Rs. Also, one could get any person's Aadhaar card printout by paying an extra amount of Rs. In , a cyber attack was perpetrated on Cosmos Bank in Pune. This daring attack shook the whole banking sector of India when hackers siphoned off Rs. Hackers hacked into the bank's ATM server and took details of many visas and rupee debit cardholders. Money was wiped off while hacker gangs from around 28 countries immediately withdrew the amount as soon as they were informed.
The Covid pandemic has given an unprecedented opportunity to cyber criminals. The work-from-home working module adopted by such organizations has been attributed to the rise of cyber attacks.
The security gap between the home and office network has played a key role to make way for the data breaches in This issue has resulted in the theft of confidential information, leading to the loss of millions of dollars for breached organizations.
The crux is that data-sharing between government agencies also, if not wellregulated, can create a "back door" which allows circumvention of individual privacy and data protection safeguards. Comprehensive population databases, like those established as part of ID systems, are a tempting resource for People in power, law enforcement authorities, particularly when they contain biometrics. Right to privacy is a human right recognized under Article 12 of the Universal Declaration of Human Rights1 issued by the United Nations on December 10, , of which India is a signatory.
Many human rights received the status of fundamental rights under the Indian constitution, thanks to the Supreme Court of India. Versus Union of India and Ors4 declared that the Right to Privacy is a fundamental right, intrinsic to life and liberty; therefore, it comes under Article 21 of the Constitution. The judgment writes: "'Fundamental Rights' are the modern name for what has been traditionally known as 'natural rights'" Justice S A Bobde, now CJI wrote: "Privacy, with which we are here concerned, eminently qualifies as an inalienable natural right, intimately connected to two values whose protection is a matter of universal moral agreement: the innate dignity and autonomy of man.
Chandrachud J. Privacy also connotes a right to be left alone. Privacy safeguards individual autonomy and recognises the ability of the individual to control vital aspects of his or her life. Personal choices governing a way of life are intrinsic to privacy Privacy attaches to the person since it is an essential facet of the dignity of the human being. Policymakers and courts have struggled with striking the appropriate balance between protecting the privacy of registrants and supporting criminal investigations.
Some countries use a "privacy policy" in the form of an easy-to-understand document which explains in plain language how personal information is collected and used. However, public awareness campaigns are also crucial to disseminate information on the collection and use of personal data. These can address misconceptions and concerns and identify channels for questions and complaints. In India, The IT Rules have been incorporated vide Section 43A of the IT Act and provide for minimum standards on collection, disclosure and transfer of personal information—which is defined as "any information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
The IT Rules further mandate a body corporate shall obtain prior consent from the provider of 'sensitive personal data or information' for using such sensitive information. The Rules provide for a list of personal information that can be construed to be 'sensitive' and includes passwords, financial information, health parameters, sexual orientation, etc. The IT Rules substantiate that all body corporates need to devise a 'privacy policy' for dealing with personal information including sensitive personal data or information.
The aim is to protect and maintain the record of personal information provided. It has been mandated to make such a privacy policy publicly available and it shall contain details regarding use, collection, disclosure of such information along with the security practices adopted by the body corporate for the maintenance of all supplied information. A body corporate or any person on its behalf may transfer sensitive personal data or information to any other body corporate in India or any other country, if it ensures the same level of data protection that is provided by the transferor as per the IT Rules.
There are RBI guidelines, regulations and circulars to maintain secrecy of client information and propounds methods to evolve voluntary norms that banks must enforce on themselves. The DoT in consonance with the TRAI continues to issue guidelines for protection and localisation of data collected by service providers from their customers. The Medical Council of India under the ambit of the Indian Medical Council Professional conduct, Etiquette and Ethics Regulations, , governs issues relating to collection of personal data of patients, issues of consent and the extent to which complicated procedures may be carried out.
At work For enterprise and business customers, IT admins, or anyone using Microsoft products at work, visit the Microsoft Trust Center to get information about privacy and security practices in our products and services. Visit Microsoft Trust Center. You control your information We give you the ability to control your data, along with clear and meaningful choices over how your data is used.
Your data is protected We rigorously protect your data using encryption and other security best practices. You can expect privacy by design We design our products with a core commitment to uphold user privacy. We stand up for your rights We fight for stronger privacy laws and protections, and will protect your rights if a government request is made for data. We regularly publish the Microsoft Privacy Report to keep you updated about our privacy work. We explain how customers can export or delete personal data in our Privacy FAQs.
We offer in-depth privacy information about our products and services in the Microsoft Privacy Statement. We believe that the technology we create should benefit everyone on the planet, and the planet itself. Visit the Microsoft Corporate Social Responsibility for more information. What's new Check out the latest articles, blog posts, and news from Microsoft about protecting your privacy at home and at work. EU Data Boundary for the Microsoft Cloud: A progress report Read about the important milestone in our journey toward creating the EU Data Boundary for the Microsoft Cloud, and our ongoing commitment to provide customers with robust transparency about our practices and progress toward the implementation of the EU Data Boundary.
Read the EU Data Boundary progress report. The risk factors listed below should be addressed when considering whether to complete a DPIA. Other potential factors and further details are found in Part 1 of each of the guidelines.
The GDPR clarifies 'The processing of personal data should not be considered to be on a large scale if the processing concerns personal data from patients or clients by an individual physician, other health care professional, or lawyer.
In such cases, a data protection impact assessment should not be mandatory. A DPIA should provide specific information about the intended processing, which is detailed in Part 2 of the guidance. That information includes:. Skip to main content.
0コメント