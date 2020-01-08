Exploit attempts, cyber-defense, threat blocking, firewalls and
encryption codes—are you being able to digest these terms as
fast as they are thrown at you? Whether you realize it or not, you,
me, us—we're all in the middle of a data war from the
time that we wake up—and sometimes while we're sleeping
too (or supposed to be).
Information has always been valuable, especially secret,
strategic data. Whether in the form of gossip used for social
bonding, or corporate espionage used to subvert stock
prices—data and its corresponding actionable insights—has and will be the
most marketable commodity any of us will ever possess. This becomes
more pronounced in today's digital environment where personal
and business data can be easily stored, and therefore easily hacked.
The Supreme Court's 265-page 2017 judgment seems like a step in
the right direction, but is it enough? Does it clarify the ethos
companies must apply when collecting and using citizens' data?
According to the 2016 ACFE Report to the Nations on Occupational
Fraud and Abuse, the average organization loses 5% of their
revenues to fraud, and as NAMO pushes India to get more digital,
digital crime is likely to increase.
So, how does India's Information Technology Act (ITA) come into play
in enforcing more robust data security measures? ITA 2000/8
emphasizes "Contract" with the data subject. This gets
translated into "Informed consent", which means
communicated consent, and exists as a thin line between legal and
moral consent mutually decided between the user/employee and
employer.
Take for example, Section 72A of the Information Technology Act,
2008, which lays down punishment for data breaches under
contract—you can get either 3 years in jail or pay a Rs. 5
lakh fine, or both. This does not seem adequate considering that
employee-to-company contracts lay down fines that are ten times
this amount for accidental NDA breaches.
When we receive cases in pertaining to Sec 72A violations, we
immediately require cyber experts to track data breaches and
related deleted data through the dump memory log file. If that does not yield
substantial results, we employ other more aggressive tracking and
recovery protocols.
Interestingly, for years, bank executives presumed that the biggest risk facing the industry was bad
credit. But that axiom is changing, as cyber criminals become more
sophisticated and data security becomes more essential.
To this end, companies can follow these basic measures to ensure
zero accidental and minimal deliberate breaches of proprietary
data:
Make sure you have your own floor
policy to customize the implementation of laws in your
jurisdiction.
Create an actionable list of Dos and
Don'ts for your employees to follow.
Audit all employees with access to
company's proprietary data to ensure that they are aware of
your internal protocols.
Limit access to social media in the
workplace with blocking and privacy protocols, only allowing access
to smartphones during breaks (outside the office premises).
Originally published 18 December
2019
