Blog Details

Author - Medha Mukherjee

What Is Data Protection?

Data Protection is the process of protecting and securing important information or data from misuse or misapplication. The importance of data protection is increasing with the amount of data creation and storage and it continues to rise at unprecedented rates.

The main objective of data protection is to safeguard and make available data under all circumstances. Data protection referred to both operational data backup as well as disaster recovery. 

Data protection strategies develop along with data availability and data management. 

1. Data Availability - Data availability ensures the user the availability of data for usage even if it is damaged or lost.
2. Data Management - In data management there are two key areas: Data Lifecycle Management (DLM) and Information Lifecycle Management (ILM). 
   1. Data Lifecycle Management - Data lifecycle management is the policy-based approach to maintaining the flow of data throughout its lifecycle which means from the creation of data till the deletion. For example, Hierarchical Storage Management (HSM) is a data storage technique which automatically moves data from high-cost to low-cost storage media and vice versa. 
   2. Information Lifecycle Management - Information lifecycle management is referred to as the strategy of administering the storage systems on the computing device throughout its lifecycle. It optimizes the data utility, lower cost as well as minimizing the legal and compliance risks which may be introduced through that data.

The Purpose Of Data Protection Law

The Data Protection Law is an act to protect personal data on computers legally. In the modern world, businesses, organizations and government started to store the customers, clients and staff data such as name, address, contact information, etc., in the database on computers which are connected on the network. The information retrieval and storage on databases are very accessible. 

Though digitalization provides a convenient way to handle the data globally, the threat of data misuse is also increasing along with it. Therefore the data protection act is necessary to control the way of information handling and to give legal rights to people.

Data Protection Laws In India

At present, there is no specific legislation for data protection in India. It is protected directly or indirectly via various laws concerning information technology, intellectual property, crimes and contractual relations.

1. Information Technology Act, 2000 (IT Act) - The IT Act provides the safeguards against certain breaches related to data from computers. The act provides the provision to protect the unauthorized use of computers and data stored in it. Though it has not mentioned anywhere in the act about the liability of internet service providers or network service providers and data handling entities. Therefore the entities are responsible only for safe distribution & processing of data and they do not bother for outsourcing service providers. As per the recent amendment, the provision related to compensation payable by companies for failure to protect personal data is deleted.
2. Indian Penal Code (IPC) - The IPC can be an effective means to prevent data theft. For the offences such as misappropriation of property, theft or criminal breach of trust leads to the imprisonment and fine under the IPC. Although the offences under IPC apply only to movable property, therefore computer databases can be protected under the IPC as they are movable by nature.
3. Intellectual Property Laws - Indian Copyright Act states that piracy of copyrighted data is punishable. Indian judiciary is considering the copyrights in databases and hence it can be considered under the copyright act. 
4. Credit Information Companies Regulation Act, 2005 (CICRA) - The collection of the credit information of an individual in India should be as per the norms declared in the CICRA regulation. CICRA has created and maintains a strict framework for the information concerning the credit and finances of an individual and companies in India which provides strict data privacy principles and the same has been notified by Reserve Bank of India.

Addition to these, industries also have taken initiatives for data protection. The National Association of Service & Software Companies (NASSCOM) is involved in improving data security in private sectors. Many BPO service providers are also volunteering for self-regulation and adopt stringent security measures to control the misuse of data.

Recent Bill Proposed On Data Protection

The Personal Data Protection Bill, 2019 was introduced in Lok Sabha by the Minister of Electronics and Information Technology on December 11, 2019. The objective of the bill is to provide the protection to personal data of individuals and for that establishes a Data Protection Authority. 

The Bill governs the processing of personal data by the government, companies in India and foreign companies dealing with the individual’s personal data in India. The Bill categorizes some personal data as sensitive such as financial data, biometric data, caste, religious or political thoughts or any other specified by the government.

The Bill sets some rights for an individual such as 

1. A right to receive the confirmation from the fiduciary for processing their personal data
2. Seek correction of personal data
3. Transfer of personal data to another fiduciary in some circumstances
4. Restrict frequent disclosure of their personal data by a fiduciary

Conclusion

Any type of data is always valuable, and when it comes to the personal data it is more valuable. The skills and opportunities for retrieving personal data are evolving very fast. It would be harmful to a person or companies if the personal data gets handled carelessly. Therefore the Data Protection Law is necessary to protect the individual rights as well as the company’s reputation. It is also necessary for India to sustain investors.