Currently in India, there is no data protection policy or any government policy around it
A UK based political data analytics firm, Cambridge Analytica allegedly sourced the data of around 80-90 million Facebook users illegally without their knowledge and consent and used it during Donald Trump’s presidential campaign. They allegedly started collecting the data in 2014 and used it to form political campaigns and influence voter opinion. Facebook claimed that the users were duped by a researcher who originally got the data through a quiz app hosted on Facebook. However, Facebook’s then malfunctioning design allowed this app to not just collect personal information of people who agreed to take the survey, but also the personal information of all the people in those users’ Facebook social network. This caused huge uproar not only in the US but also globally. While many deleted their Facebook accounts, everyone else became deeply skeptical about not just Facebook but also online security and data privacy in general.
Cambridge Analytica was doing a lot of number crunching to understand user behavior and preferences, which is very normal, but what caught people’s attention is that it was allegedly influencing people’s behavior. People are not too careful about what they are posting on social media, what they like on it and if somebody has that data, they can predict your behavioral choices, political leanings, religious leanings and other important factors. The other scary part was that if you are leaning towards their views, they will create more campaigns and content that strengthens your views and if not, they will try to influence your views.
Currently in India, there is no data protection policy or any government policy around it. There should be a way to enforce best practices of data collection, retention and disposal; otherwise it becomes an easy prey not just for hackers but also to unscrupulous organizations. Organizations are not bound to secure your data in any way. For example, there are lots of government services for which we can pay online, like water bill, electricity bill, etc. In that case, I am providing my information, and it is the government service provider’s duty to keep my data secured and not use my data in any malicious way. While the government service providers may not be selling data but many private companies may be doing that, we need to be careful about the kind of information we put online. They also should be careful about it. In Europe, General Data Protection Regulation (GDPR) policies went into effect from, May 25th 2018, which has put a framework on how data should be secured, retained, utilized and disposed. Deleting old data is in important aspect of the regulation. The European Union (EU) regulation has strict data regulation rules. Each individual has the right to go to an organization and ask the organization to delete his/her data. They are bound by law to delete the data within a stipulated time. If you are not compliant, penalties are very high. The presence of a similar law in India will bring a lot of trust back into online transactions.
It is also very important for most businesses to keep their customer’s data secure. Say, you are an online e-commerce company. You will have customer data, which needs to be kept securely. The other aspect is that after data is stored, you need to ensure that your database is encrypted. There are other threats like encryption malware. Organizations will have all business data and if a ransomware hits and collects the data, it can cause grave consequences. That is where storage backups come into the picture.
The Facebook-Cambridge Analytica crisis has taught the world a huge lesson that at any point we cannot be casual about our online data and we are not yet in a fully secure state. It is rumored and there is no proof that data was used to swing the elections and if that is true it is a big thing. If it was done by a 3rd party, it is even worse. We also need to be aware about certain things when online, like giving permission to apps to access our profile. It seems fun but can cause huge damages. Another thing is distinguishing between real and fake info and we need to be careful on this aspect.
The author is Senior Director - Product Management at Barracuda Networks