Principle of natural justice demands that there should be distinction between an intentional misuse and failure to protect
Globally, there is a lot of work going on to protect personal individual data. While GDPR has just kicked off in Europe, similar legislations are in the making in various parts of the world, including India.
The provisions of most of these legislations are fairly stringent, and that is often justified citing the rising instances of data breaches!
That is a faulty logic, to put it mildly. Data breaches, in three out of four cases, are sophisticated targeted attacks. To fall victim to it is not an indication of a company’s lack of intention.
Principle of natural justice demands that there should be distinction between an intentional misuse and failure to protect. There are organizations whose business models are based on exploiting the personal data of their users. Then, there are numerous banks, hospitals, airlines, educational institutions that deal with a lot of personal data for carrying out their work. Being not so tech savvy, they are seen as soft targets by attackers. Healthcare is the top favorite of attackers.
On the other hands, those businesses that are built on the premise of leveraging data per se are usually sophisticated high-tech organizations. Those organizations should attract the most stringent penalties.
Clubbing both these categories for the purpose of regulation, to me, is not a fair approach.
While our cover story this month is about breaches and how a lot of breaches are never reported in India, we have a debate on if India needs stringent data protection regulation. Two practitioners, KRC Murty of Deutsche Bank and Anil Porter of Inter-Globe Tech put forward their views on either side.
The annual CIO&Leader conference is round the corner. This time the theme is Practical CIO. It is essentially focused on how the new emerging technologies can be practically leveraged by organizations.
Hopefully, I will be able to share some learning from that in a subsequent issue.