Challenges Of Data Privacy And Protection In A Covid And Post-Pandemic World

Challenges Of Data Privacy And Protection In A Covid And Post-Pandemic World

SUMMARY

The sudden digital shift being caused due to the effects of Covid-19 presents a major challenge in compliance

Most organisations do not have a basic understanding of the data they collect, let alone the reasons and purposes of such collection

India’s data privacy and protection legal framework is about to take a quantum leap in the form of the Personal Data Protection Bill 2019

The Covid-19 pandemic has massively disrupted and continues to disrupt the way individuals, governments and corporations, function in practically any walk of life. The greatest manifestation of this disruption is seen in the increasing adoption of technological solutions to tackle the challenges that this pandemic is posing.

Key Highlights Of Present-Day Law

The Information Technology Act 2000 (IT Act) read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (Sensitive Personal Data Rules) are the principal legislation governing the collection and processing of personal information and sensitive personal data or information (Sensitive Personal Data) on a sector-neutral basis.

The sensitive personal data rules primarily designate the following as sensitive personal data:

  • Password
  • Financial information such as bank account or credit card or debit card or other payment instrument details
  • Physical, physiological and mental health condition
  • Sexual orientation
  • Medical records and history
  • Biometric information

Sensitive personal data may be collected by a body corporate by complying with the provisions of the sensitive personal data rules including obtaining consent from the provider of the information.

Compliance Challenges Ushered In By Covid-19

The sudden digital shift being caused due to the effects of Covid-19 presents a major challenge in compliance, considering the general outlook towards compliance in relation to data privacy in India. With remote working in the wake of Covid-19, data privacy, security and management have become a massive concern for most organisations due to lack of capacity to deal with data privacy and protection.

Moreover, there have been certain measures which have been carried out due to Covid-19 such as temperature recording and screening of employees and visitors, but which in most cases have been done without appropriate safeguards and adherence to compliances. Another area of concern has been a lack of investment in cybersecurity and a lack of competent personnel dealing with matters such as data security.

What Can Be Done?

Data Mapping

Most organisations do not even have a basic understanding of the data they collect, let alone the reasons and purposes of such collection. These can be especially detrimental in customer-focused sectors such as retail which collect data at the rate of knots but do not even have a rudimentary audit of data practices. A basic practice that can set the foundation of a sound system of dealing with data in an organisation is to analyse the type and quantum of data being processed and mapping them to the purposes and potential departments that may require access to such data.

Questions To Consider

  • How important is data to the business? If data is not required for the business, why is it being collected?
  • If data is an asset just like a physical asset, who should have access and how should it be protected within the organisation?

Building Organisational Capacity

Data privacy and protection is best not thought about in silos. Although it goes without saying that confusing a CISO with a CTO is not a particularly good reflection of organisational capacity, ultimately every person engaged by an organisation must be sensitised to understand the value of protecting data. Steps such as regular training sessions and clear policies on the use of devices and networks within the organisation can be incredibly cost-effective solutions towards compliance.

Questions To Consider

  • Is there a policy covering responsibility of an employee for ensuring the confidentiality of proprietary data and customer information?
  • Is there any responsibility matrix with clear responsibility being attributed to specific personnel for ensuring data protection in the organisation?

Importance To Cybersecurity

Organisations are often daunted by the costs of implementing such solutions but any effort towards protecting data would be a hollow effort without them. Interestingly, many organisations fail to consider the cybersecurity standards used by their IT suppliers such as cloud providers. Organisations using IT in-house can consider doing a gap analysis to understand the existing level of compliances and the areas they fall short. This would provide a starting point to decide on the levels of data protection the organisation can strive towards while keeping commercial concerns relevant.

Questions To Consider

  • Is there any mechanism to audit IT/cloud providers for their cybersecurity standards?
  • Are there clear policies and measures in case of breach/cyber-attack such as for business continuity and recovery?

Conclusion

Covid-19 has already compelled organisations to take a digital leap and is already proving to be a challenge. However, India’s data privacy and protection legal framework is about to take a quantum leap in the form of the Personal Data Protection Bill 2019, which is currently being considered by the Joint Parliamentary Committee. It is now a crucial moment for organisations to actively consider overhauling their existing practices and usher in a new dawn in which their business can thrive, once the Covid-19 pandemic is behind us.

[The article was co-authored by Supratim Chakraborty (Partner) and Sumantra Bose (Senior Associate) at Khaitan & Co]

Note: The views and opinions expressed are solely those of the author and does not necessarily reflect the views held by Inc42, its creators or employees. Inc42 is not responsible for the accuracy of any of the information supplied by guest bloggers.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
Unlock 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Challenges Of Data Privacy And Protection In A Covid And Post-Pandemic World-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Challenges Of Data Privacy And Protection In A Covid And Post-Pandemic World-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Challenges Of Data Privacy And Protection In A Covid And Post-Pandemic World-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Challenges Of Data Privacy And Protection In A Covid And Post-Pandemic World-Inc42 Media
Challenges Of Data Privacy And Protection In A Covid And Post-Pandemic World-Inc42 Media
You’re in Good company