Assignment 2

Information Protection refers to the arrangement of security laws, strategies and methods that
expect to limit interruption into one's protection brought about by the accumulation, storing and
scattering of individual information. Individual information by and large alludes to the data or
information which identify with an individual who can be recognized from that data or information
whether gathered by any Government or any private association or an organization.

The Constitution of India does not grant just the Right to Pirvacy. Nonetheless, the courts have
perused the privilege to protection into the other existing major rights, ie, the right to speak freely
and articulation under Art 19(1)(a) and ideal to life and individual freedom under Art 21 of the
Constitution of India. In any case, these Fundamental Rights under the Constitution of India are
liable to sensible confinements given under Art 19(2) of the Constitution that might be forced by the
State. As of late, in the milestone instance of Justice K S Puttaswamy (Retd.) and Anr. versus
Association of India and Ors., the constitution seat of the Hon'ble Supreme Court has held Right to
Privacy as a principal right, subject to certain sensible limitations.

India does not have any express enactment overseeing information assurance or security.
Notwithstanding, the important laws in India managing information assurance are the Information
Technology Act, 2000 and the (Indian) Contract Act, 1872. A systematized law regarding the matter
of information assurance is probably going to be presented in India sooner rather than later.

The (Indian) Information Technology Act, 2000 deals with the issues relating to payment of
compensation (Civil) and punishment (Criminal) in case of wrongful disclosure and misuse of
personal data and violation of contractual terms in respect of personal data.

Under section 43A of the (Indian) Information Technology Act, 2000, a body corporate who is having,
managing or taking care of any touchy individual information or data, and is careless in executing
and keeping up sensible security works on bringing about illegitimate misfortune or unjust increase
to any individual, at that point such body corporate might be held at risk to pay harms to the
individual so influenced. It is critical to take note of that there is no furthest cut-off determined for
the remuneration that can be asserted by the influenced party in such conditions.

The Government has advised the Information Technology (Reasonable Security Practices and
Procedures and Sensitive Personal Data or Information) Rules, 2011. The Rules just arrangements
with insurance of "Touchy individual information or data of an individual", which incorporates such
close to home data which comprises of data identifying with:-

Passwords;

Monetary data, for example, financial balance or Visa or platinum card or other installment
instrument subtleties;

Physical, physiological and psychological well-being condition;

Sexual direction;
Restorative records and history;

Biometric data.

The standards give the sensible privacy practices and techniques, which the body corporate or any
individual who in the interest of body corporate gathers, gets, have, store, arrangements or handle
data is required to pursue while managing "Individual delicate information or data". If there should
arise an occurrence of any break, the body corporate or some other individual following up in the
interest of body corporate, the body corporate might be held subject to pay harms to the individual
so influenced.

Under section 72A of the (Indian) Information Technology Act, 2000, revelation of data, purposely
and purposefully, without the assent of the individual concerned and in rupture of the legitimate
contract has been additionally made culpable with detainment for a term reaching out to three
years and fine stretching out to Rs 5,00,000 (approx. US$ 8,000).

Section 14. of IT Act,2000, - Secure electronic record.—Where any security procedure has been
applied to an electronic record at a specific point of time, then such record shall he deemed to be a
secure electronic record from such point of time to the time of verification.

What is GDPR?

The GDPR, ordered in May 2016, is supplanting the EU'S harshly obsolete Data Protection Directive
guideline of 1995. The information observed under the new guideline won't as it was incorporate
individual data, for example, names, sexual orientations, and email addresses that clients
deliberately share, yet in addition foundation following of treats and program history, thus on.
Indeed, even identifiers like area information and IP locations are expressly included under close to
home information presently, as per a report by counselling from Deloitte. "As guidelines make up for
lost time, information security has quick developed to become a matter of survival for
organizations," 1said Rana Gupta, a personality and information security master at Gemalto, an
advanced security organization. The new EU standards command that organizations managing high
risk what's more, high-volume information normally should designate an information assurance
officer. Taking straightforwardness up an indent, the guidelines give organizations a tight 72-hour
runway to report information ruptures.

There are no concrete laws in India on privacy and the information of a company is to be protect by
their privacy policy, a company becomes an individual entity and can proceed under these privacy
laws and IT Act, laws upon breach of their data.

1
Complying with Europe's GDPR is a struggle for Indian IT firms — Quartz India
2. How To Copyright Website In Six Easy Steps | Website Copyright Tutorial
The company should copyright their creative data uploaded online, made available to public, to
protect it from plagiarised, in compliance to Copyright Act,1957.2

Privacy and Social media: In the 21st century most of our personal information is available on
social media, one click and all the information is made available to them, with this advancing
generation the issue of data being misused have also increased, anyone can easily access into others
private chat or hack the account and misuse it, the IT protection act, not only individual hackers even
the biggest social media platform; Facebook is responsible for infringing in individuals personal
liberty, every single like made on the page is treated as part of a survey and accordingly used as a
marketing or even as an election device. There is allegation on google that it listens to every single
conversation made around our electronic device which has google installed in it and in the pace
which technology is advancing it's not very hard to believe that this can be true, and we can say truly
that walls do here all our conversations. Due lack of proper evidence and proof, lack of proper
stringent data protection law these media companies are getting away with it.

Case involving data breach

 Deloitte (October/November 2016)

Accountancy Firm

The firm was targeted by a sophisticated hack that compromised the confidential emails and plans of
some of its blue-chip clients. The attack was discovered in March 2017 though findings revealed
though the hack may have been launched as early as October or November 2016.3

 2016 Indian Banks data breach was reported in October 2016. It was estimated 3.2 million
debit cards were compromised. Major Indian banks- SBI, HDFC Bank, ICICI, YES Bank and Axis
Bank were among the worst hit. Many users reported unauthorised use of their cards in
locations in China.

This resulted in one of the India's biggest card replacement drive in banking history. The
biggest Indian bank State Bank of India announced the blocking and replacement of almost 600,000
debit cards. An audit performed by SISA Information Security reports that the breach was due to
malware injected into the payment gateway network of Hitachi Payment Systems.4

Ananya Singh
NMIMS, School of Law, Navi Mumbai
sinngh.ananya@gmail.com

3. http://www.copyright.gov.in/Documents/CopyrightRules1957.pdf
4. https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails
5 https://www.powerscore.com/lawschool/international.cfm