Professional Documents
Culture Documents
•Centralized Key Management: Centralized key management has been a security best practice for
many years. It applies just as strongly in big data environments, especially those with wide
geographical distribution. Best practices include policy-driven automation, logging, on-demand
key delivery, and abstracting key management from key usage.
•User Access Control: Strong user access control requires a policy-based approach that automates
access based on user and role-based settings.
•Intrusion Detection and Prevention: Intrusion detection and prevention systems are security
workhorses.
•Physical Security: Physical security systems can deny data center access to strangers or to staff
members who have no business being in sensitive areas. Video surveillance and security logs will
do the same.
FOR ACADEMIC PURPOSE (DR PREETI KHANNA) 6
FOR ACADEMIC PURPOSE
https://www.rd-alliance.org/group/big-data-ig-data-security-and-trust-wg/wik (DR PREETI KHANNA) 7
i/big-data-security-issues-challenges-tech-
concerns
LEGAL PROVISIONS FOR HANDLING
DATA PRIVACY AND SECURITY
FOR ACADEMIC PURPOSE (DR PREETI KHANNA) 8
THERE ARE SOME OF THE KEY LEGAL PROVISIONS GOVERNING
THE PERSONAL DATA AND PRIVACY PROTECTION
Key legislations are under as follows:
1. Information Technology Act, 2000.
2. The rules and regulations that governs the following sectors:
1. Telecommunications.
2. Banking.
3. Medical and Healthcare.
4. Insurance.
3. The Right to Information Act, 2005.
4. The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016
and the rules framed thereunder;
5. General Data Protection Regulations-GDPR (EU): The GDPR is the new EU legal framework governing
the use of personal data across the EU. It lays down rules relating to the protection of natural persons
with regard to the processing and free movement of personal data. FOR ACADEMIC PURPOSE (DR PREETI KHANNA) 9
FOR ACADEMIC PURPOSE (DR PREETI KHANNA) 10
AMENDMENTS AS INTRODUCED BY THE IT AMENDMENT ACT, 2008
The following important sections have been substituted and inserted by the IT Amendment Act, 2008:
1. Section 43A – Compensation for failure to protect data.
2. Section 66 – Computer Related Offences
3. Section 66A – Punishment for sending offensive messages through communication service, etc. (This provision
had been struck down by the Hon'ble Supreme Court as unconstitutional on 24th March 2015 in Shreya Singhal
vs. Union of India)
4. Section 66B – Punishment for dishonestly receiving stolen computer resource or communication device.
5. Section 66C – Punishment for identity theft.
6. Section 66D – Punishment for cheating by personation by using computer resource.
7. Section 66E – Punishment for violation for privacy.
8. Section 66F – Punishment for cyber terrorism.
9. Section 67 – Punishment for publishing or transmitting obscene material in electronic form.
10. Section 67A – Punishment for publishing or transmitting of material containing sexually explicit act, etc, in
electronic form.
https://www.mondaq.com/india/Privacy/655034/Data-Protection-Laws-In-India--Everything-You-Must-Know
FOR ACADEMIC PURPOSE (DR PREETI KHANNA) 11
11. Section 67B – Punishment for publishing or transmitting of material depicting children in sexually
explicit act, etc, in electronic form.
12. Section 67C – Preservation and Retention of information by intermediaries.
13. Section 69 – Powers to issue directions for interception or monitoring or decryption of any information
through any computer resource.
14. Section 69A – Power to issue directions for blocking for public access of any information through any
computer resource.
15. Section 69B – Power to authorize to monitor and collect traffic data or information through any
computer resource for cyber security.
16. Section 72A – Punishment for disclosure of information in breach of lawful contract.
17. Section 79 – Exemption from liability of intermediary in certain cases.
18. Section 84A –Modes or methods for encryption.
19. Section 84B –Punishment for abetment of offences.
20. Section 84C –Punishment for attempt to commit offences.
https://www.mondaq.com/india/Privacy/655034/Data-Protection-Laws-In-India--Everything-You-Must-Know
FOR ACADEMIC PURPOSE (DR PREETI KHANNA) 12
GDPR - GENERAL DATA PROTECTION REGULATION
Data protection principles: If you process data, you have to do so according to seven protection and accountability principles outlined in Article
5.1-2:
Lawfulness, fairness and transparency — Processing must be lawful, fair, and transparent to the
data subject.
Purpose limitation — You must process data for the legitimate purposes specified explicitly to the
data subject when you collected it.
Data minimization — You should collect and process only as much data as absolutely necessary for
the purposes specified.
Accuracy — You must keep personal data accurate and up to date.
Storage limitation — You may only store personally identifying data for as long as necessary for
the specified purpose.
Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate
security, integrity, and confidentiality (e.g. by using encryption).
Accountability — The data controller is responsible for being able to demonstrate GDPR
compliance with all of these principles.
https://gdpr.eu/what-is-gdpr/
FOR ACADEMIC PURPOSE (DR PREETI KHANNA) 13
ONE REAL-WORLD EXAMPLE OF NOT ABIDING BY DATA
PRIVACY LAWS
While under GDPR compliance, companies need to use the same level of data security for both
stored personally identifiable information such as social security numbers, as well as cookies. And
even though the GDPR applies to the EU, it also applies to anyone that has dealings within the EU.
In January 2019, Google was fine $57M under the new GDPR law.
This shows even the biggest of companies are still struggling with what this means to them and how to
incorporate the right security and compliance measures within their business ecosystems.
The complaint came from a privacy group that accused Google of not properly adjusting their data
collection policies with the new GDPR regulations
▪The Committee released a White Paper on Data Protection in 2017 ('White Paper'), and a submitted its
final report titled, 'A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians' ('the
Report') along with a draft law, 'The Personal Data Protection Bill, 2018' 'the Bill') in July 2018.
▪A new Data Protection Bill was introduced in the Indian House of the People (i.e., the Lok Sabha) in
December, 2019 (the Bill).
▪The bill is modeled largely on existing frameworks for protecting privacy in other jurisdictions, including
the GDPR and the Asia-Pacific Economic Cooperation (APEC) Privacy Framework.
▪The Bill amends the Information Technology Act, 2000 with more clarity with respect to defining
Sensitive Personal Data and Data Breach
▪Businesses would also have to deal with personal data more seriously, and would have to relook at all
their data processing activities. It would pave the way for a stronger data security and privacy control
framework and guidelines in India, similar to those established globally.
▪Reduce risk of mass surveillance and other privacy harms by establishing limitations to power of central
government to issue exemptions under Chapter VIII of the Bill
▪Revise provisions on the transfer of sensitive personal data and critical personal data outside India