Anyone who has visited an income-tax office, a property registrar's cubbyhole, or even an unrefurbished public sector bank branch could not have failed to notice piles of dog-eared files in every corner. |
Some of them may contain sensitive customer data that ought not to be lying around for crooks to access by bribing the right people. Many people also receive unsolicited business offers by email or mobile phone, not to speak of cold calls on the landline. |
|
Inured as they are to public encroachments on private space and vice versa, they tend to view spam and invasions of privacy as a little more than just another nuisance""something to be bracketed with loud music played on the streets at festival time. |
|
But few of them would be amused to learn that their bank account details or tax files are doing the rounds among criminal gangs and unscrupulous marketing agencies. |
|
The government has to wake up early and put in place a unified law on information security and respect for privacy before things get out of hand. |
|
While organisations like Nasscom are already spearheading a campaign to upgrade India's data and information security laws to international standards, their efforts are motivated primarily by the requirements of the IT and BPO industries. |
|
Nasscom fears that if this issue is not addressed quickly, western politicians could well start erecting non-tariff barriers to offshoring by citing India's weak data security laws and even weaker implementation. |
|
That's why it is developing a framework for technical and operational security audits for IT companies even while it lobbies the government for a new law. |
|
It's not as if India has no data security law on the statute book. The problem is there are several""spread across five or six different pieces of legislation. |
|
That's one reason why they are so diffused and ineffective. What we need is one comprehensive law that takes care of all kinds of data and information security, covering foreign and Indian companies and individuals. |
|
As one recent cover story in a national magazine pointed out, today it is possible to obtain information on ordinary citizens from many sources""banks, telephone companies, clubs, stockbrokers, et al.""if one is willing to pay the price to touts. With banks and credit card issuers using third parties like direct selling agents to canvass for housing, automobile and personal loans, sensitive financial information is accumulating at various points. |
|
If this information finds its way into the wrong hands (like extortionists) or even the right hands (like tax sleuths) without going through the due process of law, there will be a sharp decline in public confidence in the institutions to whom such information has been entrusted. |
|
A unified data security and privacy law should cover all kinds of private information that is captured by commercial bodies and even government agencies. |
|
The law should deal with leaks and losses of information with an iron hand, on a par with tax evasion and other robbery. Information is power, and it is the government's duty to ensure that the interests of its citizens are not compromised by a lackadaisical approach to protecting information from marauders. |
|
|
|