The Alleged PayTm Data Breach Is Just The “Tip Of The Iceberg”! Indians Are Lax At Data Security And Here’s Why India Needs A Strong Data Protection Law!!

Data Breach
Photo by Privecstasy on Unsplash

The Fintech firm and digital payments pioneer, PayTm, was reported to have been hit with a data breach in 2020, affecting 34 Lakh users. Email ids, phone numbers, location, demographics, and other details were leaked by hackers and could impact the users and PayTm. Though the firm denied the data breach, asserting that all of its user data is safe and secured, the portal, Have I Been Pwned, has a different take, reporting the data breach in 2020 and offering users the tools to check whether their data has been leaked. Moreover, the Firefox Monitor, a service offered by the Mozilla Foundation, of which the popular internet browser, Firefox, operates, corroborated the data breach that had taken place in 2020.

This news is not “surprising” as both Indian and foreign firms are regularly targeted by hackers, including high-profile firms such as Paytm. However, what is noteworthy about the PayTm data breach is the financial and reputational implications for the firm, along with bundles of worry for the users whose personal data has been compromised. Being a digital payments enabler, PayTm occupies a “pride of place” in India, having been among the “early birds” to have offered UPI (Universal Payment Interface). So, any data breach is surely a big negative for its reputation and brand value. Worryingly, this data breach raises concerns about the ability of hackers to use and misuse sensitive user data, which in PayTm’s case raises the stakes as those compromised accounts can lead to enormous monetary losses for the users.

Indians are notoriously lax at securing personal data and, more so, about banking and financial information. Not a day passes without reports of OTP (One Time Password) scams where users are “conned” into revealing sensitive personal details, which are then used to withdraw huge sums of money from their bank accounts. In addition, there are fake bank and finance firm websites that “trick” Indians, along with the infamous “spoof and sniff” web links that operate on similar lines. Culturally, we are prone to “baring our data” as any Indian who travels by train or, for that matter, engaged in public interactions knows all too well how even apparent strangers talk about themselves and part with confidential information about demography, location, profession, and in some cases, income and wealth details.

A significant concern is the all-encompassing Aadhar data that forms the “backbone” of almost all governmental and service provider schemes and offerings. Indeed, while Aadhar remains a “game changer” in the way Indians access welfare schemes and is extremely useful for obtaining everything from a mobile connection to internet access, as well as for opening anything from a bank account to getting a driving license, there are serious concerns about how Aadhar data is handled, and personal information is stored. It is routine to come across news reports of Aadhar data “leaks” and, more worryingly, hacks of Millions of user data. Given the “ubiquity” and “omniscience” of Aadhar, there needs to be a better way to secure and safeguard this information by everyone, right from the government to the numerous service providers, as well as the other “intermediaries” who process and validate personal identities in the service provision process.

Perhaps the PayTm data breach is “no great shakes” in a world of innovative and enterprising hackers who “stop at nothing”. However, this PayTm data breach is the “tip of the iceberg”, and it is high time India has a robust data protection law along the lines of the European approaches. I have deliberately mentioned Europe as the European Union (EU) is the world’s strictest regarding personal data protection. So much so that even Google and other Big Tech giants have had to “fall in line” or pay fines, or worse, face blocking of services, unless they complied with its “demanding” data privacy and data security rules. In this context, it is worth noting that Indians are also careless about how they interact with Google, Facebook, Twitter, and Instagram (to name some) regarding revealing their data.

Among those who have flagged the lack of a robust personal data protection regime in India is Mukesh Ambani, who first came up with the “Data is the New Oil” phrase. With so much at stake, future business battles would be fought over data like the Industrial era wars over oil. So, the emerging Digital Age needs new thinking, and this is where a comprehensive, regulated data protection regime can do wonders for India’s “dream” of a $5 Trillion Economy. More so, when it was reported that foreign firms flagged potential concerns over data security, including Citibank, which cited this as one of the factors behind its decision to “exit” India. The next time your fingers “itch” to watch videos and photos of your favourite celebrity, remember that your data is your “passcode”, and so, do not “breeze” through the data collection agreements (without thought) that you need to “accept” before accessing the websites and apps.

 256 total views,  5 views today

Leave a Reply