Data Privacy - The Concept And Its Analysis By - Amresh Swarnkar
Data Privacy - The Concept
And Its Analysis
Authored By - Amresh Swarnkar
Maharashtra National Law University,
Aurangabad.
5th year (9th
Semester student), batch of 2018-23.
META DESCRIPTION
In this particular blog the concept
of data privacy has been discussed and the various facets related to it like-
*An entity’s compliances with respect
to data privacy and why it is necessary to comply with data privacy for an
entity.
*Role of the employees of an entity
with respect to data privacy.
*If an entity doesn’t comply with
data privacy compliances what will be the consequences.
*The scenario of existing laws with
respect to data privacy.
have also been discussed in order to
make the reader aware about the concept of data privacy in detail.
INTRODUCTION
This particular blog is on the
subject matter that what is the whole concept of data privacy.
In this blog the various facets with
respect to data privacy have been covered in order to make the reader aware of
the concept of data privacy in detail.
The various facets with respect to
data privacy covered in this blog are-
An entity’s compliances with respect
to data privacy and why it is necessary to comply with data privacy for an
entity, role of the employees of an entity with respect to data privacy, if an
entity doesn’t comply with data privacy compliances what will be the
consequences, the scenario of existing laws with respect to data privacy.
My findings and suggestions
pertaining to the concept of data privacy have been mentioned and explained in
the conclusion of this blog.
Tags/ Keywords associated with the
article:
·
Data
Privacy
·
Data
Privacy compliances.
·
Consequences
of not following data privacy rules.
·
Employees
role in data privacy.
·
Existing
laws related to data privacy.
MAIN BLOG
Data privacy-
The concept of data privacy basically
relates to protection of data via proper handling of sensitive data mainly
personal data of an individual, financial details like- bank details, etc. of
an individual, etc.
The concept has basically evolved to
protect the sensitive data of an individual from getting into the wrong hands
because then it can be used by them in various unfair manners like-
*Using the personal information of an
individual to make fake documents.
*Using the financial information in
order to steal money from his bank online.
*Selling the data to ad agencies,
other companies, etc. so they can give their ads on the person’s mobile number.
So overall we can say that data
privacy helps to ensure that the collector of the sensitive data ensures that
such data doesn’t get into the hands of any third party and if it gives to an
authorized third party it should ensure that the particular third party also
complies with the data privacy or protection rules.
Compliances to be followed with
respect to data privacy-
The main compliances with respect to
data privacy are the Information Technology Act (I.T. Act) and the SPDI
(Sensitive personal data or information) Rules.
As per the I.T. Act an entity
handling any personal or sensitive data will be liable to pay damages to the
concerned parties if there is any negligence on the part of that entity in
implementing and maintaining reasonable security practices and procedures which
are to be complied with in order to maintain data privacy and protection.
The SPDI Rules specify the minimum
standards for data protection for sensitive personal data.
The SPDI Rules require an entity to-
1. Have a Privacy policy.
2. Consent to be obtained when
collecting or transferring sensitive personal data or information.
Consequences if not complied with the
data privacy-
The Information Technology Act
prescribes criminal penalties which are- both imprisonment of up to three years
and fines for persons who disclose personal information or data without the
consent to whom it belongs, where such disclosure is with respect to breach of
a contract or where it results to wrongful loss.
Role of employees in data privacy-
The employees within an entity like
the human resource team or the other employees who are assigned with sensitive
personal data of individuals should ensure the proper protection of that data
because in this digitalized world it is very easy to transfer data from one
place to another and if such a thing happens it will malign the image of the
entity as well as its employees along with attracting the legal penalties as
well.
For this to be achieved:
The entity should have a strong data
protection policy-
1. The people who are involved with
sensitive data should be bound to handle it properly else can be given a
deterrence that their employment could be taken away.
2. The Human Resource team should ensure
how and in what manner such data is being used by the employees.
3. The H.R. team should also ensure that
there is not any misuse of such data.
4. Only authenticated people in the
entity should be allowed by the people with senior posts or responsibilities to
handle the sensitive data.
Scenario of existing laws regarding
data privacy-
Presently the I.T. Act and the SPDI
Rules take care of the data protection regime in India and the SPDI Rules also
ensure that an entity should comply with the SPDI Rules i.e. be SPDI compliant
while handling with sensitive data and also to give any sensitive data only to
any other entity which is SPDI compliant.
The Personal data protection Bill,
2019 was going to be an important legislation regarding the data privacy
concept in India but this Bill was withdrawn by the government.
The Constitutional law also plays a
key role in the realm of data privacy as-
Article 21 of the Indian Constitution
i.e. Right to Life also contains the concept of Right to Privacy as was held by
the Supreme court in the judgement of
Justice K.S. Puttaswamy and Anr.
V. Union of India and Ors.[1]
So now by this judgement Right to
Privacy is also a fundamental Right as per Article 21 of the Indian
Constitution and so now we can also say that data privacy also has the
Constitutional protection.
CONCLUSION
In this blog the concept of data
privacy has been dealt in detail covering the various aspects of it like- what
is data privacy, compliances regarding data privacy to be followed by the
entities and if the compliances are not followed what are the consequences, the
role of employees of an entity in respect with data privacy and also the
scenario of existing laws with regards to data privacy.
This particular blog would help the
readers to analyze the concept of data privacy as all the various aspects
related to it have been dealt in depth in this blog.
Findings-
1. No particular framework or law
guiding the framework of data privacy in India- The I.T. Act and the SPDI Rules
regulate and control the data privacy realm in India but a fixed and stable law
which guides the whole framework of such an important aspect is yet not present
in India.
The Personal Data Protection Bill,
2019 was a kind of solution to this problem but however it was also withdrawn
by the government.
2. The Human resource and the employees
in the entities are not that much aware about the data privacy aspect in India
because of it many cases of leakage of personal data of individuals keeps
coming in front now and then.
So the employees, etc. who handle the
sensitive data in an entity should know about the data privacy aspect
completely in order to prevent the data from getting into the wrong hands.
Suggestions-
1. In order to address the problem of
weak framework of data privacy a proper and appropriate law should be made by
the government which makes the people be able to avail the Right to their Privacy
in a better manner and it will also help to protect the sensitive data’s misuse
or exploitation.
2. In order to address the problem of
leakage of sensitive data by the employees, only the authenticated individuals
should be allowed to deal with sensitive data in an entity, awareness programs
should be organized by the entities to make the employees aware about the
aspect of data privacy and the importance of protection of sensitive data,
straight deterrence should be implemented by the entities that the responsible
person and also the related persons involved in the misuse of any sensitive
data will not be allowed to continue in the employment in any manner; this
could help create a fear in the mind of the employees resulting in better
protection of the sensitive data also at the individual level i.e. by each
employee.
REFERENCES
* Information Technology Act, 2000
* SPDI Rules, 2011
* All India Reporter
* Cyber Privacy book by April Falcon
Doss
* Privacy’s Bluepring book by Woodrow
Hartzog
* Why Privacy matters book by Neil
Richards