Why in news
Ransomware threats are increasing significantly in both volume and value.
Many companies experience data loss despite paying ransoms.
Companies need to view ransomware as an organizational cultural problem.
Everyone must take data protection seriously.
Ransomware is a type of malware that permanently blocks access to the victim's personal data unless a "ransom" is paid.
India as a Prime Target
India's role in the global digital economy makes it a target for ransomware.
Cert-In Report: A 53% increase in ransomware incidents was reported in 2022 in India.
Importance of Data Protection
Backups are crucial for data protection and business continuity.
Implementing robust data protection and recovery measures can mitigate ransomware risks.
The Digital Personal Data Protection Act, 2023, enhances India's cyber resilience.
Salient Features of the Digital Personal Data Protection Act (DPDPA) 2023?
Right to Data Protection: It empowers individuals with the right to know and control their personal data. This includes rights to access, correction, and erasure of their data, giving citizens greater control over their personal information.
Data Processing and Consent: The Act mandates that personal data can only be processed with the explicit consent of the individual. Organisations must provide clear and specific consent forms and ensure that consent is obtained before data collection.
Data Localisation: Certain types of sensitive personal data are required to be stored and processed within India. This provision aims to enhance data security and facilitate easier enforcement of data protection laws.
Regulatory Authority: The Act establishes a Data Protection Board of India (DPBI) to oversee compliance and handle grievances. The Board is responsible for adjudicating disputes and imposing penalties for violations.
Data Breach Notification: Organisations are required to notify individuals and the Data Protection Board of any data breaches that may compromise personal information. This provision aims to ensure transparency and prompt action in the event of data leaks.
Fines and Penalties: It outlines stringent penalties for non-compliance, including significant fines for violations. This is intended to incentivize organisations to adhere to data protection standards.
COMMENTS