The Personal Data Protection Bill, 2023, now awaits President Droupadi Murmu’s signature. With this legislation, the Centre hopes to bolster cybersecurity measures and safeguard personal data

Parliament Approval Paves Way for Data Protection Bill to Combat India’s Cybersecurity Threats

A recent global survey by Surfshark reveals a glimmer of hope in India’s cyber security landscape. For the second consecutive quarter, data breaches in India have shown a downward trend. However, despite this positive development, India is still one of the top countries struggling with data breaches globally.

According to cyber security company Surfshark, India is the seventh most breached country in the second quarter of 2023 with around 1.35 million compromised accounts. Earlier, India ranked sixth with 2.4 million in the first quarter of 2023. It should also be noted that the breakdown rate in the second quarter is 44 percent lower than in the first quarter.

Recognizing the need for comprehensive legislation to strengthen cyber security practices, the Digital Personal Data Protection Bill was passed in the Lok Sabha on August 7 despite concerns raised by the opposition – centralization of power, independence of the Data Protection Board, data localization and cross-border data transfer. . Later in the afternoon, on Wednesday, the Rajya Sabha also passed the critical bill.

However, the bill, which is now awaiting President Droupadi Murmu’s signature into law, contains a number of provisions specifically aimed at cybersecurity risks. This includes:

Strong technical measures: The bill obliges organizations to implement strict technical and organizational security measures to protect personal data from cyber threats. This includes measures such as encryption, access control and well-defined security incident response plans.
Informed consent: Organizations are prohibited from processing personal data without the express consent of individuals, unless it is for legitimate reasons. This regulation ensures that personal data is not collected or used without the knowledge and consent of individuals.
Fast data breach notifications: The law requires organizations to promptly notify individuals within 72 hours of discovering a data breach. This proactive approach allows individuals to take the necessary precautions in the event of a breach, minimizing potential harm.
Data Protection Board: The Central Data Protection Board, established by the government, oversees the implementation and enforcement of the provisions of the Act. This regulatory body has the power to investigate and punish those who violate the law.
High Penalties: The bill imposes stiff fines ranging from Rs 50 crore to Rs 250 crore on those who violate its provisions. Strong penalties can help prevent cybersecurity risks and act as a deterrent to organizations tempted to break the law. They are more likely to obey the law if they know they can face significant financial penalties.

Experts say the bill creates a more durable defense against cyber threats by limiting organizations from secretly collecting personal data and increasing transparency and accountability. The bill has the potential to limit cyber threats by implementing strict technical measures, prioritizing informed consent and facilitating quick breach notifications.

Experts also believe that while challenges remain, this legislative initiative offers a glimmer of hope in the ongoing battle to secure personal information in an increasingly interconnected world.