Fear that India’s telecommunications unit, Reliance Jio, suffered a major data breach, compromising the personal data of more than 100 million customers, has led India to adopt stronger laws to protect consumers.
Jio has repeatedly denied any breach and said the names, phone numbers and email addresses of Jio users on a website called “Magicapk” appeared to be “not authentic”. The website was closed later.
The company, part of the conglomerate Reliance Industries Ltd, said on Monday that its subscriber data was safe and protected by the highest levels of security.
However, Jio filed a complaint on the same day alleging illegal access to their systems, police told Reuters.
Jio did not respond to requests for comments.
Unlike companies in the European Union, which have strict rules on data protection, companies in India do not have to disclose data gaps to customers, said information security professionals.
“There are issues of security and accountability,” said Pranesh Prakash, policy director of the Internet and Society Center (CIS), a research organization.
People complained on Twitter of personal information from Jio users that were available on the Magicapk site. Several local media said their checks had led them to believe that an escape had occurred.
“There is a rule for reporting violations, but it is not enforceable,” says Prakash. “It says that you are not responsible if you are following reasonable security practices, which means” reasonable “is not defined.”
Stronger defenders in India say a violation of data in countries with tougher cyber laws, such as Britain or the United States, would spur an investigation by regulators.
After reports of a data leak at Verizon earlier this week, for example, the US telecoms firm quickly responded with an explanation of what had happened, how it had happened and the magnitude of the problem.
“India is at an early stage, and for good standards in Asia, look at Singapore,” said Srinivas Kodali, an independent security researcher.
Not a priority
“We do not have full-menu data protection laws,” said Apar Gupta, a Supreme Court lawyer who works on data privacy issues. “We do not even have an institutional framework or an expert body to implement the limited data protection regulations that exist, it is so limited that it is more accurate to say that there is no law.”
Only in May, there were two data security incidents in India.
Records of 17 million customers of Zomato, a popular food delivery application, went on sale online. Zomato initially advised customers that their passwords were secure, but later advised users to change them.
On the other hand, a CIS report said that Aadhaar’s numbers of up to 135 million Indians had been leaked from government databases and could be found online.
The number, similar to a US social security number, is unique to every Indian citizen and the Aadhaar database also stores a user’s biometric data. The government is pushing for Aadhaar’s numbers to be used on everything from opening bank accounts to filing tax returns.
For India, privacy of data is not a priority, said Amy Junaideen, risk advisor to Deloitte.
“From the organizational point of view, there is no incentive other than being a good corporate citizen to report a violation,” he said, noting that in the European Union and the United States the regulatory framework is basically for the good of the consumer, but that this This is not the case in India.
India, home to the offices of many large multinationals and outsourcing companies, has also unsuccessfully sought EU “data insurance” status since 2012.
The statute is vital for the exchange of information between EU and Indian entities, because it means that the EU is convinced that the data protection rules in a country meet its standards, so that citizens’ data The EU can be sent to that jurisdiction.
Raman Chima, policy director at Access Now, who advocates for stronger digital rights, says weak data privacy laws are probably the biggest hurdle to “data insurance” status.
In 2010, a European Union study on data protection in India noted that “there was no