About the Bill
The Government of India has proposed and introduced the draft of the Personal Data Protection (PDP) Bill to the Joint Parliamentary Committee in the Lok Sabha recently. This bill is going to be the Government of India’s another milestone in cyber security space after “Digital India” drive a couple of years back. Previously, this bill was introduced in 2018 by SriKrishna Committee, defining the importance of personal data and its sensitivity. These data include financial data, biometric data, intersex/ transgender status and official government identifiers (like PAN card).
The two major objectives of this PDP bill are data and data fiduciary. Data, as it is conventionally known, represents any information (both personal & professional) logically communicated, interpreted, or processed by humans or digital means. On the other hand, data fiduciary is to mark the security and trustworthiness of any individual or organization’s digital entity to the rest of the world.
Cyber Security Aspect
After the introduction of Aadhar card, data control in India became a huge concern. Today, these unique identification numbers are linked to other different accounts like bank accounts, mobile numbers, PAN cards, LPG connection account and others. While this was a revolutionary step towards digitizing and centralizing the identity of Indian citizens, it also led to multiple fraudulent incidents at the same time.
In the PDP bill, the data protection rules say that personal data can be processed strictly for those purposes that are clear, specific and lawful. Under any circumstances, it should be ensured that the owner of the data has full permission or consent for processing his/ her data and that should be secured. The context and circumstances should also be specified so that the owner of the data can keep a track of what has happened with his/ her private digital identity.
In cyberspace, there has been constant news of data breach and data misuse by cyber criminals with multiple malicious intents. Hence, there is an increasing need to have stringent and specific guidelines to protect confidential data from any kind of fraudulence. In this scenario, the initiative taken by the Government of India in the form of the Personal Data Protection (PDP) bill in the current parliament session is indeed a welcome step. The bill envisages certain framework which would ensure that the processing of any personal public data should be secured from any kind of compromise and maintain Indian citizens’ data integrity and security.
How ARCON | Privileged Access Management (PAM) can contribute?
Apart from the Reserve Bank of India Circular on Information Security, there are no other laws in the nation to protect personal or enterprise data. Globally, several Information Security standards lay emphasis on reinforcing data security. ARCON, being a global risk control solution provider, welcomes the proposed PDP Bill as soon as it passes in the Parliament. ARCON’s flagship product Privileged Access Management (PAM) that protects global organizations’ privileged accounts from sophisticated IT and insider threats, is compliant with most of the global regulatory standards such as the GDPR, PCI DSS, HIPAA, SWIFT CSCF, among many other local/ regional IT security standards. Once PDP Bill comes into effectiveness, ARCON | PAM will become an indispensable tool to comply with the PDP regulation as the proposed law would literally mean defining a rule and role-based access to applications and enterprise databases including monitoring and controlling of end-users accessing the confidential information.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real-time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.