Reliance Jio, an Indian telecom upstart, compromised the personal data of over 100 million customers. This has prompted a call for increased data protection laws in India.
At present, companies in India do not have to disclose data breaches to clients. Of course this is stark contrast to companies in the European Union, which have strict data protection laws.
Pranesh Prakash, policy director at a research organization, the Centre for Internet and Society (CIS), said “this occurrence raises question of security and accountability. A rule to report a breach exists, but it is unenforceable. It says you’re not liable if you’re following reasonable security practices. What ‘reasonable’ means is not defined.”
Separately, a CIS report said Aadhaar numbers of as many as 135 million Indians had leaked from government databases and could not be found online. An Aadhaar number is similar to a U.S. social security number, but also stores a user’s biometric data.
Since 2012, India has unsuccessfully sought “data-secure” status from the European Union. Because many large multinational companies have its back offices stationed in India, it will be important for India to successfully meet this “data-secure” status. Only then will European Union citizens be satisfied with India’s information sharing standards and be willing to send EU citizens to the country.
It will be interesting to see how India responds after the Jio data breach. Nonetheless, it seems that radical changes in connection with data protection laws are on the horizon.