‘Data is at the heart of everything today’ – one gets to hear this in many different ways every day. Have you really thought about the implications of it all? Shivangi Nadkarni, Co-founder & CEO of Arrka Consulting, gives provides a glimpse into why you should be bothered, in this first post in a series on the essentials of Data Privacy.
Here is a quick question: How many minutes ago did you last give out data about yourself?
‘Huh? I don’t recollect giving away any information about myself in the last few weeks or even months!’
Well, it’s time for a reality check. How about answering these questions?
- How long has it been since you last logged in to Facebook, WhatsApped or accessed your Gmail account?
- When did you last shop or grab a cup of coffee?
- Did you happen to go for a business meeting at a corporate client’s office today?
- Did you call for a taxi from one of those oh-so-convenient taxi hailing apps?
- Do you wear an exercise wristband that tracks vital body parameters?
Did you know that, in each of these cases, you revealed data about yourself?
- Your geographical location is recorded each time you use a social media site. Besides geographical details, many other things are captured and recorded about you while you use any social media.
- Every time you swipe a credit card or use it online, your name, card number and other details are sent to your bank, the card processing networks (like VISA or MasterCard or Rupay) and – possibly – some of this data is also stored by the retail outlet / coffee shop/ online vendor.
- Don’t most visitor security systems at offices these days take down your mobile number and name – and sometimes even photograph you, simultaneously issuing a well-printed visitor badge to hang around your neck? All this data is stored by that organization.
- When you call for a cab, the app service provider as well as the driver of the cab get your address, don’t they?
- And when your wristband syncs with its mobile app, confidential data about your body parameters goes to the app provider.
Ever wondered what happens to this gargantuan data that is being collected? Who all get to access it? What are the possible way in which the data may be used? What would be the repercussions of some entity accessing the information without you – or maybe even the entity that collected that data – being aware? Who is ultimately responsible and accountable for any acts of violation of the data? What do you do to redress any grievances?
If these questions are beginning crop up and make you rather uncomfortable – then you are beginning to think about data privacy.
Now ask yourself again – Why bother about privacy?
As data not just pervades, but actually DRIVES the digital world in unprecedented ways – which in turn permeates almost every aspect of our lives today, and will continue to penetrate deeper in the future- its privacy becomes increasingly critical.
So data privacy should matter to you in either of these avatars:
- As an individual whose data is captured, stored, traded, analysed, processed, and subject to a myriad different things
- As someone who is part of a corporate – whether as a junior employee handling personal information about people, or as a business head overseeing tons of personal data being collected and processed, or as an HR manager responsible for critical and sensitive data about employees, or as a business owner whose business may involve dealing with people’s sensitive, personal information.
As an individual, you need to know what is going on with your personal data – who is capturing data about you and your family, who is tracking you, how it is being done, what kind of risks you are being exposed to, and how do you deal with all these overwhelming and rapid developments around the world.
As someone who is part of the business world, you are on the other side of the table. So you need to start thinking about the kind of personal data your business collects, is it actually required, the risks & liabilities of carrying this data, the laws governing personal data in countries of business operations & the associated liabilities and penalties, whether your competitors are beginning to leverage privacy as a competitive advantage, what do you need to do about the employee data that you control and so on.
Getting basic facts right is key to decision-making with regard to privacy. Before you say “But there is no privacy law in India….”, note that while there is no single, overarching privacy law in India, we have sensitive data protection rules under the Information Technology (Amendment) Act, 2008 that cover all critical aspects of data privacy AND are applicable to all “Body Corporates” (that covers anyone running a business in India). So you don’t have the luxury of hiding behind that excuse anymore.