Javed Anwer
What else can we expect when in India, they have no obligation to report data breaches or hacking incidents.
Did you get a message from your bank in the last one month, asking you to change the PIN?
If yes, it's time for you to start seeking some answers from your bank. If you have noticed, last week a major data breach related to debit cards in India came to light.
According to a report – and it is still not covering the full extent of breach because no one outside the banking system knows what is going on – information related to as many as 32 lakh debit cards belonging to Indian banks is out there in the hands of cyber criminals.
And yet, neither banks nor the government have shown any willingness to make public disclosure of the breach.
All that the banks have done is send a message to people saying they should change the PIN. Why does the PIN needs to be changed? What really happened?
Are customers at some serious risk from cyber criminals? Was the information related to their cards leaked? None of these questions have been answered.
The reason is simple: In India, banks – or for that matter any organisation or company that deals in private data – have no obligation to report data breaches or hacking incidents.
The Indian consumers don't have the same sort of cyber protection and right to transparency that people get in countries like the US, Australia or in the European Union states.
For example, Yahoo suffered a data breach in 2014. The company recently figured out that its data was stolen. Accordingly, it informed Yahoo users who suffered the breach.
Interestingly, data breaches happen in India all the time but no one really knows who is at fault or what sort of cyber security practices banks and organisations follow here.
Most incidents don't even come to light. We don't know how details of 32 lakh ATM cards got leaked in these instances.
We don't know if the breach was at the RBI or some private bank that is part of the network.
We don't know if it was Hitachi's systems that leaked information or if it happened due to some issue at Master Card or Visa.
The companies that suffer data breaches obviously want to keep it a secret. But the government should be pro-consumers and pro transparency. It ought to bring in a law that mandates public disclosure of data breaches.
Sure, banks won't like it. But keeping it all secret in the case of data breach means missing out on the chance to improve the state of cyber security.
And for a country that dreams of Digital India, this is very dangerous.
(Courtesy of Mail Today.)
Tech editor at http://www.indiatoday.in . I review stuff. and occasionally write at http://www.dailyo.in . can speak intelese usual disclaimers apply.
