Centre for Internet & Society

India has been patting itself on the back for being at the forefront of the ‘Fourth Industrial Revolution’ driven by digitisation. Reports have gushed about the speed and scale of digitisation. But this speed and scale have come at a cost to our privacy.

The article by Nilanjana Bhowmick was published in Economic Times on February 13, 2019.


According to GoI, this digital push has led to 99% of adult Indians having an Aadhaar number in 2017. GoI has also integrated personal information through the Jan Dhan-Aadhaar-Mobile phone trinity (JAM).

According to GoI, this digital push has led to 99% of adult Indians having an Aadhaar number in 2017. GoI has also integrated personal information through the Jan Dhan-Aadhaar-Mobile phone trinity (JAM).

A July 2018 IBM report stated that the probability of data breach went up by 8.7% in India over the last four years based on past experiences. The study also stated that malicious or criminal attacks were the root cause for 42% of data breaches, followed by system glitch at 30% and human error at 28%. This 28% has the potential to cause incalculable havoc, which includes the leak of personal information by anyone — from a call centre executive to a bank manager — who has access to it.

The prime reason for our lackadaisical attitude is that most Indians don’t value privacy. We are yet to register the value of personal information — the actual monetary, marketable value. My personal data, for instance, costs roughly $2. If I take that as an average, then at least $2 billion worth of data belonging to 1.3 billion Indians are at stake here. Which is why, when this data is taken without consent, it is a financial crime.

What is perhaps more frightening is that when this data is taken without consent by an untrusted source, it may also land you, victim of a data breach, in jail.

Last month, I had noticed a suspicious movement of money in my account. A large sum of money was deposited in my account in two instalments, withinthe space of 12 hours. And while I am waiting for the issue to be addressed by the authorities — RBI ombudsman, bank customer service, enforcement directorate — the person who wired the money to my account had got hold of my personal information, including my address and phone number.

He kept calling me on my phone and ‘requested’ I give the money ‘back’ to his brother, ‘in cash or cheque’. Then his brother started calling me, demanding I ‘return’ the money to him.

The movement of funds in my account could well have been a money-laundering operation, and if I made the payment to the ‘sender’ as demanded, the money trail would have implicated me. But what’s most alarming is that if I was dealing with criminals, someone from my bank had made them privy to my private information. And this is a top bank with supposedly top-notch security.

Unfortunately, security is woefully lagging behind India’s speedy digitisation. Neither are we investing enough on fortifying the system, nor are we spending enough on postbreach responses. India spends a mere $20,000 in notification costs, compared to the US’ $740,000.

The US also spends $1.76 million in post-data breach response activities, including help desk activities, special investigations and remediation. US and Canadian firms spend $258 and $213 per record respectively to resolve amalicious or criminal attacks. Indian ones, on an average, spend $76 per record.

Yes, digitisation is the future. But let’s first plug the social, institutional and systemic weaknesses in our systems.

Filed under: