Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Indian authorities set to tighten data breach laws in 2022

Authorities in India are set to clamp down on data breaches and tighten rules for holding sensitive data, according to local media reports.

Organizations will be forced to disclose data breaches within 72 hours, bringing India in line with territories such as the EU, which mandates breach disclosures under its General Data Protection Regulation (GDPR).

And Indian firms will no longer be able to store payment card information, with only card issuers and card networks – such as Visa or Mastercard – permitted to do so.

Payment card data

The Reserve Bank of India (RBI) is adding new restrictions on who can hold payment card data, starting from January 1, 2022. Under the new rules, only the card issuer and card network can hold full card details.

Others, including retailers, can only hold limited data for identification or “reconciliation purposes”. These data include the last four digits of the card number and the card issuer’s name. Any organization other than the card issuer or network that holds full card data needs to purge it.

The new rules follow moves over the last few years to permit card networks to allow tokenization services for payment card details.

Data breach disclosure

Organizations in India will be forced to disclose any data breach within 72 hours, with potential jail terms or fines being introduced for those who intentionally disclose personal data without the consent of the data processor.

Firms will need to report any leaks and take “appropriate remedial measures” to protect their customers following a breach.

The proposal comes as the Personal Data Protection (PDP) Bill, first proposed in December 2019, is being considered by a joint committee of the Indian parliament’s lower and upper chambers, the Lok Sabha and Rajya Sabha respectively.

According to local media reports, lawmakers expect India’s Data Protection Authority to start work on implementing the proposals within six months, and organizations handling data will need to register within nine months. The full bill is expected to be implemented in the next two years.

Penalties

Penalties for breaches include jail terms of up to three years or fines of up to 200,000 rupees ($2,678) for anyone who intentionally discloses personal data without permission.

If an organization acting as a ‘data fiduciary’, or data controller, fails to disclose a breach, fails to register with the DPA, fails to conduct the required audits or fails to appoint a data protection officer, it faces a fine of up to 2% of worldwide turnover, or 50 million rupees (around $669,308).

The Joint Parliamentary Committee has also recommended that social media companies be treated as content publishers under the DPA, unless they “act as intermediaries”. This means social media firms will be held accountable for content from unverified accounts on their services.

The new regulations are being welcomed by cybersecurity experts in the subcontinent, for bringing data privacy and security in India in line with international norms.

“India is developing its approach to security to match or exceed other countries around the world and provide the right base for developing the country’s economy over time,” Deepak Naik, a Mumbai-based vice president at cybsersecurity firm Qualys, told The Daily Swig.

Advertisement. Scroll to continue reading.

“By getting the right standards in place and enshrined in regulation, it will make it easier for companies to know what security they have to put in place to conduct their operations. This will also support the development of digital businesses in India as trustworthy, secure companies that consumers can trust.

“Looking at the PDP bill in particular, this will ensure that India has a standard set of rules and regulations with regards to data protection and governance, similar to those that were created for developed markets like the United States and the European Union.”

Source: https://portswigger.net/daily-swig/indian-authorities-set-to-tighten-data-breach-laws-in-2022

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Government

FILE-Indian Prime Minister Narendra Modi performs yoga to mark International Day of Yoga in Dehradun, India, Thursday, June 21, 2018. India’s Prime Minister Narendra...

Business News

FILE – President Joe Biden, right, meets with Indian Prime Minister Narendra Modi during the Quad leaders summit at Kantei Palace, May 24, 2022,...

Environmental News

FILE – People wait to consult doctors at Tej Bahadur Sapru Hospital in Prayagraj, Uttar Pradesh state, India, Thursday, June 23, 2022. At least...

Economic News

In this picture released by Pakistan’s Sindh Rangers, paramilitary soldiers help to evacuate people from a village due to Cyclone Biparjoy approaching, at a...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO