EXPLORING THE LEGAL IMPLICATIONS OF CYBERSECURITY AND DATA PRIVACY IN THE DIGITAL AGE

Advertisements

Spread the love

Post Views: 787

This article is written by Anjali of 6^th Semester of Chaudhary Charan Singh University, Ghaziabad

Abstract

Digital environment is created by innovation of application, engagement of users and then threats may lurk upon networks. Information technology include cyber security data privacy which play an important role in today’s world. Cybercrime are very common these days for which various organizations and government take measures in order to eliminate this crime. This article provides detail of law that are laid down by the government to protect the data of any person and provide safeguard against hacker.

Keywords

Digital theft, cybercrime, data privacy, digital security, online stacking, tracking, social media, data theft

Introduction

At present time internet become a network which connect countless of computers and other device. After pandemic, many organizations and offices opt for work from home which could be possible through digital access. Every domain connects to each other through internet that could be beneficial or menacing. But this access also faces theft of breach of cyber security and data privacy.

To protect against malware attacks or other digital theft government provide many cyber securities law and policy. Data privacy is also one of a kind which could be done by organization that need to be protected from breach. Crime could be committed through computer and internet in the form of theft of person’s identity and malicious programs. Even android was also been attacked by hacker. These cybercrimes could be eliminated through strict law made by government.

Cyber security and Data Privacy

Cyber security is a program to protection against digital theft, any modification in the program by hacker, unauthorized access. It safeguards networks, programs, devices and data from cyberattack.

Any personal information of a person cannot be disclosed without their consent, whether it wouldn’t amount to any data theft or other cybercrime. Data privacy gives right to an individual to protect their personal information.

Characteristics of Cyber Security:

External threats are originated outside the network area. These threats are phishing, malicious email attack etc. which are secured by application in the organization. In 2021, 27% of cyber attack came from external sources.

Internal threats could be happened because of employee mistakes, negligence or misconfiguration that can be avoid or remove through security system and cyber security experts. In 2020, more than 50% are internal threats which came from within the organization,

Cyber security provides secured access to the network without any problem that helps in the continuity of the business,
Security application prohibit attacker from unauthorized access in the data of customer and other sensitive information of the organization,
Zero trust are security which help in protection of data by not providing entry to any individual without verification,
Through end point security it provides users a road map of digital environment from entry point to end point,
If the network of an organization continues without any threat, then it will develop the trust of the inventors, partners and customers and improve the image of an organization.

Modes through which data of any person could be track:

Online tracking

Tracking online is one of way to track consumer behavior by the companies and could be done by cookies or bacons. But sometime they ask for the consent of the users,

Losing control of data

because of unlimited website sometime data of an individual may go to other website which could be used to committed a crime,

Lack of transparency

Sometime sites give option to users fill their personal details along with conditions which quite difficult for many users to understand due to which there may agree to conditions that lead to breach of data privacy,

Social media

It is one of the platforms that could be used nowadays to get information of any person. User place their location and whereabouts along with other personal information.

Types of cyberattack:

Malware

Malware is a virus which is used by hacker to steal data, destroy computer systems or to control devices. Slow computer and constant pop-ups are common are the signs to recognized malware attack. Specific malware used by criminals to hack certain computer data.

Blackmails Program

Blackmail through electronic mails, social media is everywhere in the world. Cyber-blackmail is the act of threatening to share information about a person to the public, their friends or family, unless a demand is met or money is paid. Blackmail is a serious crime and carry civil or criminal consequences.

Phishing

Phishing is a common attack that lure a victim by sending fraudulent mails or calls to them. Installing malware or stealing login id of credit or debit card are common goals of such phishing. These phishing should be known by everyone to protect themselves.

Denial of Service Attack (DOS)

It shut down from the use of computer system or networks for user and it cannot handle the intensity of the internet. Dos unable to access to any website and networks usually gets slow down. Organization and companies are the target of these type of attack.

A Man-in-the-middle attack

A hacker attack in the middle of two party. Where a party make a communication, an attacker hijack the session between them and steal or manipulate the data. In public unsecure Wi-Fi it is easy for the hacker to pass through all the information of the victim.

Types of Cyber Security

Network Security

Network security created to protect network on which mostly attack is committed by hacker. It is a process adapted to eliminate hacking or prevent and monitor unauthorized access. A network is said to be secured when it has all the three elements – confidentiality, integrity and availability.

Cloud Security

Cloud security provide against the internal and external threats of the business. Cloud means cloud computing which process the accessing resource, database and software over internet. Cloud is a collection of procedure and technology that used by organization to protect their workloads, data and application process in the cloud.

End Point Security

End point security deals with entry point and end point of the users like desktops, mobile and computer. These are security frontline and it is the first place where companies or organizations look for their security. For speed detection and remedies, they must make collective efforts and collaborate with other technology. It is design to quick detect, block, analyze and contain attack in progress.

Mobile Security

Mobile security protects all the portable device but it will be unsecure where mobile of an employee connected to the corporate network as it threats the safety of the corporation also.

For example: if any employee who having mobile or tablet connect with company network and leave somewhere then data leakage, customer information could be at risk.

IoT Security

IoT means Internet of Things. IoT work through IoT devices that are connected to the networks. In organization all these hardware-like printers, cameras, sensors, lighting, HVAC, appliances, fusion pumps, scanners are connected to IoT devices. IoT security should be priority to manufactures and developers during the security breach.

Application Security

It provides security within the application by putting features like developing, adding, logging, authentication and testing security in the application. It controls the flaws in the application and the sooner it will be detected, the faster it will resolve.

Zero Trust

It created a wall to protect the data of the organization. Every time whether it is an individual, service or devices attempt to entre the data of an organization they must verify themselves. There are five pillars of zero trust are identity, data, network, device and application and workloads.

Law for cybersecurity in India

Cybercrime normally take place where there is a lack of jurisdiction for cyber security and data privacy. As far as India is concerned, Laws are proved to protect against the person who disturbed the security or privacy of data of any company, organization or any other digital sector.

Information Technology Act (2000)

This act extends to whole India along with Jammu and Kashmir and government through IT Act provide framework to protect the data and digital signature. This act was enacted by parliament of India to protect all the e-commerce, e-banking, e-governance sectors and other digital transaction from fraud.

This act defines various offence of data and describe their punishment. Digital signature was also protected through this act. It also furnishes Cyber Regulatory Appellant Tribunal to hear the cybercrime.

Indian Penal Code (IPC) (1980)

IPC provision is also provided for cyber attack along with other crime:

Section 354D define staking through emails, internet and through other electronics means is a cyber-staking,
Section 354C this section deals with the crime of ‘voyeurism’ where any men take picture of any women private parts without their consent,
Section 379 where software or data of any mobile or computer is stolen which are sensitive in nature,
Where there is a publication or transmission of an obscene material or sexually explicit acts online are covered under Section 292 and it also include exploits of children,
Password theft or making false website and create false document and record electronically are covered under Section 420 and 463 respectively,
Makeup of cheat emails and fraud committed by any hacker with the intention of cheating online is also be a cybercrime which are covered under Section 465 and 468 accordingly,

These crimes are punishable through imprisonment or fine or both under Indian penal code as per the sections of the code.

Computer Emergency Response Team (CERT)

The aim of these computer response team to regain control over security and minimize damage after respond to cyber security incidents. These group of teams is used to protect, detect and respond to any incident. It makes sure the networks of the organization work properly and if there is any incident occur then respond to that incident effectively.

Digital Data Protection Bill (DDPB)

The aim of this bill to protect the citizen (Digital Nagarik) against the organization who breach the law related to data privacy.

The government can exempt the new startups to follow these bills for whom compliance with the procedure is quite exhaustive. Agencies of central government are also exempt to adhesive for the security of citizen or states and to maintain the friendly relationships with other country.

There are rights which are provided to an individual:

Individual have right to access basic information define in 18^th schedule in Indian constitution,
Consent of an individual must be taken to process the data and purpose for which it is used,
individual have right to call for erase or modification of data if needed,
individual also appoint nominee to exercise his right in case of death,

Case Law

Amar Singh v. Union of India [(2011) 4 AWC 3726 SC]

Bench: G.S. Singhvi, Ashok Kumar Ganguly

Petitioner

it is a writ petition under Article 32 for the protection of the fundamental rights to privacy under Article 15 of Indian Constitution,
under this petition, he alleged that his call was tapped by the telephone authority of India without his consent on it.

Based on the same report, FIR NO. 152/2005 has been lodged under section 420, 468 of Indian Penal Code and under other criminal sections also which include fraud with an intention to commit crime through electronically.

Judgment

Supreme court gives order to the central government to frame the rule and regulations related to the prevention of unauthorized access to calls
Telecom industry is a service provider and must act accordingly for the benefit of the users.
If government issue any orders related to ‘to tap call’ then it is the duty of the authority to check the authenticity of that order.

State of Tamil Nadu v. Dr. L. Prakash (W.P.M.P.NO. 10120 OF 2002)

this case is filed against L. Prakash accused for making pornographic videos and then send it to US and France for publication on pornographic websites.

This is the first land mark case in India of cybercrime law where pornographic websites and their broker were targeted.

FIR file against accused under Section 67 of the IT Act, 2000 and Section 4 and 6 of the Indecent Representation of the Women Act and Sections 120B and 506(2) of the IPC.

Judgment was held in fast-track court where accused was convicted of an offence and sentence him imprisonment for life and also fine with 1.27 lakh rupees.

Conclusion

After pandemic, in country like India cybercrime increase in which 68% of companies experience these kinds of attacks. As use of digital information increase it also rising risk for company security. The need of law and regulation is required to provide for safe and accessible space to everyone. In future users need to update to protect themselves from such crime along with government.

References