India is intensifying its efforts to combat cybercrime through a series of robust initiatives aimed at strengthening cybersecurity, enhancing digital safety, and holding offenders accountable in an increasingly connected world. As the Union government prepares to implement the Digital Personal Data Protection Act (DPDP Act) 2023, it is intensifying efforts to prevent the unauthorized use of personally identifiable information by technology companies.
A recent Economic Times report reveals that law enforcement agencies are focusing on halting the exploitation of sensitive data, particularly the misuse of Permanent Account Numbers (PAN) by financial and consumer tech firms.
The Ministry of Home Affairs, through its Indian Cyber Crime Coordination Centre (I4C), has ordered technology companies to stop using PAN data without permission. This action targets companies that have been exploiting PAN numbers for commercial purposes without obtaining explicit consent. The government’s crackdown is part of a larger strategy to protect citizens’ personal data and ensure companies follow legal standards in handling sensitive information.
According to the report, the government aims to put an end to unauthorised data practices that involve PAN details, which are critical for identifying individuals within India’s financial and tax systems. The intervention ensures that companies cannot misuse government-maintained systems that link personal data to financial records.
The Digital Personal Data Protection Act (DPDP Act) 2023
The DPDP Act 2023, expected to come into effect soon, will establish a legal framework for safeguarding personal data in India. The law regulates the processing of digital personal data, balancing individuals’ rights to privacy with the need for lawful data processing. It mandates that personal data can only be processed with explicit consent and through authorised channels, ensuring protection from unauthorised use or exploitation.
Passed by the Indian Parliament in August 2023, the Act replaces previous drafts and aligns India’s data protection laws with international standards. However, some critics argue that the Act gives the government too much power to access personal data, raising concerns over potential privacy infringements.
The DPDP Act officially became law on August 11, 2023, but the government has not yet announced the implementation date. Industry experts expect that the rules and regulations under the Act will be issued sometime in 2024.
Industry insiders believe that the new legislation will tighten regulations on personal data processing. The government’s focus on protecting citizens’ privacy underscores its commitment to ensuring that companies handle sensitive data with the utmost care. With commercial use of personal data under increased scrutiny, the enforcement of these regulations will likely lead to stricter compliance requirements for technology companies.
Unauthorised Access and Service Disruptions
Recent weeks have seen several technology companies face service disruptions due to heightened government scrutiny. Before the crackdown, some companies accessed sensitive customer information, such as full names, addresses, phone numbers, and other personal details, by linking their backend systems to the Income Tax department’s database, which is tied to PAN numbers.
Although these actions did not technically qualify as data breaches, they involved the unauthorized use of government-controlled systems, raising significant concerns over data privacy. Following the government’s directive, companies have been instructed to halt these practices, resulting in temporary disruptions to many services.
Authorised Services Remain Unaffected
Despite the disruptions, the report highlights that authorized services have continued without interruption. For example, the National Securities Depository Limited (NSDL) offers a legitimate PAN verification service.
This service checks whether a user’s PAN details match the database without revealing personal information, ensuring compliance with the regulatory framework established by the DPDP Act. Unlike the unauthorized practices currently under scrutiny, NSDL’s service operates fully within legal boundaries.
Manbilas Singh is a talented writer and journalist who focuses on the finer details in every story and values integrity above everything. A self-proclaimed sleuth, he strives to expose the fine print behind seemingly mundane activities and aims to uncover the truth that is hidden from the general public. In his time away from work, he is a music aficionado and a nerd who revels in video & board games, books and Formula 1.
Comments