QNu Labs

The Government of India Penalises Data Breach

QNu Labs   |   Aug 31, 2023

The number of internet users in India has already crossed 600 million. Online businesses are eagerly waiting for this number to touch one billion. Experts say it might happen as early as 2030.

The increasing internet penetration has posed a significant challenge to the monitoring agencies of government because of the colossal amount of data created, exchanged, and collected.

Protecting personal data is an ethical responsibility of the one who possesses it. But, who audits the use of data? What are the compliances? What are the consequences of a breach of trust?

To address these pertinent questions, the Minister of Electronics & Information Technology proposed the Digital Personal Data Protection Bill, 2023 in Parliament. It received the Presidential nod on 11th August. India has now joined the ranks of developed countries to protect citizens' data and citizens' right to privacy.

The previous bills in 2019 and 2022 were laced with several issues relating to data localization, transparency, and compliance. They were withdrawn by the Central Government.

Salient Features of the Digital Personal Data Protection Bill, 2023

The primary objective of the bill is to balance the processing of digital personal data while upholding individual rights and lawful data usage. It outlines the responsibilities of Data Fiduciaries, protects Data Principals' rights (that is, the rights of the person to whom the data relates), and enforces penalties for breaches.

It seeks to establish a comprehensive framework for the protection of personal data. This framework extends its jurisdiction to personal data collected within India–both online and offline data that has been subsequently digitized. Moreover, if data processing occurs outside India but involves offering goods or services to individuals within the country, the Bill's regulations apply.

The Bill details all scenarios of data security and protection of privacy. To summarise, the Bill is drafted on seven key principles:

What Does the Bill Provide for Every Citizen?

The citizens of India have a moment to rejoice because the bill clearly outlines the rights of individuals against malicious use of their data. The power is given in the hands of the Data Principal. The primary rights as per the Bill are:

The Data Fiduciaries will enforce these rights. The additional responsibilities include:

The Data Protection Board is responsible for penalising data breaches and blocking the digital resources of repeat violators.

The penalties are severe and the mandate of data protection is serious. Notable penalties are:

What Does the Bill Imply for Enterprises?

The consequences of a data breach until now were the high cost of data compromise and damage to the company’s reputation. The involvement of the government was minimal and the laws around data breaches were vague.

The scenario is very different with the passage of this Bill. Enterprises will have to prioritise data security and follow norms as mandated by the government. Missing out on this crucial factor can lead to heavy penalties in addition to the costs of data loss and a dent in reputation.

The advent of quantum computers has put existing encryption protocols at risk. The probability of data breaches is higher and businesses cannot ignore or sideline the issues around data security.

The plan of action is clear–fortress data against new-age attacks to survive in the new-age economy.

How can QNu Labs Help?

QNu is a pioneer in quantum cryptography. It can deploy security safeguards mandated by the Bill. The patented technologies developed by QNu are proven to shield data from quantum attacks.

QNu's range of quantum-based products covers security from end-to-end across the entire data-based paraphernalia. From quantum-based encryptions to entropy enhancement services, QNu covers all security bases.

QNu offers three products that serve as a quantum security ecosystem:

Armos (QKD)
QKD is a state-of-the-art device providing unconditional security for critical data through quantum physics.

Tropos (QRNG)
QRNG generates true random numbers from a quantum source, making it suitable for all QRNG applications.

Hodos (PQC)
PQC is the next generation of cryptographic protocol recommended by NIST that replaces today's RSA-based vulnerable systems with a quantum-resistant one.