The ease with which our
personal data is being sought, the thoughtlessness in handing over the critical data relating to one and the
reckless way in which such details are shared in public domain is scary, to say
the least.
Recently, I attended a spiritually oriented event of a very
popular and revered person who gives discourses on Ramayana, Bhagavatham,
Narayaneeyam and other such spiritual activities attracting many devotees. At
the event, it was announced that an exclusive group is being formed so that
interested people are communicated about further events and to join the group a
link was sent. The link led to a web page that asked for many
personal data related to the potential member of the group. The page
also warned that on submission, the name and photo associated
with that particular account will be uploaded! Let me clarify at the outset, I
have absolutely no issues in personal data being shared with this particular
Group/ Event Management team as they are reliable, reputed and I have no reason
to believe that they could leave the data unprotected leading to misuse.
But, the thought occurred as to what would happen, if the
data so given is shared unintentionally but as part of further processing to
some other third party organization, for maintenance? Or what is the
guarantee of that third party keeping such data secure? What if there is a leak somewhere in this process, wherein data could be compromised and if so who is responsible
for the same ?
So, while the persons seeking data may not be leaking or
misusing it but are they aware of the risks and sensitivity of handling the
same? More importantly in a group which is unlikely to be filled with only
literates, what is their responsibility in seeking such data? In a belief blinded
by other attractions and with some justifiable confidence on this group, many
people are likely to share the data. But then, should the data seekers not
perform their role and responsibilities in apprising the givers about the risks
involved and / or confirming about their safety and security by an assurance of
non-sharing with others without their consent ?
Normally with some technical know how, I believe, a
reasonable profile outline could be created with one's expanded name, date of
birth, contact number, email-id and photo. With the prevailing and proliferating instances of cyber crimes particularly over
online banking transactions and with innovative cyber crimes like Sim Swap
springing up everyday, while the basic security concern lie with the owner of
the data, given the illiteracy and lack of awareness, should the data seekers not
apprise the givers about the risks involved, so that the innocence and
ignorance of the users are not exploited by some unscrupulous elements?
In another group, filled with bankers who could justifiably boast of atleast three decades of banking service, it is still a task to make them understand the risks in sending a mail to all thousand members and use of BCC in emails ! This is a classic case of the data collector unwittingly leaking personal data, which could have damning consequences ! Well then, can an ignorance be cited as an excuse ?
At the entrance of a popular saree shop in Chennai's busy Pondy bazaar, an young man with a neat neck tie was asking for the mobile number of all visitors under the guise of a free prize scheme!!
When the data collected at such different points are collated by any with crooked intention, will it be a huge task to build their profile? The above instances exhibit how personal data is collected with or without any dubious intention and this is what exactly common man should be aware of before sharing his data.
At the entrance of a popular saree shop in Chennai's busy Pondy bazaar, an young man with a neat neck tie was asking for the mobile number of all visitors under the guise of a free prize scheme!!
When the data collected at such different points are collated by any with crooked intention, will it be a huge task to build their profile? The above instances exhibit how personal data is collected with or without any dubious intention and this is what exactly common man should be aware of before sharing his data.
I feel, fighting cyber crime must be multi-pronged - while
the owners need to keep their personal data safe, the data seekers need to
ensure privacy of data collected and also make sure that before collecting the data, the provider is well
informed about the risks involved in sharing. Organizations like
Banks and other institutions should not only take up measures to ensure that data collected
and also created out of the data provided and out of the business transactions
are kept secure, but also subject themselves to security audits by recognized bodies or approved and qualified third party auditors, to gain customer confidence. Right now , these are being held more as a formal exercise towards compliance but the need of the hour is more towards customer protection than formal compliance to satisfy legal requirements
My point is data seekers should be more responsible in asking for data, as such acts could be misused by mischief mongers. For the well intentioned seekers- apprise the givers about the risks involved and the measures taken by them to protect their interest and also better not to ask for such data, unless they have the ways
and means to protect them! More importantly, individuals should be weary of sharing any data , unless absolutely essential or feel secured after a basic personal due diligence.
"A good post on the "Responsibility of data seekers". They should be aware. No doubt, they are legally accountable (though in practice, in the event of data theft, it may be difficult from which point the theft ORIGINATED). ......
ReplyDeleteGood, Kapali, for starting a nice debate." - Mr V.Rajendran
"You are right Kapali . Why talk of giving data. If I search the web for any product there is always some ten ads related to the product or similar one popping up without my seeking it even after a day or two" - Mr Bharathkumar
ReplyDelete