#TIL: Privacy ain’t Protection: The nuances of Data Governance
By Snehil Singh
“Data is the new oil”- a phrase we have heard time and again.
Today, the world is dominated by the data-led economy. With the quantum of data generated on the rise, there comes increasing demand for it. Governments, research organisations and industry are continuously looking for more data to extract meaningful information that they can leverage for better decision making. We discussed the nuances of the types of data in our previous piece titled, Is it Open, Closed or Shared?
While the benefits of different types of data (open, shared or closed) remain many, it brings with it risks of violating individual or institution privacy, possible misuse and misinterpretation of data. Globally, data breaches have registered a steady rise. In India alone, there has been a 37% increase in cyber attacks in 2020 as compared to last year. A recent example is the data breach at BigBasket in October, in which the details of around 2 crore users were put on sale on a forum in the dark web.
The fear of data violations and cyber theft has forced governments, private organisations, institutions and individuals to implement and adhere to regulations that ensure Data Protection and Data Privacy.
However, despite the frequency of data breaches, the understanding of key concepts concerning data storage, such as the difference between data privacy and data protection, are often misinformed. Most of them are often used interchangeably, leading to confusion.
Data protection refers to the practices, safeguards, and rules set out to protect an individual’s personal information and ensure that it remains in their control. In simple terms, data protection allows the individuals/ organisations the right to decide what information can be put out and who should have access to it. It can also be defined as the law designed to protect personal data, which is collected, processed and stored by “automated” means or intended to be part of a filing system. The main purpose of data protection is to provide prevention from unauthorized use or misuse of confidential information.
Data Privacy is a branch of data security concerned with the proper handling of data. It involves information privacy and covers aspects like consent, notice, and regulatory obligations. Data privacy regulations or policies govern the data use when it has been shared with any entity.
When comparing data privacy and data protection, it is important to understand that one cannot ensure data privacy unless the data is protected by technology. Therefore, while data privacy cannot exist without data protection, one can have data protection without data privacy and this is why all the governments in the world are looking at implementing data protection laws governing data users.
As India’s digital footprint continues to grow, measures around data privacy and data protection become necessary. The prevailing question today is crafting a policy that balances data protection and privacy of internet users with the burgeoning requirements of both the public and private sector to improve governance and services. Watch out to know what we think about this!
This is the second piece in OMI’ series on Data Governance.
Today I learnt (TIL) is a weekly series by OMI that brings you interesting nuggets of information that you didn’t know you needed.
Follow us on Twitter for regular updates.
