Data Privacy Detective

Through a new cybersecurity regulation, businesses in India will have six hours to report cyberattacks to the government, pursuant to a regulation that comes into force at the end of June 2022. On April 28, 2022, the Indian Computer Emergency Response Team – CERT – part of the Ministry of Electronics and Information Technology, announced regulations that include the world’s most time-sensitive deadline for reporting cyber incidents to the government.

Stephen Mathias, head of the Technology Law Practice at the premier Indian law firm Kochhar & Co., presents the substance, challenges, and ambiguities of this pioneering effort. The regulation covers cyberattacks regardless of whether personal data is involved. In comparison to other global reporting requirements (such as GDPR’s 72-hour deadline for reporting breaches of personal data), the 6-hour deadline is daunting and perhaps unworkable. Wording covers attacks even if not successful, in effect requiring Indian businesses to report in real-time the stream of all cyber-attacks that occur daily.

Global businesses rely on India’s strong tech industry for data processing. The regulation will challenge all Indian legal entities and any business with Indian connections to act quickly to assess the regulation’s impact before July 2022. Both civil and criminal enforcement can result from failing to report a broad array of cyber incidents. This podcast will help you understand the impact of the new Indian regulation and what it means to global business and data protection.

If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.

Show Notes

Relevant Links:
Stephen Mathias, head of the Technology Law Practice at the Indian law firm Kochhar & Co.

What is Data Privacy Detective?

The internet in its blooming evolution makes personal data big business – for government, the private sector and denizens of the dark alike. The Data Privacy Detective explores how governments balance the interests of personal privacy with competing needs for public security, public health and other communal goods. It scans the globe for champions, villains, protectors and invaders of personal privacy and for the tools and technology used by individuals, business and government in the great competition between personal privacy and societal good order.

We’ll discuss how to guard our privacy by safeguarding the personal data we want to protect. We’ll aim to limit the access others can gain to your sensitive personal data while enjoying the convenience and power of smartphones, Facebook, Google, EBay, PayPal and thousands of devices and sites. We’ll explore how sinister forces seek to penetrate defenses to access data you don’t want them to have. We’ll discover how companies providing us services and devices collect, use and try to exploit or safeguard our personal data.

And we’ll keep up to date on how governments regulate personal data, including how they themselves create, use and disclose it in an effort to advance public goals in ways that vary dramatically from country to country. For the public good and personal privacy can be at odds. On one hand, governments try to deter terrorist incidents, theft, fraud and other criminal activity by accessing personal data, by collecting and analyzing health data to prevent and control disease and in other ways most people readily accept. On the other hand, many governments view personal privacy as a fundamental human right, with government as guardian of each citizen’s right to privacy. How authorities regulate data privacy is an ongoing balance of public and individual interests. We’ll report statutes, regulations, international agreements and court decisions that determine the balance in favor of one or more of the competing interests. And we’ll explore innovative efforts to transcend government control through blockchain and other technology.

If you have ideas for interviews or stories, please email info@thedataprivacydetective.com.