Info Sharing Blog

Sunday, July 29, 2018

Non-Sense or Over-Confidence? TRAI chairman's personal data leaked after he threw the Challenge

July 29, 2018 Posted by jaacostan , ,
So finally some proof has been shown on personal data leakage to the Indian Bureaucrats . As per Government of India, "There is nothing called absolute right to privacy" and the privacy “should be subject to reasonable restrictions.” Read my previous post on Why India needs a Stringent Data Privacy Law? Here.
Citizen's personal data has been shared with various organizations those are in sectors like Telecom, Service, retailers, E-commerce etc. In my opinion, before implementing the data sharing, the government must implement some data privacy laws and standards like the European GDPR in India. Once it is implemented and audited properly for the compliance, then the government can consider about data sharing. Currently there is no stringent laws and policies on data leak. The penalty is there for a few clauses but considering the value of the data, the penalty is negligibly small.
The Reply came within hours , Sweet Sour !!!


The TRAI chairman challenged A french security expert named Elliot Alderson on Aadhaar Data by sharing his Aadhaar number on twitter. Today, on 28th July 2018, Mr.Elliot exposed the TRAI chairman's personal information in a series of tweets. Though it is not sure on how he has obtained his personal information, he was able to get the victims data so quickly. I personally believe that he might have obtained the data through some public sources/websites and not by hacking UIDAI.

However, this is a very serious issue on data privacy especially lacking of a stringent Data Privacy law.We have been seen a series of such leaks and unauthorized usage of citizens data by some E-commerce/Telecom companies. Even there was an incident on data leak from a government website itself.

When it comes to Information security Governance, there are two major factors. Due Care and Due Diligence. In my personal opinion, both factors are violated here. There is no Privacy for the data which is shared to the government and other private sector companies and there is no due diligence from the government and the organizations on providing privacy and security for the data. Until the implementation of a Data Privacy law with Stringent penalty and punishment, the citizen's personal data can be considered as public.
Also the citizens expect an explanation from the Government on this incident and data security.