15 Best Ways to Protect Yourself from Cybercrime in 2025
Cyber Crime/Online Fraud

15 Best Ways to Protect Yourself from Cybercrime in 2025

Introduction

In an increasingly digital world, cybercrime is becoming more sophisticated and widespread. According to Cybersecurity Ventures, global cybercrime costs are expected to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. From financial fraud to identity theft, hackers are finding new ways to exploit vulnerabilities. Protecting yourself from cybercrime in 2025 requires a proactive approach that includes strong security practices, awareness, and the right tools. In this guide, we will discuss 15 best ways to safeguard your online presence against cyber threats.

1. Use Strong and Unique Passwords

One of the simplest yet most effective ways to protect yourself is by using strong and unique passwords for different accounts. A study by Verizon’s Data Breach Investigations Report 2024 found that over 80% of hacking-related breaches are due to weak or stolen passwords. A good password should:

  1. Be at least 12–16 characters long.

  2. Include a mix of letters, numbers, and special characters.

  3. Avoid easily guessable words like birthdays, names, or common words.

Consider using a password manager to generate and store passwords securely.

2. Enable Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) adds an extra layer of security by requiring two forms of verification to access your accounts. This could be a combination of:

  1. A password and a one-time code sent to your mobile device.

  2. A fingerprint or facial recognition scan.

According to Google, enabling 2FA can block up to 99% of automated cyberattacks.

3. Keep Your Software and Devices Updated

Cybercriminals exploit vulnerabilities in outdated software. To stay protected:

  1. Regularly update your operating system, apps, and security software.

  2. Enable automatic updates where possible.

  3. Remove unused apps and software to minimize security risks.

In 2024, Microsoft reported that 58% of cyberattacks exploited outdated or unpatched software.

4. Beware of Phishing Scams

Phishing scams trick users into revealing personal information through fake emails, messages, or websites. To avoid falling victim:

  1. Verify the sender before clicking on links or opening attachments.

  2. Never share personal or financial details via email or text messages.

  3. Use email security filters to detect suspicious messages.

According to the FBI’s 2023 Internet Crime Report, phishing scams accounted for over $2.7 billion in reported losses.

5. Use a Secure Internet Connection

Public Wi-Fi networks are vulnerable to cyber attacks. To stay safe:

  1. Avoid accessing sensitive accounts over public Wi-Fi.

  2. Use a VPN (Virtual Private Network) to encrypt your internet traffic.

  3. Always connect to secure, password-protected networks.

A 2024 report by Kaspersky revealed that 1 in 4 users have been hacked while using public Wi-Fi.

6. Be Cautious of Social Media Scams

Hackers use social media to gather personal information and trick users into scams. Protect yourself by:

  1. Keeping personal details private.

  2. Being cautious of friend requests from unknown people.

  3. Avoiding clicking on suspicious links in messages or posts.

Cybersecurity experts estimate that social media phishing attacks increased by 150% in 2024.

7. Secure Your Home Network

Your home network can be a target for cybercriminals. To strengthen security:

  1. Change the default username and password of your Wi-Fi router.

  2. Enable WPA3 encryption for your Wi-Fi.

  3. Regularly update router firmware.

  4. Disable remote access to your router unless necessary.

According to CISCO’s 2024 Cybersecurity Report, 50% of all cyberattacks target home networks.

8. Use Reliable Security Software

Installing good security software provides real-time protection against cyber threats. Choose software that offers:

  1. Antivirus and anti-malware protection.

  2. Firewall capabilities.

  3. Ransomware detection and prevention.

  4. Safe browsing features.

A study by McAfee in 2024 found that over 600,000 new malware variants are detected daily.

9. Regularly Back Up Your Data

Data loss can occur due to cyberattacks like ransomware or accidental deletion. Keep backups by:

  1. Using cloud storage services with encryption.

  2. Creating offline backups on external hard drives.

  3. Automating the backup process to ensure consistency.

A 2024 report by IBM found that organizations with regular backups recovered from ransomware attacks 76% faster than those without backups.

10. Monitor Your Bank and Credit Card Statements

Cybercriminals often target financial accounts. To detect fraudulent activity early:

  1. Regularly check your bank and credit card statements.

  2. Set up transaction alerts for unusual activities.

  3. Report unauthorized transactions immediately to your bank.

According to the Federal Trade Commission (FTC) 2024, credit card fraud cases increased by 30% compared to previous years.

11. Be Wary of Online Shopping Scams

Fake online stores and scams are increasing. To shop safely online:

  1. Use well-known and trusted websites.

  2. Check website security (look for HTTPS and padlock symbol in the address bar).

  3. Avoid deals that seem too good to be true.

  4. Use secure payment methods like credit cards or digital wallets instead of direct bank transfers.

E-commerce fraud rose by 20% in 2024, costing consumers billions in losses.

12. Recognize Deepfake and AI Scams

AI-powered scams, including deepfake videos and voice manipulation, are on the rise. Protect yourself by:

  1. Verifying the authenticity of video or voice messages before acting.

  2. Fact-checking news and information from reliable sources.

  3. Using AI detection tools to identify manipulated content.

A MIT study in 2024 found that deepfake fraud cases surged by 400% in the last two years.

13. Educate Yourself and Your Family

Cyber awareness is essential for everyone in your household. To stay informed:

  1. Take cybersecurity training or online courses.

  2. Teach children about safe internet usage and risks.

  3. Follow reputable cybersecurity websites for updates.

According to Cybersecurity & Infrastructure Security Agency (CISA), education can prevent 70% of cyber threats.

14. Limit Data Sharing and Permissions

Many apps and websites collect unnecessary personal data. Protect your privacy by:

  1. Reviewing app permissions before installing.

  2. Restricting access to location, microphone, and camera.

  3. Deleting old accounts you no longer use.

A 2024 report by Privacy International found that 80% of apps collect more data than they need.

15. Report Cybercrime Immediately

If you become a victim of cybercrime, report it immediately to the appropriate authorities. In India, the Cyber Crime Portal (cybercrime.gov.in) allows individuals to file complaints related to online fraud, harassment, and other cybercrimes. In other countries, respective law enforcement and cybersecurity agencies provide similar services.

Conclusion

Cybercrime is evolving, but so can our defenses. By implementing these 15 cybersecurity measures, you can protect yourself, your family, and your finances from potential cyber threats. Stay vigilant, educate yourself, and always prioritize security when engaging online. A proactive approach today can prevent significant losses tomorrow.

A New Era for Clinical Research Organizations: Transforming Clinical Trials in India
Medical Negligence

A New Era for Clinical Research Organizations: Transforming Clinical Trials in India

Introduction

India’s clinical trial landscape is undergoing transformative reforms aimed at positioning the country as a global leader in clinical research. These changes address critical challenges, such as improving efficiency, enhancing patient safety, ensuring ethical standards, and fostering innovation. At the core of this transformation are Clinical Research Organizations (CROs), which play a pivotal role in the execution of clinical trials.

This blog explores the regulatory reforms reshaping India’s clinical trial ecosystem, highlighting the impact of key legislative updates, including the New Drugs and Clinical Trials Rules, 2019, the Digital Personal Data Protection Act, 2020, and the amendments to the Drugs and Cosmetics Rules, 2021. These developments emphasize streamlined processes, robust oversight, and participant safety, signaling a promising new era for clinical research in India.

New Drugs and Clinical Trials Rules, 2019: Streamlining Processes

The introduction of the New Drugs and Clinical Trials Rules, 2019 marked a significant step in modernizing India’s clinical trial framework. These rules aim to reduce approval timelines, enhance transparency, and ensure ethical conduct.

1. Faster Approval Timelines

One of the primary objectives of the 2019 rules was to expedite clinical trial approvals. Previously, lengthy timelines hindered research progress, but these changes introduced clear deadlines:

  • 30-Day Approval for Trial Applications: Regulatory bodies now have a maximum of 30 days to review and approve clinical trial applications, aligning India’s timelines with international standards.

  • 60-Day Approval for New Drug Applications: This expedited process allows faster market access for innovative therapies, benefiting both patients and the pharmaceutical industry.

2. Defining and Registering Clinical Research Organizations

The rules formally recognize CROs and mandate their registration with the Central Licensing Authority (CLA), ensuring only qualified organizations conduct trials.

  • Regulatory Compliance: CROs must meet stringent quality standards, ensuring staff competence and adherence to ethical protocols.

  • Accountability and Transparency: Registered CROs are held accountable for trial management, data integrity, and participant safety.

3. Emphasis on Ethical Conduct

Ethical considerations are integral to clinical research. The 2019 rules emphasize:

  • Ethics Committees (ECs): All trials require EC approval, and committees must register with the Central Drugs Standard Control Organization (CDSCO) to ensure compliance with ethical standards.

  • Informed Consent: Participants must provide well-documented consent, ensuring they understand the risks and benefits of the trial.

Digital Personal Data Protection Act, 2020: Safeguarding Participant Privacy

With the rise of digital data collection in clinical trials, the Digital Personal Data Protection Act, 2020 addresses the need for robust data security and participant privacy.

1. Explicit Consent and Data Transparency

The Act mandates explicit participant consent for data collection and usage:

  • Participant Awareness: Trial sponsors must inform participants about the purpose, scope, and storage of their data.

  • Data Security: Sponsors must implement secure systems to protect sensitive health information from breaches.

2. Oversight and Accountability

The Act establishes mechanisms for monitoring compliance:

  • Regulatory Monitoring: Authorities can investigate data breaches and enforce penalties for non-compliance.

  • Participant Trust: These measures foster trust in India’s clinical trial ecosystem by prioritizing privacy and transparency.

Amendments to the Drugs and Cosmetics Rules, 2021: Enhancing Safety

The 2021 amendments to the Drugs and Cosmetics Rules strengthen participant safety and improve the ethical framework for clinical trials.

1. Safety Monitoring and Risk Management

To ensure participant safety, the amendments introduce:

  • Mandatory Safety Monitoring: Sponsors must monitor adverse events (AEs) closely and take timely corrective actions.

  • Risk Mitigation Plans: These plans assess potential risks and outline mitigation strategies, subject to ethics committee approval.

2. Transparency in Clinical Trials

The amendments emphasize transparency in trial operations:

  • Clinical Trials Registry India (CTRI): All trials must be registered, providing public access to trial details and ensuring accountability.

  • Result Reporting: Sponsors must report trial outcomes to regulatory authorities and make them publicly accessible.

Expanding the Role of CDSCO

The Central Drugs Standard Control Organization (CDSCO) has taken on a more proactive role under the new regulatory framework, ensuring expedited reviews and enhanced oversight.

1. Expedited Approvals

CDSCO now operates within defined timelines to approve trials and drugs:

  • Streamlined Processes: The 30-day review period for trials reduces delays without compromising safety.

  • Global Alignment: These timelines make India a preferred destination for multinational trials.

2. Enhanced Monitoring

CDSCO’s expanded role includes real-time trial monitoring and post-trial evaluations:

  • Real-Time Oversight: Improved tracking systems monitor trial progress and adverse events.

  • Post-Trial Safety: Ensuring timely reporting of results and addressing post-marketing safety concerns.

Participant-Centric Reforms

The regulatory changes prioritize participant welfare, introducing measures like compensation for injuries and audiovisual documentation of informed consent.

1. Compensation for Trial-Related Injuries

Participants are entitled to compensation for injuries or fatalities caused by trial participation:

  • No-Fault Compensation: Ensures fair recompense without requiring proof of negligence.

  • Transparent Guidelines: Clear frameworks determine compensation amounts based on the severity of harm.

2. Audiovisual Documentation

Mandatory audiovisual recordings of the consent process enhance transparency and legal accountability:

  • Participant Protection: Ensures consent is informed and voluntary.

  • Sponsor Accountability: Reduces the risk of legal disputes over participant consent.

Strengthening Ethics Committees

Ethics committees are critical to maintaining the integrity of clinical trials. The new regulations ensure these committees operate effectively and ethically.

1. Registration and Standards

All ethics committees must register with CDSCO:

  • Improved Governance: Ensures committees meet criteria for expertise and ethical oversight.

  • Independent Reviews: Committees are tasked with unbiased evaluations of trial protocols.

2. Participant Advocacy

Ethics committees play a vital role in safeguarding participant rights:

  • Rigorous Evaluations: Ensure trials comply with ethical standards and prioritize participant welfare.

  • Ongoing Oversight: Monitor trials to identify and address ethical concerns promptly.

Future Outlook: Building a Sustainable Ecosystem

India’s clinical trial reforms position the country as a competitive hub for global research. However, sustained growth requires ongoing collaboration between stakeholders, including regulatory bodies, CROs, and pharmaceutical companies.

1. Embracing Technology

Digital innovations can further streamline trial processes:

  • E-Consent Systems: Simplify the consent process while ensuring compliance.

  • Data Analytics: Enhance real-time monitoring and decision-making.

2. Capacity Building

Investing in training and infrastructure is crucial:

  • Workforce Development: Equip professionals with the skills needed to navigate the evolving regulatory landscape.

  • Infrastructure Expansion: Establish world-class facilities for conducting trials.

3. International Collaboration

Aligning with global standards will attract more multinational trials:

  • Regulatory Harmonization: Foster partnerships with international regulatory agencies.

  • Quality Assurance: Ensure trials meet global benchmarks for safety and efficacy.

Conclusion

India’s reforms in clinical trial regulations mark a significant leap toward establishing the country as a global leader in clinical research. The introduction of streamlined approval processes, enhanced safety measures, and participant-centric reforms has fostered a more efficient, ethical, and transparent trial ecosystem.

Clinical Research Organizations, backed by robust regulatory frameworks, are well-positioned to drive innovation and excellence in clinical trials. By continuing to prioritize ethical standards, participant safety, and global alignment, India can solidify its reputation as a preferred destination for clinical research, paving the way for groundbreaking medical advancements that benefit patients worldwide.

Legal Compliances Checklist For Startups In India
Startup

Legal Compliances Checklist For Startups In India

Starting a new business venture can be an exhilarating journey filled with excitement and promise. However, amidst the excitement, it's crucial for entrepreneurs to ensure that their startup is compliant with all the legal regulations in India. Failure to adhere to these regulations can lead to severe consequences, including fines, penalties, or even the closure of the business. In this guide, we'll provide a comprehensive checklist of legal compliances that startups in India need to consider.

1. Business Structure and Registration

  • Choose the Right Business Structure: Decide whether your startup will be a sole proprietorship, partnership, limited liability partnership (LLP), private limited company, or public limited company. Each structure has its own legal implications, so choose wisely based on your business needs.

  • Register Your Business: Once you've chosen a business structure, register your startup with the appropriate authorities. For example, private limited companies must be registered with the Ministry of Corporate Affairs (MCA), while LLPs need to be registered with the Registrar of Companies (ROC).

2. Taxation and Compliance

  • Obtain a Permanent Account Number (PAN): Every business entity in India must have a PAN issued by the Income Tax Department. This is essential for filing taxes and conducting financial transactions.

  • Goods and Services Tax (GST) Registration: If your startup's annual turnover exceeds the threshold limit prescribed by the GST Act, you must register for GST. Failure to do so can result in penalties.

  • Tax Deduction at Source (TDS): If your startup makes payments to vendors, employees, or contractors, you may be required to deduct TDS and remit it to the government within the specified time frame.

3. Intellectual Property Protection

  • Trademark Registration: Protect your startup's brand name, logo, and other distinctive elements by registering them as trademarks with the Trademark Registry. This prevents others from using similar marks, thus safeguarding your brand identity.

  • Copyright Registration: If your startup creates original works such as software, content, or artistic creations, consider registering them for copyright protection. This grants you exclusive rights to reproduce, distribute, and monetize your creations.

  • Patent Registration: If your startup invents a new product, process, or technology, you may be eligible for patent protection. This prevents others from copying or exploiting your invention without your permission.

4. Employment Laws

  • Employment Contracts: Draft comprehensive employment contracts that clearly outline the terms and conditions of employment, including salary, benefits, working hours, leave policies, and termination clauses.

  • Provident Fund (PF) and Employee State Insurance (ESI): If your startup employs more than a certain number of employees, you must register for PF and ESI schemes and contribute to them regularly.

  • Prevention of Sexual Harassment (POSH) Act: Create a safe and harassment-free workplace by implementing policies and procedures in compliance with the POSH Act. Provide awareness training to employees and establish an Internal Complaints Committee (ICC) to address complaints of sexual harassment.

5. Data Protection and Privacy

  • General Data Protection Regulation (GDPR) Compliance: If your startup deals with the personal data of individuals in the European Union (EU), ensure compliance with the GDPR's stringent data protection requirements.

  • Personal Data Protection Bill (PDPB): Stay updated on the latest developments regarding the PDPB, which aims to regulate the processing of personal data in India. Implement necessary measures to protect the privacy and confidentiality of data collected from customers and employees.

6. Regulatory Compliance

  • Sector-Specific Regulations: Depending on the nature of your startup's business activities, you may be subject to industry-specific regulations imposed by regulatory authorities such as the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), or Insurance Regulatory and Development Authority of India (IRDAI).

  • Environmental Regulations: Ensure compliance with environmental laws and obtain necessary permits or clearances if your startup's operations have the potential to impact the environment adversely.

Conclusion

Navigating the legal landscape can be daunting for startups, but ensuring compliance with relevant laws and regulations is essential for long-term success and sustainability. By following this comprehensive checklist and seeking professional guidance when needed, startups in India can mitigate legal risks and focus on achieving their business goals with confidence. Remember, compliance isn't just a legal obligation—it's a strategic imperative that fosters trust, credibility, and growth in the competitive startup ecosystem.

Legal Advice for Businesses During COVID-19 - Legalkart
Company

Legal Advice for Businesses During COVID-19 - Legalkart

Businesses are experiencing unprecedented challenges and market disruption due to the Covid-19 pandemic and consequential economic meltdown seems inevitable. Economists predict that economy is now dealing with a situation far worse than the global recession of 2008. We are not prepared to deal with this situation since no business has anticipated or predicted menace to this extent, where globally national borders are locked down halting global market and business operations. 

 

Importantly, we are dealing with a war waged by the unknown, and nations are fighting to safeguard and protect their people and economy. In this context, businesses/ entrepreneur has to operate sustainably, and it is important to set up and administer certain proactive measures to mitigate financial and business losses. These special circumstances require special measures to sustain and thrive, and this article covers some measures that companies may imbibe to thrive over the crisis and to sustain. 

Pragmatic ideation and proactive resolution will mitigate the impact of impending problems”

 

 

WORK FROM HOME

Work From Home is not an exception but has become a Rule”

Legally, the success of a business and its sustenance depends on how well it protects its confidential information and trade secrets. Especially, in times like now, it has become imperative not only to have sustainable business modus operandi to thrive and succeed during bad market conditions but also to protect what has been already built through years of hard work. This sounds simple yet very difficult to implement and execute in the frontline. 

 

Employees are key to every organization. Their performance and conduct in operating the business decide the company's future. Good employees build a successful business and the bad ones ruin the organization. A simple claim or lawsuit will change the future of the company or drag the company into darkness (third party infringement and damages suits), so the company should explicitly set out the framework within which the employees have to function within the company. 

 

With a large number of employees working remotely at the comfort of their houses, the management is now grappling with the management of infrastructure to facilitate employees with work from home access and to keep the business running. While companies are dealing with infrastructure difficulties, protection of confidential information and trade secrets should be set on high priority in order to avoid future uncertainties and to govern the way the organization continues to operate within an uncontrolled environment of homes of the employees.

 

Measures: Implementing effective policies and conduct awareness training programs so as to how to operate and function while working at the comfort of home. Data Protection Policy, Information Technology and Security Policy and Work from Home Policy are few policies that companies should implement and effectuate measures for protection of data and confidential information.

 

 

STRUCTURE BUSINESS CONTRACTS

Businesses don’t operate in silos but are reliant upon clients, service providers, and customers (the list may vary business to business). It is important to evaluate and strategically secure and retain existing business connections. Practically, retaining old clients is a cost-effective measure, since securing new clients is a costly affair during this market meltdown. The business relationship with the client is regulated by a document called “Agreement” and this provides how to govern and operate during the subsistence of the agreement.

 

An agreement may be implied or express contract. Where the terms of the agreement are explicit, the business should evaluate the risks and be prepared for any foreseeable risks that may arise in the current market circumstances and protect itself from the unforeseen risks (Force Majeure Clause). For implied and unwritten business arrangement, the company will be operating in an uncontrolled and ungoverned territory and may cost the company irreparably, if things don’t operate the way they are supposed to, and legal binding of the implied agreement depends on external factors and burden of proving the transaction and losses are high. So, the management should focus on dealing with the governing business through the Agreements.

 

Agreement decides whether you have a falling business or scope to rise above the troubled water.”

 

It is imperative to work along with the legal team to overcome the uncertainties and to operate within a controlled business environment. In the interest of economies of scale of business, as a rule, litigation should be the last resort. When agreement provides for business certainty why take long shots with regard to company future.

 

As such, in case a client (or a set of clients) is important for the survival of a business, then the business should take proactive measures to re-negotiate, re-design, or structure the transaction to make it sustainable to both the business and the clients. If you are expensive to your client, your dealings with them are bound to fall to the ground. Importantly, be the first to make a proposal for restructuring a transaction before your clients make a decision against you and it’s too late.

 

Change is constant, adaption is a rule and knowing when to adapt will decide the success” 

 

Conventionally, business teams are oriented to gain business, finance to control costs and project profits, so they pay no heed to transactional risks. Inevitably, in order to succeed, the leaders have to make decisions that involve exposure to risk. However, it is important to take calculative and informed decisions with regard to such a risk exposure and the same has to be documented through an agreement to avoid uncertainties and ambiguity. Drawing up an agreement is not just a good-to-have measure, but it is a tool to resolve conflicts in case of disputes. 

 

To be triumphant, all teams should collaborate and structure a workable business transaction for the clients. Overpromising-Underperformance and low promises and overperformance both strategies kill the business, but a sustainable, performance and an achievable business agreement works well for all and leads business to a successful path. In this, the legal contribution would be to enlighten the business with unbiased views of the nature of risk and consequences that may arise therefrom.

 

Notably, business conglomerates are successful in a way they are, since they operate and function by making informed decision knowing their exposure and risks, and on the contrary, start-ups can’t afford legal costs and hence fall prey in the hands of business eagles who specialize in acquiring businesses at low cost (or no cost). As a result, start-ups rise and fall over-night. 

 

Measures: Evaluate your business agreement and understand the cost-value proposition as the deal/ transaction stands. In essence, restructuring your business agreement to current market will help companies to retain clients. This task also helps companies to evaluate high-cost clientele and to allocate funds to sustain the business or make the decision to let go of a client for the larger good.

 

 

SUMMARY

Pragmatic and proactive measures make to business sustainable and keep it afloat.”

This article outlines legal measures which the business managers have to evaluate and reconsider under the Covid-19 crisis. It aims to highlight the common areas of lacuna in business operations. Pragmatic and proactive measures make the business sustainable and keep it afloat. Introspection into business processes, models, operations, and business flow, and the results of such analysis helps to strategize and acclimatize to the current business environment. Change is inevitable so the factors are key to thrust and succeed. Having enforceable and sustainable contracts is vital to govern the way the business operates and to understand obligations and liabilities. This will help to plan, strategize, and execute business in an informed way during the time of change in the business environment, and to stay out of troubled waters. These measures may mitigate the disaster and help to survive and succeed in the long run.

 

Authored by: RAMYA KUNAPAREDDY

Corporate and Litigation Lawyer, Hyderabad

 

 

Disclaimer: The content of this article is solely the author’s personal analysis and interpretation. In case you wish to act upon on the basis of the content of this article, please seek legal advice. The author shall not be responsible for any loss you may incur as a result of your actions relying upon this content. The content herein is the copyrighted material of the author and is informational and shall not be used for commercial purposes other than for personal reading.

What Does The Law Say About Data Protection?
Consumer Protection

What Does The Law Say About Data Protection?

Data Protection has emerged to be a leading concern in today’s world due to the rise in the number of cybercrimes. The current Indian legal framework is inadequate in dealing with the threat posed by cyber-crimes. The Supreme Court of India has also recognized the need and importance of legislation that seeks to protect the personal data of the citizens. Based on this report, the Personal Data Protection Bill was tabled in the Parliament. The Bill has not yet become a law. Once passed, it will become the sole law addressing data protection issues in India, replacing Section 43A of the Information Technology Act, which regulates data privacy in India currently. 

The Information Technology Act, 2000


In 2008, Section 43A was inserted in the Information Technology Act along with Section 72A to address the issue of protection of personal data. Section 43A makes a company that collects sensitive personal data and fails to protect the same, thereby causing wrongful gain or loss liable for damages. Sensitive personal data is nothing but sensitive information that may be used to identify a person. For instance, information like password, biometrics, medical records, physical and mental health, financial information, or any other information which relates to a person, and which can be misused against that person.

 

However, information of an individual that is freely available from a public domain or under the Right to Information Act is not included under sensitive personal data or information. Section 72A spells out the penalty for unauthorised disclosure of such information. Any person who discloses sensitive personal data shall be liable to be imprisoned for a term not exceeding three years or fine up to INR five lakhs or both. 

 

 

The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011


The Sensitive Personal Data or Information rules presently regulate data protection in India. They only apply to companies and individuals based in India. The Sensitive Personal Data Information Rules, mandate the following:

 

  1. Rule 3 lays down an illustrative list of information that may be considered as sensitive personal information. It includes information like passwords, credit/ debit card information, biometrics, sexual orientation, medical history, physical and mental health condition. 

  2. Rule 4 makes it mandatory for a company to draft a privacy policy and make such policies accessible for the people who are giving their personal information. 

  3. Rule 5 and Rule 6 contain certain basic duties and obligations which are to be complied with by the company seeking information.

  4. Rule 8 mandates certain reasonable security practices and procedures that all companies are required to adopt. 

 

Conclusion 


The Sensitive Data Protection Rules have been inadequate in addressing the issue of data protection. Not having a dedicated law aimed at data privacy, is altering India’s image in the world. The Personal Data Protection Bill, 2019 (PDP), as stated earlier, if passed, will become an exclusive law regulating data protection in India.

 

The PDP seeks to protect not only sensitive personal information but personal information of all kinds. It calls upon companies that collect and determine the purpose of collection of personal information to follow certain safeguards in order to protect the data from being leaked. Among other things, the PDP, stresses on the consent of the individual for the processing and usage of his personal data. If passed, it can go a long way to provide proper data protection mechanisms in India.