Context:
Recently, the Ministry of Corporate Affairs fixed a critical vulnerability of exposing personal details i.e., Personally Identifiable Information in its online portal.
About Personally Identifiable Information (PII):
- PII encompasses data held by various organizations that can potentially identify a specific individual.
- It could include information such as Aadhaar, PAN, voter identity, passport details, date of birth, contact numbers, communication addresses, and biometric information.
- It specifically refers to information linking to an individual.
Various types of PII:
- Direct Identifiers: Include passport, driver’s license numbers, etc.
- Indirect Identifiers: Include more general personal details such as race, birthplace, etc.
Threats:
- The country ranked fourth globally in malware detection in the first half of 2023, with nearly 45% of Indian businesses experiencing a substantial increase in disruptive cyberattacks in 2022.
- Moreover, around 67% of Indian government and essential services organizations faced a 50% surge in disruptive cyberattacks.
Measures to safeguard PII: Adherence to various laws:
- Compliance with the Information Technology (IT) Act 2000;
- Digital Personal Data Protection Law (individual consent for data usage; data principal rights);
- International Privacy Regulations in Data Protection Strategy.
- Best practices for web applications and browser security, email security, wireless security, USB security, and protection against phishing attacks are crucial.