Privacy

Privacy is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.

When something is private to a person, it usually means that something is inherently special or sensitive to them. The domain of privacy partially overlaps with security, which can include the concepts of appropriate use, as well as protection of information. Privacy may also take the form of bodily integrity. The right not to be subjected to unsanctioned invasions of privacy by the government, corporations or individuals is part of many countries' privacy laws, and in some cases, constitutions.

Privacy is a fundamental right, essential to autonomy and the protection of human dignity, serving as the foundation upon which many other human rights are built.

Privacy enables us to create barriers and manage boundaries to protect ourselves from unwarranted interference in our lives, which allows us to negotiate who we are and how we want to interact with the world around us. Privacy helps us establish boundaries to limit who has access to our bodies, places and things, as well as our communications and our information.
The rules that protect privacy give us the ability to assert our rights in the face of significant power imbalances.

As a result, privacy is an essential way we seek to protect ourselves and society against arbitrary and unjustified use of power, by reducing what can be known about us and done to us, while protecting us from others who may wish to exert control.

Privacy is essential to who we are as human beings, and we make decisions about it every single day. It gives us a space to be ourselves without judgement, allows us to think freely without discrimination, and is an important element of giving us control over who knows what about us.

Concept Of Privacy

KJ Dearie, product specialist and privacy consultant at Termly, reviews three core concepts in global privacy laws: transparency, accountability and user control

1. Transparency

   Data privacy, as a concept alone, was not on the public's radar until the social media boom of the last ten years. Even then, it took the culmination of high-publicity incidents - like the Cambridge Analytica-Facebook election scandal and the 2018 Google data breach - for the term "data privacy" to enter the public vernacular with the weight it carries today.
   Given the shift in consumer attitude toward scepticism in the face of data collection, the law has been fast to follow (and in some cases, lead the way), ushering in the era of transparency.
   
   Take Australia's Privacy Act 1988, for example. This was one of the earliest privacy laws to be enacted and continues to be amended as technology and digital practices evolve. Among the ground-breaking statutes written into the law is the thoroughness the legislation mandates of companies' privacy policies.
   The act determines the need for any subject company to create a privacy policy that outlines how and why data is collected - a requisite that can be seen in other early transparency-focused laws, like the California Online Privacy Protection Act (CalOPPA).
   
   Where Australia's law surpasses the scope of other privacy policy-requiring laws is in the depth of transparency it necessitates.
   
   For example, the Privacy Act 1988 demands privacy policies disclose:
   
   • Who data may be shared with
   • How users can edit or request access to their data
   • How someone can make a privacy-related complaint or breach claim
   • Whether data may be transferred outside the country, and what countries this could involve
   These strict disclosure guidelines have since been adopted in laws across the globe:
   From the EU's General Data Protection Regulation (GDPR) to India's Personal Data Protection Bill 2018.
   
   Now, given both the legal precedent and the public's concern over their personal data, it would be unheard of to encounter a privacy law void of strict transparency requirements.
    
2. Accountability
   The United States alone saw 446.5 million exposed records due to data breaches in 2018. As data becomes a highly valuable commodity, and hackers adapt to security systems and protection measures, a great responsibility is being placed on companies to protect the data they collect, store, and share.
   
   Notably, the California Consumer Privacy Act (CCPA), which is based in California but has extraterritorial scope, introduced a groundbreaking consumer right for Americans - the right to sue for loss of privacy.
   
   Under the act, California consumers whose data is breached can sue the company responsible for storing the data for loss of privacy, even if no physical or monetary damages are suffered.
   
   The onus of protecting the privacy of individuals has long been a concept rather than a mandate for businesses and websites worldwide. Now, the law is trying to define what responsible data collecting and storing means, and what consequences lie on the other side of negligence.
    
3. User Control
   Company responsibilities aren't the only matters being addressed in the new wave of privacy laws - internet users are also being given more rights over their own data.
   Among these new rights are two major themes: rights over already-collected data, and rights over the future collection of data.

Rights Over Collected Data
One of the most notable laws regarding consumer rights over their data is the GDPR. Articles 15-21 of the regulation grant data subjects rights, such as to access, edit, delete, or transfer personal data that has been collected from them.

Other privacy laws have followed suit, notably Brazil's Lei Geral de Proteção de Dados Pessoais (LGPD), which gives data subjects these same rights, and adds the right to explanation - meaning data subjects can request information about why and how their data is being processed.

Rights Over The Future Collection Of Data
Not only do today's data privacy laws expand user rights over collected data, but many of them also offer new rights to users regarding the future collection and processing of data.
The main example of this - and a data privacy concept growing rapidly - is cookie consent. Under legislation like the ePrivacy Directive (also known as the EU Cookie Law), consumers are asked to consent to the collection of data through cookies via banners and modals that pop up upon visiting a website.

Even more, laws like ePrivacy require businesses to allow users to set their cookie category preferences (e.g., a user can consent to a website using analytics cookies, but deny the deployment of advertising cookies).

An updated version of the ePrivacy Directive - the ePrivacy Regulation (institution date yet to be determined) - is on the horizon, promising even more comprehensive guidelines for cookies.

This is a chapter taken from the first edition of The Right to Privacy: A Doctrinal and Comparative Analysis. The book was co-written with Dr. Hilary Delany and published by Round Hall in 2008.

The chapter provides a conceptual analysis of the notion of a right to privacy and serves as an introduction to the general themes that are explored in the remainder of the book in chapters.
The chapter reviews the literature on the difficulties of defining a right to privacy and provides a summary of the work of authors such as Judith Jarvis Thomson, Russell Brown, Warren and Brandeis, Ruth Gavison, Beate Rossler, Nicole Moreham and Daniel Solove.

The chapter argues in favour of an approach in accordance with which the right to privacy is justified as a necessary element of a system which adequately values and protects human autonomy. Privacy is argued, in this regard, to go beyond the simple protection of the secret or confidential so as to include the social dimension of human existence. Protecting privacy encourages the individual to fully engage in this social sphere by facilitating experimentation, intimacy and the development of a sense of individual and social identity.

The chapter then proceeds to consider the differences between privacy as an autonomy value and privacy as a legally enforceable right. It would not be workable for the law to define privacy as anything which engages individual or social identity.

The chapter therefore proposes a tripartite distinction between different types of privacy claim:

• Decisional privacy:
  This is the entitlement of an individual to make their own decisions. It is argued that this is incoherent as an independent legal right.
   
• Spatial privacy:
  This a claim of privacy over a physical space, whether that be territorial privacy or the privacy of the individual's own body.
   
• Informational privacy:
  This is claim of privacy over particular information.

The chapter then considers the extent to which a right to privacy may be regarded as a claim of control over these dimensions. It concludes that control should not be understood in this context as an all-or-nothing entitlement to prevent all access to the area in question. Privacy is a more complex and context-sensitive concept. Thus a right to privacy operates as an entitlement to exercise control over who may access a particular dimension and/or of the use that may legitimately be made of such access. Just what the right involves will depend upon the particular circumstances of the claim.

The chapter concludes by considering the relationship between privacy and freedom of expression. It argues that privacy and freedom of expression are, in many instances, complementary. Protecting privacy may facilitate the individual's freedom of expression. A conflict will more frequently arise between privacy and the media's freedom of expression. However, the expression rights of individuals and of the media are different in character and in degree. There is a necessity therefore for a more nuanced and sophisticated understanding of the relationship between privacy and the expression rights of individuals and of the media.

Laws In India

The Constitution of India does not patently grant the fundamental right to privacy. However, the courts have read the right to privacy into the other existing fundamental rights, ie, freedom of speech and expression under Art 19(1)(a) and right to life and personal liberty under Art 21 of the Constitution of India. However, these Fundamental Rights under the Constitution of India are subject to reasonable restrictions given under Art 19(2) of the Constitution that may be imposed by the State.

Recently, in the landmark case of Justice K S Puttaswamy (Retd.) & Anr. vs. Union of India and Ors., the constitution bench of the Hon'ble Supreme Court has held Right to Privacy as a fundamental right, subject to certain reasonable restrictions.

India presently does not have any express legislation governing data protection or privacy. However, the relevant laws in India dealing with data protection are the Information Technology Act, 2000 and the (Indian) Contract Act, 1872. A codified law on the subject of data protection is likely to be introduced in India in the near future.

The (Indian) Information Technology Act, 2000 deals with the issues relating to payment of compensation (Civil) and punishment (Criminal) in case of wrongful disclosure and misuse of personal data and violation of contractual terms in respect of personal data.

Under section 43A of the (Indian) Information Technology Act, 2000, a body corporate who is possessing, dealing or handling any sensitive personal data or information, and is negligent in implementing and maintaining reasonable security practices resulting in wrongful loss or wrongful gain to any person, then such body corporate may be held liable to pay damages to the person so affected. It is important to note that there is no upper limit specified for the compensation that can be claimed by the affected party in such circumstances.

The Government has notified the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. The Rules only deals with protection of Sensitive personal data or information of a person, which includes such personal information which consists of information relating to:

• Passwords;
• Financial information such as bank account or credit card or debit card or other payment instrument details;
• Physical, physiological and mental health condition;
• Sexual orientation;
• Medical records and history;
• Biometric information.

The rules provide the reasonable security practices and procedures, which the body corporate or any person who on behalf of body corporate collects, receives, possess, store, deals or handle information is required to follow while dealing with Personal sensitive data or information. In case of any breach, the body corporate or any other person acting on behalf of body corporate, the body corporate may be held liable to pay damages to the person so affected.

Under section 72A of the (Indian) Information Technology Act, 2000, disclosure of information, knowingly and intentionally, without the consent of the person concerned and in breach of the lawful contract has been also made punishable with imprisonment for a term extending to three years and fine extending to Rs 5,00,000 (approx. US$ 8,000).

It is to be noted that s 69 of the Act, which is an exception to the general rule of maintenance of privacy and secrecy of the information, provides that where the Government is satisfied that it is necessary in the interest of:

• the sovereignty or integrity of India,
• defence of India,
• security of the State,
• friendly relations with foreign States or
• public order or
• for preventing incitement to the commission of any cognizable offence relating to above or
• for investigation of any offence,

It may by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource. This section empowers the Government to intercept, monitor or decrypt any information including information of personal nature in any computer resource.

Where the information is such that it ought to be divulged in public interest, the Government may require disclosure of such information. Information relating to anti-national activities which are against national security, breaches of the law or statutory duty or fraud may come under this category.

Information Technology Act, 2000
The Information Technology Act, 2000 (hereinafter referred to as the "IT Act") is an act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternative to paper-based methods of communication and storage of information to facilitate electronic filing of documents with the Government agencies.

Section 415 of IPC states that Whoever, by deceiving any person, fraudulently or dishonestly induces the person so deceived to deliver any property to any person, or to consent that any person shall retain any property, or intentionally induces the person so deceived to do or omit to do anything which he would not do or omit if he were not so deceived, and which act or omission causes or is likely to cause damage or harm to that person in body, mind, reputation or property, is said to cheat.

For example: There are two persons A and Z. A exhibits the false sample of an article to Z and intentionally make Z believes that the article corresponds with the sample. A here induces Z to buy and pay for the false sample of article. A cheats Z. The right to privacy refers to the concept that one's personal information is protected from public scrutiny. U.S. Justice Louis Brandeis called it "the right to be left alone." While not explicitly stated in the U.S. Constitution, some amendments provide some protections.

The right to privacy most often is protected by statutory law. For example, the Health Information Portability and Accountability Act (HIPAA) protects a person's health information, and the Federal Trade Commission (FTC) enforces the right to privacy in various privacy policies and privacy statements.

The right to privacy often must be balanced against the state's compelling interests, including the promotion of public safety and improving the quality of life. Seat-belt laws and motorcycle helmet requirements are examples of such laws. And while many Americans are quite aware that the government collects personal information, most say that government surveillance is acceptable.

Constitutional Rights

The right to privacy often means the right to personal autonomy, or the right to choose whether or not to engage in certain acts or have certain experiences. Several amendments to the U.S. Constitution have been used in varying degrees of success in determining a right to personal autonomy:

• The First Amendment protects the privacy of beliefs
• The Third Amendment protects the privacy of the home against the use of it for housing soldiers
• The Fourth Amendment protects privacy against unreasonable searches
• The Fifth Amendment protects against self-incrimination, which in turn protects the privacy of personal information
• The Ninth Amendment says that the "enumeration in the Constitution of certain rights shall not be construed to deny or disparage other rights retained by the people." This has been interpreted as justification for broadly reading the Bill of Rights to protect privacy in ways not specifically provided in the first eight amendments.

The right to privacy is most often cited in the Due Process Clause of the 14th Amendment, which states:
No state shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any state deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws.

However, the protections have been narrowly defined and usually only pertain to family, marriage, motherhood, procreation and child rearing.

For example, the Supreme Court first recognized that the various Bill of Rights guarantees creates a zone of privacy in Griswold v. Connecticut, a 1965 ruling that upheld marital privacy and struck down bans on contraception.

Which Countries Have The Best Cloud Privacy Laws In 2020?

Switzerland
Switzerland is probably the best place to be for privacy. Article 13 of the Swiss constitution guarantees citizens' their right to privacy and there are strict federal laws in place to protect your data. The Federal Data Protection Act and the Data Protection Ordinance protect personal data and prohibit any processing of it unless authorized by the subjects or law.

Tips For Prevention

Privacy is an increasingly rare commodity these days. Just search for yourself on Pipl.com-you might be surprised at the number of companies that claim to have information about your family, income, address, phone number and much, much more.

That is because your personal information, including your email address, phone number and social security number, is worth a lot of money to legitimate businesses and bad guys alike. The bad guys just want to steal from you. Companies want to know as much about you as possible so they can sell you more products and services or serve you ads that are highly relevant to your demographics and preferences.

So, take these simple steps to protect your valuable personal information:

1. Do not fill out your social media profile.
   The more information you share online, the easier it's going to be for someone to get their hands on it. Do not cooperate. Look at your social media profiles and keep them barren-the people who need to know your birth date, email address and phone number already have them. And what exactly is the point of sharing everything about yourself in your Facebook profile? If you care about your privacy, you won't do it.
    
2. Don't share your social security number /Adhar Number
   Think twice about sharing your social security number / Adhar Number with anyone, unless it's your bank, a credit bureau, a company that wants to do a background check on you or some other entity that has to report to the IRS. If someone gets their hands on it and has information such your birth date and address they can steal your identity and take out credit cards and pile up other debt in your name.
   
   Even the last four digits of your social security number should only be used when necessary. The last four are often used by banks an other institutions to reset your password for access your account.
   
   Plus, if someone has the last four digits and your birth place, it's a lot easier to guess the entire number. That's because the first three are determined by where you, or your parents, applied for your SSN. And the second set of two are the group number, which is assigned to all numbers given out at a certain time in your geographic area. So a determined identity thief with some computing power could hack it given time.
    
3. Lock down your hardware.
   Set up your PC to require a password when it wakes from sleep or boots up. Sure, you may trust the people who live in your house, but what if your laptop is stolen or you lose it?
   Same thing with your mobile devices. Not only should you use a passcode to access them every time you use them, install an app that will locate your phone or tablet if it's lost or stolen, as well as lock it or wipe it clean of any data so a stranger can't get access to the treasure trove of data saved on it.
   
   And, make sure your computers and mobile devices are loaded with anti-malware apps and software. They can prevent prevent criminals from stealing your data. We recommend Norton Internet Security ($49.99 on norton.com or $17.99 on Amazon) in our computer security buying guide or stepping up to Norton 360 Multi-Device ($59.99 on norton.com or $49.99 on Amazon) if you have mobile devices. And, you'll want to double up your protection on Android devices by installing, since we found anti-malware apps are dismal at detecting spyware.
    
4. Turn on private browsing
   If you don't want anyone with physical access to your computer to see where you're hanging out online you should enable "private browsing," a setting available in each major web browser. It deletes cookies, temporary Internet files and browsing history after you close the window.
   
   Every company that advertises online is interested in knowing what sites you visit, what you buy, who you're friends with on social networks, what you like and more. By gathering information about your online activities they can serve you targeted ads that are more likely to entice you to buy something.
   
   For instance, the Facebook, Twitter, and Google+ buttons you see on just about every site allow those networks to track you even if you don't have an account or are logged into them. Other times information collection companies rely on embedded code in banner ads that track your visits, preferences, and demographic information.
   
   If you truly care about your privacy you'll surf the Internet anonymously by hiding your IP address. You can do this using a web proxy, a Virtual Private Network (VPN) or Tor, a free open network that works by routing your traffic through a series of servers, operated by volunteers around the world, before sending it to your destination.
    
5. Use a password vault that generates and remembers strong and unique passwords.
   Most people know better than to use the same password for more than one website or application. In reality, it can be impossible to remember a different one for the dozens of online services you use. The problem with using the same password in more than one place is if someone gets their hands on your password-say, through a phishing attack-they can access all your accounts and cause all sorts of trouble.
   
   To eliminate this dilemma, use a password manager that will not only remember all your passwords, but will generate super strong and unique ones and automatically fill them into login fields with the click of a button. LastPass is an excellent and free choice.
    
6. Use two-factor authentication.
   You can lock down your Facebook, Google, Dropbox, Apple ID, Microsoft, Twitter and other accounts with two-factor authentication. That means that when you log in, you'll also need to enter a special code that the site texts to your phone. Some services require it each time you log in, other just when you're using a new device or web browser. The Electronic Frontier Foundation has a great overview of what's available.
   
   Two-factor authentication works beautifully for keeping others from accessing your accounts, although some people feel it's too time consuming. But if you're serious about privacy, you'll put up with the friction.
    
7. Set up a Google alert for your name.
   This is a simple way to keep an eye on anything someone might be saying about you on the web. It's just a matter of telling Google what to look for (in this case, your name), as well as what kinds of web pages to search, how often to search and what email address the search engine giant should use to send you notifications. Set up a Google alert here.
    
8. Pay for things with cash.
   According to Business Insider, credit card companies are selling your purchase data to advertisers. Don't want companies knowing how much booze you're buying or other potentially embarrassing habits? Buy things the old fashioned way-with coins and bills.
    
9. Keep your social network activity private.
   Check your Facebook settings and make sure only friends can see what you're doing. Go to the settings cog in the upper right hand corner of your screen, then click on Privacy Settings >> Who can see my stuff.
   
   On Twitter, click on the settings cog, then Settings. From there you can adjust all sorts of privacy settings, such as a box that gives Twitter permission to add your location to tweets as well as the ability to make your tweets private, meaning only people you approve can see them. You can also stop the microblogging platform from tailoring your Twitter experience based on other sites you visit.
   
   If you use Google+, go to Home >> Settings. There you can adjust things like who can interact with you, comment on your posts or start a conversation with you.
    
10. Don't give our your zip code when making credit card purchases.
    Often stores will ask for your zip code when you're checking out with a credit card. Don't give it to them unless you want to donate your details to their marketing database, warns Forbes. By matching your name, taken from your credit card, with your zip code, companies can more easily mine more information, including your address, phone number and email. address.
     
11. Lie when setting up password security questions.
    "What is your mother's maiden name?" or "In what city were you born?" are common questions websites often ask you to answer so as to supposedly keep your account safe from intruders. In reality, there's nothing secure about such generic queries. That's because someone who wants access to your account could easily do some Internet research to dig up the answers.

How to protect your privacy online
Limit the personal information you share on social media
A smart way to help protect your privacy online? Don't overshare on social media. Providing too much information on Facebook, Twitter, and Instagram could make it easier for cybercriminals to obtain identifying information, which could allow them to steal your identity or to access your financial information. For example, could an identity thief determine your high school mascot or your mother's maiden name from digging through your Facebook account? This information is sometimes used as security questions to change passwords on financial accounts.

Unfortunately, many people don't take this advice. In a 2018 study, the Identity Theft Resource Center found that approximately 52 percent of respondents shared personally identifying information through social media sites.

And that's just the start of the oversharing. The same study found that about 48 percent of respondents shared information about their children, while nearly 33 percent shared information about their location. A total of 42 percent of respondents shared information about their travel plans through social media.

To protect your online privacy, ignore the "About Me" fields in your social media profiles. You don't have to let people know what year or where you were born - which could make you an easier target for identity theft. Explore different privacy settings, too. You might want to limit the people who can view your posts to those you've personally invited.

Create strong passwords, too, for your social media profiles to help prevent others from logging into them in your name. This means using a combination of at least 10 numbers, special characters, and upper- and lower-case letters. And never use personal, easy-to-guess information - such as your birthdate or pet's name - as your password.

Browse in incognito or private mode
If you don't want your computer to save your browsing history, temporary internet files, or cookies, do your web surfing in private mode.

Web browsers today offer their own versions of this form of privacy protection. In Chrome, it's called Incognito Mode. Firefox calls its setting Private Browsing, and Internet Explorer uses the name In Private Browsing for its privacy feature. When you search with these modes turned on, others won't be able to trace your browsing history from your computer.
But these private modes aren't completely private. When you're searching in incognito or private mode, your Internet Service Provider (ISP) can still see your browsing activity. If you are searching on a company computer, so can your employer. The websites you visit can also track you.

So, yes, incognito browsing does have certain benefits. But it's far from the only tool available to help you maintain your privacy while online. Anonymous search engines and virtual private networks can bolster your online privacy.

Use a different search engine
If you're like many web surfers, you rely heavily on Google as your search engine. But you don't have to. Privacy is one reason people prefer to use anonymous search engines. This type of search engine doesn't collect or share your search history or clicks. Anonymous search engines can also block ad trackers on the websites you visit.

Some products do a more comprehensive job of protecting your privacy. The Norton Privacy Manager app strives to take online privacy to a new level with features that include a search engine and a VPN, among others.

The Norton Privacy Manager app may be a newcomer to the online privacy space, but it's backed by more than 25 years of security expertise from cybersecurity leader, Symantec. Norton Privacy Manager helps to make it easier for you to control your online privacy, so you can connect and browse on the internet without sharing your personal information.

Norton Privacy Manager includes ad blockers and tracker blockers to prevent invisible online trackers from following your personal information around and collecting your browsing history.

Norton Privacy Manager's default search engine does not collect, store, or share search histories or personal information about users.2 Therefore, it cannot tailor advertisements based on user behavior or sell that behavioral data to advertisers. Rather, advertisements included in search results are based on contextual information, such as the search term entered, and are not tailored to the individual.

Use a virtual private network
A virtual private network (VPN) gives you online privacy and anonymity by creating a private network from a public internet connection. VPNs mask your Internet Protocol (IP) address so your online actions are virtually untraceable.

Using a VPN is especially important when you're on public Wi-Fi at a library, coffee shop, or other public location. A VPN will make it more difficult for cybercriminals to breach your online privacy and access your personal information.

The standalone Norton Secure VPN has a no-log policy, meaning it does not collect, or "log," information transmitted through the network. It doesn't save information about users' personal details, where users go online, or what users download or search for. Therefore, users' online activities stay private and anonymous.

You can find many free VPN solutions, but it could make more sense to pay for a service from a trusted security provider if you want the maximum amount of privacy protection while online.

Be careful where you click
One of the ways in which hackers compromise your online privacy is through phishing attempts. In phishing, scammers try to trick you into providing valuable financial or personal information. They'll often do this by sending fake emails that appear to be from banks, credit card providers, or other financial institutions. Often, these emails will say that you must click on a link and verify your financial information to keep your account from being frozen or closed.

Don't fall for these scams. If you click on a phishing link, you could be taken to a spoofed webpage that looks like the homepage of a bank or financial institution. But when you enter in your account information, you'll be sending it to the scammers behind the phishing attempt, not any bank, credit union, or credit card company. Before clicking on suspicious links, hover your cursor over the link to view the destination URL. If it doesn't match the financial website you use, don't click.

Also, remember that banks or other financial institutions will never ask you to provide account or financial information through an email. If you receive such an email and you are wary, log in directly to your financial provider's online account portal. You can then check to see if there are problems with your account. Or call the financial provider yourself to ask if there are any problems with your account - using the customer-service number from one of your statements or the provider's website, not the one included in the suspect email you received.

Secure your mobile devices, too Many of us spend more time surfing the web, answering emails, and watching videos on our smartphones than we do on our laptops. It's important, then, to put as much effort into protecting our online privacy on our phones and tablets as on our computers.

To start, make sure to use a passcode to lock your phone. It might seem like a hassle to enter a code every time you want to access your phone's home screen. But this passcode could offer an extra layer of protection if your phone is lost or stolen. Make sure your passcode is complex. Don't use your birthdate, your house number, or any other code that thieves might be able to guess.

Use caution when downloading apps. These games and productivity tools could come embedded with dangerous viruses. Only buy games from legitimate sources.

Use the same caution, too, when searching the web or reading emails on your mobile devices as you do when using your laptop or desktop computer.

Don't ignore software updates, either. These updates often include important protections against the latest viruses. If you continue to ignore them, you could be leaving your smartphone's operating system and programs vulnerable to attack.

Use quality antivirus software
Finally, always install antivirus software on all your devices. This software can keep hackers from remotely taking over your computer, accessing your personal and financial information, and tracking your location.

And once you install this software, don't forget about it. Manufacturers frequently update their virus protection software as a defense against the latest malware, spyware, and other viruses. Install updates as soon as they become available.

How to Prevent Data Theft
These are top tips from the experts to help you keep your company's sensitive information safe from data thieves.

1. Get rid of paper.
   If you have to keep paper files, shred them as soon as they are no longer needed. According to John Rowan of Advantage Business Equipment, there are nine things businesses should shred:
   
   • Any mail with a name and address
   • Luggage tags
   • Trip itineraries
   • Extra boarding passes
   • Credit offers
   • Price lists
   • Vendor payment stubs and paid invoices.
   • Cancelled checks
   • Receipts
      
2. Assess which data you need to protect most.
   "Have an audit or assessment on your data," says Greg Kelley, EnCE, DFCP, of Vestige Digital Investigations. "Everyone company is different. They have different regulations, different types of data, different needs for that data and a different company culture. Hire an outside expert to assess what data you have, how you are protecting it (not how you think you are protecting it) and where that data is going. While you may think it is an unnecessary cost, if you report to clients and potential clients that you have had an outside data assessment, you may find it puts you at an advantage over your competitors."
    
3. Restrict access to your sensitive data.
   "Not everyone in the company needs access to everything. Does the project manager need pricing information? Does the sales person need operations information? By restricting what data each person has access to, you limit your exposure when an employee decides what they want to steal or when the employee's account is compromised by an outsider,"
    
4. Enforce data privacy controls inside and out.
   Hold third parties and contractors your company engages to the same strict data privacy controls you implement in your own organization. Audit them periodically to ensure compliance with your security standards.
    
5. Use strong passwords to protect computers and devices.
   Make it difficult for outsiders to access your company's and employees' devices and computers if they are lost or stolen by protecting them with strong passwords and by enabling remote wipe on all devices.
    
6. Install or enable a firewall.
   Even small companies with few employees have valuable data that needs to be protected. Ensure you have a firewall in place to keep outsiders from accessing your company network.
    
7. Secure your wireless network.
   Use a strong password and use encryption and security to hide your wireless network from outsiders. Don't let neighbors or passers-by hop onto your network, or even see that it exists. You're just inviting trouble.
    
8. Use encryption to prevent data theft.
   Ensure all sensitive information that is being transferred or emailed is encrypted. Encryption should also be installed on all company laptops, mobile devices and removable media.
    
9. Use a proxy.
   "That free internet at the airport or the cafe is actually shared with dozens or hundreds or other users who might be sniffing your traffic," says Roberto Arias Alegria, IT Security Consultant at Metaluxo IT Security. "Since encrypted connections (SSL) are far from universal, an easy to use proxy service can save you from prying eyes (e.g. Zenmate, or TunnelBear)."
    
10. Activate two-factor authentication.
    "No matter how secure is your password, there's more than one way to get it. Consider using 2FA whenever you can, Google, Yahoo, Twitter and many popular services already have support for 2FA," says Arias.
     
11. Restrict movement of information.
    "Do not permit the transfer of personal information (names, Social Security numbers, Medicare numbers, employee or medical data etc.) to a portable medium, like a laptop or mobile device. This data should be processed in-house, not on an airplane or a commuter train or at home," says Robert Ellis Smith, Publisher, Privacy Journal.
     
12. Take extra steps to protect your most sensitive data.
    "Truncate Social Security numbers, or remove them from the data base and store them elsewhere apart from the original data file, with a means to link the two later if necessary. Regularly remove sensitive personal data from online databases or "the cloud" and process it off-line," says Smith.
     
13. Use anti-virus software and anti-spyware.
    Update all software on your company's network whenever updates become available. This includes security software, browsers, and operating systems. Don't use free security software as sometimes these contain "scareware" that can fool employees into compromising your network.
     
14. Require strong passwords for all employees.
    "More than 70 per cent of breaches are due to weak passwords or poor password management," says Darren Guccione, CEO and co-founder of Keeper Security, Inc. Make sure you use passwords that are at least eight characters in length and utilize a combination of uppercase and lowercase letters, numerals and symbols."
     
15. Have a "clean desk" policy.
    Implement and enforce a policy prohibiting employees from keeping working papers, passwords or any sensitive documents in view while they are away from their desks. Every workstation should have a lockable drawer for employees to secure sensitive information.
     
16. Guard against social engineering.
    Teach employees to recognize and report attempts by outsiders to get information. Train them on the various techniques used by fraudsters, such as "phishing" and "smishing" and to never open attachments or download anything from an unknown source.
     
17. Beware of personal devices.
    "Make sure that you have policies and technology to address the risk of people bringing personal devices to work," says Joseph Steinberg, CEO of SecureMySocial. "All access to the Internet from such devices - or from devices brought by visitors to your office - should be done via a separate network than is used for company computers. Many routers come equipped with such a capability. Personal devices can be infected with malware that can steal data if the devices are connected to corporate networks."
     
18. Implement social media policies.
    "Create, and enforce with technology, appropriate social media policies. Don't pretend that policies alone will ensure that employees don't make inappropriate social media posts - you need technology to help with this task as people make mistakes - and they can be costly to your business. Many breaches start with criminals crafting spear phishing emails based on overshared information on social media," says Steinberg.
     
19. Be prepared for mistakes.
    "Employees are humans, and humans make mistakes," says Quinn Kuzmich, adjunct professor of software security and computer forensics at Colorado Technical University, founding partner at NagaSec Information Security and a Senior IT Security Analyst for Skillsoft. "Mistakes leave your system vulnerable. And when it comes to data security, these mistakes happen all the time. Data gets saved in the wrong folders, which weren't configured in the right way - this means the wrong people have access to the data. If you forget this important rule, the wrong people will remind you."
     
20. Be nice to your employees.
    A disgruntled employee can be the most dangerous vulnerability in your company's data protection program.
     

There is no specific data protection authority in India. The IT Act provides for an adjudicating officer to be appointed to adjudicate whether a person has contravened the IT Act or its rules where the claim of injury or damages does not exceed 50 million rupees. If the claim exceeds 50 million rupees, the adjudicating authority would be the civil court. The Secretary to the Ministry of Information Technology in each state government has been appointed as the adjudicating officer.

The adjudicating officer has all powers of a civil court. These include summoning the attendance of persons and examining them on oath, requiring the discovery or production of documents and other electronic records, receiving evidence on affidavits and issuing commissions for the examination of witnesses or documents.

The police have the power to investigate offences under the IT Act such as under section 72 and section 72A.

Under specialised statutes relating to banking, telecom and in the medical field, the relevant sectoral regulator has powers.

Legal obligations of data protection authority
Discussion on privacy issues is as old as mankind. Starting with the protection of one's body and home, it soon evolved in the direction of controlling one's personal information. In 1891, the American lawyers Samuel Warren and Louis Brandeis described the right to privacy in a famous article: it is the right to be let alone.

In 1967 a new milestone was reached with the publication of Alan Westin's Privacy and Freedom when he defined privacy in terms of self-determination: privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.

Written By:

1. Gurmeet Singh, Advocate, For M/S Gurmeet Singh & Associates, Advocates and Legal Consultants,
   Website: www.gurmeetsinghandassociates.com /.in, Email: [email protected], Ph No:+91 8750002000
2. Ms. Vagisha Gupta
3. Adv.Vidushi Jain
4. Adv. Hritwik
5. Adv. Aman Sharma
6. Sh.Aman Karamvir
7. Adv.Tripty Rajput
8. Ms. Divya Kaushal
9. Adv.Alpana Yadav