Tech startups have been predominantly working towards innovating on data collection from their users. In this reality, protecting user data is becoming increasingly important. Global legislations have been introduced over the past few years which define and detail the manner in which companies ought to handle data.
With privacy law on the way, what to look out for
India is still dealing with and working on its Data Privacy laws. Years after the Puttaswamy judgement that held that privacy was a fundamental right, which put Parliament on the road to legislating data protection, the process continues to drag on. The government is reportedly considering entirely shelving the current draft of the bill and replacing it with something friendlier to the startup ecosystem.
Regardless of legislation, the question still remains – what data privacy challenges do companies face today and how do legal frameworks recommend dealing with them?
Preventing breaches is a main goal of data privacy systems. One of the biggest challenges is the advanced technological infrastructure that law mandates companies to have, to ensure that they are using best available industry practices to secure their personal information.
While encryption and password protection was largely used and accepted as the norm, complex technological developments have left legislators and regulators seeking better safeguards. In fact, traditional approaches of relying on antivirus, anti-spam software tools, and firewalls are becoming less effective.
Even outside of the draft data protection law in India, moves have been in place to recommend systems to organisations to bolster their data privacy systems. In November 2020, the Bureau of Indian Standards established the Data Privacy Assurance standard to govern the collection and processing of personal data.
High profile data breaches and scandals have left the public wary, and companies are now grappling to establish that their platforms are in fact, safe to be used, even as regulators and the government watch as these incidents grow more common. Several companies are also dealing with internal privacy issues, where try as they do, it has become increasingly difficult to safeguard user’s data from employees, with privacy not being baked into systems as a fundamental principle.
Spending on data privacy is important and inevitable for startups and corporates alike. Very few companies have the intention to invest in training their employees on how to handle data, how to deal with sensitive data and the importance of maintaining its confidentiality. Since this is not always a priority for startups, it leads to massive concerns for them in the future. The European Union’s General Data Protection Regulation, for instance, specifically requires companies to conduct internal training and data audits, giving companies a comprehensive framework to approach securing personal information.
Data collection is growing. Since this data is also used to drive user experience, enhance service quality, as provided to users, it becomes more important than ever to secure it; this is especially important as this data is growing more granular as time goes on. Most technologies developed today are improved and trained using data, and as they say – you can never have too much data to train an AI bot. What would be the best way to ensure that interests of all stakeholders are protected while the company uses and processes its users’ data?
It is important to understand where data comes from, and what it is used for. A great solution to the mammoth problem of data privacy would be to track how data is being collected, its flow internally and its processing, storage, disposal, and so on. Ensuring that you have customised policies which deal with all aspects of a business, such as the communication regarding how the company handles data and expects all stakeholders to handle data is also cardinal. Data protection laws and principles generally recommend external communication with customers, vendors and service providers and internal communication between the company and its team members.
This is the decade of personal data: It is high time that technology startups and companies start treating data privacy as an issue that could potentially be the biggest hindrance they will face in the coming years, especially with emerging technologies like the Metaverse which may rely on mountains of personal information to run. With users becoming more aware, laws becoming stricter and competition amongst companies growing, companies with the best policies and security actions would definitely be leading from the front in this battle!
