87% Indians citizen believe data violation, 50% worried about Aadhaar security: survey
A majority 87% of India's citizens believe one or more of their personal data elements are already in public domain or in databases that have been compromised, revealed a survey by LocalCircle. The percentage of citizens who confirmed their personal data is in public domain are leaked has jumped from 72% to 87% in the last 36 months.
When comparing the survey results of 2022 and currently, the percentage of citizens who confirmed that their personal data is in public domain or leaked has jumped from 72% to 87% currently. Among those who believe their personal identification data has been leaked or in public domain, over 50% state it is their Aadhaar or PAN card details or both that have been compromised. For the present situation, citizens hold various arms of the government, telcos, banks and ecommerce apps/sites responsible, noted the survey results.
During the Mahakumbh many people received WhatsApp messages from unknown numbers seeking donations. Many of the recipients of such messages took to social media to complain about how they were being bombarded despite not having shared their numbers. “Data privacy is a big joke in India…Never shared our mobile numbers with ISKON but always get donation messages. Looks like unauthorized data selling…” one of the citizens shared on Local Circles. Similar complaints were found on platforms like X.
"Hopefully, the Ministry of Electronics and Information Technology, which released the draft rules for the Digital Personal Data Protection (DPDP) Act after a long wait of 16 months and invited public inputs via the MyGov portal by March 5, will plug this menace soon. Without the rules in place, the legislation, which was passed in Parliament in August 2023, couldn’t come into force," said Sachin Taparia, founder of Local Circles.
The Ministry of Electronics and Information Technology (MeitY) has made a significant move in addressing these concerns, releasing the long-awaited draft rules for the Digital Personal Data Protection (DPDP) Act. After a prolonged 16-month wait, the government has opened the draft rules for public input via the MyGov portal, with feedback due by March 5. However, the DPDP Act, passed in Parliament in August 2023, cannot come into effect until these rules are formalized.
The draft rules mark a pivotal step toward enhancing data governance in India, focusing on preventing personal data breaches and establishing more stringent control over data flows across borders. One key provision under the new rules is the creation of a specialized government-appointed committee responsible for determining which categories of personal data must remain within India's borders. Data fiduciaries seeking to process personal data outside the country will be required to meet specific conditions outlined by the government.
India has witnessed several high-profile data breaches in recent months, adding urgency to the need for stronger data protection laws. In October 2024, Star Health Insurance, one of the country’s largest health insurers, was hit by a massive data breach that compromised the personal details of 31 million customers. This breach, coupled with a 2023 report from cyber security firm CloudSEK revealing a security incident exposing personal information of 750 million Indians, underscored the vulnerabilities of Indian citizens’ data. The breach exposed sensitive information, including names, mobile numbers, addresses, and Aadhaar details, and was later found to be marketed on underground forums by threat actors from CyboDevil and UNIT8200. With the exposed data amounting to 1.8 terabytes, this incident has been deemed one of the largest data breaches in recent history, affecting 85% of the India
The series of breaches has brought to light the widespread lack of proper data protection measures across many organizations in India, including government offices. According to citizen reports on Local Circles, while personal data is often collected by entities ranging from telecom providers to ecommerce platforms, there are limited safeguards in place to protect this data once it is in the hands of these organizations. Despite mandates or requests for personal information, many organizations fail to implement sufficient checks and balances to ensure data security.
The delay in the implementation of the DPDP Act has caused growing frustration among citizens, who feel that their personal data is at constant risk. The draft rules, which are now open for public feedback, are seen as a crucial step toward holding organizations accountable and protecting citizens' privacy rights.
