Why in news?
- The report by a German cybersecurity firm that medical details of millions of Indian patients were leaked and are freely available on the Internet is worrying.
- The firm listed 1.02 million studies of Indian patients and 121 million medical images, including CT Scans, MRIs and even photos of the patients, as being available
- Such information has the potential to be mined for deeper data analysis and for creating profiles that could be used for social engineering, phishing and online identity theft, among other practices that thrive on the availability of such data on the Darknet
- The reason for the availability of this data is the absence of any security in the Picture Archiving and Communications Systems (PACS) servers used by medical professionals and which seem to have been connected to the public Internet without protection
- Unlike the data protection regulations in place in the European Union and in the U.S., India still lacks a comprehensive legal framework to protect data privacy. The Draft Personal Data Protection Bill 2019 is still to be tabled but could enable protection of privacy.
- While the 2019 version of the Bill seeks to retain the intent and many of the recommendations of the Justice Srikrishna committee, it has also diluted a few provisions.
- For example, while the Bill tasks the fiduciary to seek the consent in a free, informed, specific, clear form (and which is capable of being withdrawn later) from the principal, it has removed the proviso from the 2018 version of the Bill that said selling or transferring sensitive personal data by the fiduciary to a third party is an offence.
