Businesses must allow self-regulation, infrastructural, and technological changes to help tighten security
Governments and companies dealing with technology are in the midst of gathering huge measures of personal information which prompts the creation of new laws and guidelines to appropriately characterize and secure individual privacy. For online services and websites, securing their clients' information is a perplexing topic.
Guidelines, similar to the most recent Personal Data Protection (PDP) Bill, 2019, are pointed toward tending to and making a structure that permits the handling of individual information of clients to be safer and has adequate arrangements set up in the event of a breach.
Allowing Indian users several rights over their data, the PDP Bill, 2019 is aimed at protecting this data, while helping businesses, native and foreign both, serve their constituents with clear-cut transparency and with ample security in place, by design.
To achieve this, the Indian Government has mandated that all personal and sensitive data of consumers be stored within the Indian territory, while allowing online services a higher level of access to an individual’s non-personal data. This limited, or in the other case, increased access to data, can help businesses serve customers better while at the same time securing the sensitive parts of the data.
Consumer Data as Defined in the PDP Bill
An entity or person’s personal data pertains to attributes of identity, traits that can be used to identify an individual. Whereas, non-personal data constitutes your order history, the preferred mode of payments; data through which individuals cannot be identified but can provide insights on how a service is being used.
Allowing the storing and processing of Indian users’ non-personal data on international servers could potentially prove to be in the benefit of consumers who can receive a more personalized service.
Simultaneously, one just cannot overlook the progressing issues of security breaks and information theft. The technically correct path with data privacy, and the high risk, high reward potential of data sharing is yet to mutually coexist together.
The bill essentially regulates the collection and processing of personal data of Indian citizens by the government, native companies, and even foreign companies that deal with the data of Indian citizens. This also allows individuals to potentially administer certain rights with respect to their own personal data.
E-Commerce and the Importance of Data Privacy and Data Sharing
Transparency in the processing of personal data is strictly indicated in the PDP Bill. However, when it comes to ecommerce websites, missing authorizations for some smaller businesses could pose a problem since their data practices might require updating, if not a complete replacement.
Introducing, managing, and maintaining a data security model could help minimize the risk of any data leakage, but at the same time prove to be a daunting task for businesses just starting out. Since private companies depend on public data to scale their businesses, these policy changes amidst the boom of ecommerce have become quite complex.
Currently, for ecommerce businesses, the best way is to securely manage data to protect the most sensitive elements while reaping the benefits from the insights it leads to.
When it comes to data fiduciaries, the entity that stores and processes consumer data, necessary steps should be taken to ensure that the data processed by them is complete, accurate, not misleading and updated, against the purpose for which it was processed. This requires a constant effort on part of the businesses to adhere to these regulations.
There are also multiple benefits of allowing non-personal data to be shared on international servers. For instance, being aware of a customer’s preferred payment method and their order history can allow businesses to target their audience accurately and with a higher level of personalization which helps drive loyalty in brand and customer retention.
With regards to payment services and gateways, the PDP Bill calls for a structural change at an organizational level to their data handling procedures. For companies handling financial data, the Bill explores a higher level of obligations to better preserve customer financial data. Account numbers, transaction history, and such are routinely used by a variety of different businesses and must exercise a different approach to how that data is handled. The first line of defense added is the compulsion for businesses to get ‘explicit consent’ from the user to process their financial data. As the lines between explicit and regular consent can get blurry, businesses must enlist a higher threshold for certain types of data.
Conclusion
Personal Data Protection Bill aims to boost data privacy while allowing a helpful level of data sharing. Businesses must allow themselves a level of self-regulation and infrastructural and technological changes to help tighten security. The government seeks to ensure that the personal data of Indian citizens are safeguarded and stored locally within the confines of the country to have better control over it.
As non-personal data is now free-range, the key for businesses is to correctly wield big data and integrate the insights into their practices to help build a more personalised experience and improve customer retention.
Despite the intense competition within the ecommerce landscape, digital businesses that correctly use customer data have an advantage over those that do not. E-commerce by design is nimble and adaptable. Since e-commerce sales have a digital footprint, it is easy for companies to understand what works for their customers. There is a clear opportunity to not only grow on competency, but also provide customers with viable, reliable, and relevant services.
The author is Founder- Khojdeal
DISCLAIMER: Views expressed are the author's own, and Outlook Money does not necessarily subscribe to them. Outlook Money shall not be responsible for any damage caused to any person/organisation directly or indirectly.