Blog article
See all stories »

Personal data everywhere ?

Early morning, I received a call in my cell phone from a consumer finance company explaining to me about some consumer finance/EMI offers. After a few hours, I received a call from one call entre of a bank selling credit cards about life time free card with other offers. In the afternoon, I received a call from an Insurance company about some insurance offers and insurance tied with investments. These are few of the calls and examples which are quoted where each one of us receive on a daily basis. I don't consider myself to be a high net-worth individual/very important person/person in public domain to be receiving calls with such frequency. Obviously I have not registered myself in  the" do not call " registry website and immeditelt felt that I should have done that .

In the afternoon, I checked on to a web site of a travel company provider to look for some options for travel during holidays and these were very casual checks and not a planned one. When I went to another site using the same laptop/IP address, immediately popups appeared as to the offer between "travel destinations" which I was searching earlier. Yet another instance was in terms of trying to make a mobile payment and when visiting the quick payment options by searching the google engine, multiple websites appeared. I tried to open one website which was used earlier and immediately my mobile number and mobile account number popped up without any registration or login. Since the earlier payment was through credit card, the entire credit card information except for CVV was auto-populated into the screen though I have not given permission to store the credit card data in any sites. Though CVV is captured in encrypted format and credit card payments are further authenticated using multi-factor authentication techniques, it still remains a concern to me.

There are other sites where one registers for making purchases/online shopping/ecommerce and the access could be browser based or through mobile. In most of these sites, apart from name and e-mail address, mobile numbers, residential address with PIN and other credentials are given. There is also increasing tendency to provide PAN details, Aadhar, KYC or other forms of identity details relevant to country which are shared completing the registration process/formality. There is also a message to comply with KYC guidelines and asking to provide mandatory documents to register in many online shopping /establishments mandatorily. In the urgency to complete the registration, we tend to furnish this information in an adhoc manner without recheck. People are also lured by the freebies /discounts being offered through the ecommerce platform for a particular event and are not sensitized by the confidential personal information being captured/shared.

A few of the social media sites are mediums where data once used/searched by existing user gets stored and in seconds, the search data is shared or used by multiple other websites for sourcing some other information. Needless to say, there is an Analytical engine running over these sites which enables collecting of the data, analyzing the data, tracks the IP address and next time when we are logging into a website surprises one with certain information where one is searching. There is also a tendency to upload photographs/images, update of status by an individual for important events like birthday celebrations , awards and ceremonies or important places visited etc which could be misused.

The mobile numbers are possibly shared by service providers/agents of the companies to different sources – with/without a fee. It could be possible that the mobile number data is being extracted secretly, shared with other like- minded companies and used for calling purposes. In terms of the personal data, it is available in mobile/laptop and used /shared through network making the data really vulnerable.

The extent of data that is tied with mobile/credit card/PAN/Aadhar is enormous wherein some of the data may not be known to immediate family members but available to select set of vendors/company which they use for purposes benefitting them.

The EU parliament has approved the GDPR (General data protection regulation) in 2016 to harmonize data privacy laws across Europe and to protect and empower the citizen's data privacy. However, this is in a very early form and all citizens across the globe are susceptible to data theft/attacks /breaches in cyber world currently. It will take time to have laws framed in terms of controlling the data, sharing the data, protecting the data, usage of the data, processing the data and till that time, it is up to the individual to safeguard to the extent possible.

To conclude, when digitization and communication revolution is happening across the globe, an individual is vulnerable to a data threat /piracy of personal information – mobile number, card number, identification details, Bank account number (in few rare cases) and the likes. Though there are security measures inbuilt for accessing the sites and for conducting financial transactions that may require multiple authentication modes, the threat still looms and one need to be wary of the information being shared in the cyber space. Till the cyber security and protection reaches a matured stage with a collective rule/regulation encompassing the devices, websites with technology assistance on controlled data sharing and processing across the countries/geographies, it is up to the individual to take adequate measures in using/sharing the personal data over the web. 


Comments: (0)