news Archives -

pradeep@brainguru.in +91 9810953232

Update Your WhatsApp Now

0 Comments

Update Your Mobile Apps Now, As WhatsApp admitted a major cybersecurity breach. Every once in a while a major bug, vulnerability or security scare will spark panic. In most cases, it’s absolutely unnecessary panic.

Israeli hacking outfit NSO Group, a developer of malware typically used by governments, was caught using a hack targeting WhatsApp that allowed the attackers to remotely spy on the victim’s phone.  The only indication that a phone might have been hacked is a missed call, often later deleted from the call log.

WhatsApp owner Facebook said it detected the hack and pushed out a fix to the app stores last night. WhatsApp didn’t mention the attack in its release notes, sparking criticism from some security experts for downplaying the risk of the vulnerability.

There was just one small missing piece of information from most reports: You probably weren’t a target.

Unless you’re a nuclear scientist or a government spy — or in this case a human rights lawyer — you’re probably not of any interest.

Exploits like the ones used in WhatsApp require a lot of time and effort to develop. They also have to be effective, undetected and reusable. Every time an exploit is used against a target runs the risk that someone finds out — the very opposite of covert surveillance.

“No software is 100% secure,” said Woodward. “As long as you practice good security hygiene such as keeping your passwords secure and your apps up to date, the vast majority should be quite safe from this attack, even if you are a target.”

Steps to update WhatsApp on Android Devices

Open the Google Play store
Tap the menu at the top left of the screen
Tap My Apps & Games
If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
The latest version of WhatsApp on Android is 2.19.134

Steps to update WhatsApp on iOS Devices

Open the App Store
At the bottom of the screen, tap Updates
If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
The latest version of WhatsApp on iOS is 2.19.51

#WhatsAppUpdate



‘Storing away data in more nations debilitates protection, security spread’

0 Comments

Facebook has taken an extreme remain against putting away information where it works as the organization’s prime supporter and CEO Mark Zuckerberg on Wednesday sketched out another course for the long range interpersonal communication mammoth, which additionally possesses Whats App and Instagram. Facebook, which has been entangled in debates over abuse of client information in decisions, as far as advancing viciousness, said it is happy to be obstructed in a couple of nations.

“There’s an essential contrast between giving an administration in a nation and putting away individuals’ information there,” Zuckerberg composed on the organization’s site. He included that Facebook has picked “not to construct server farms in nations that have a reputation of disregarding human rights, similar to protection or opportunity of articulation” as “it could make it less demanding for those legislatures to take individuals’ data.”

While Zuckerberg did not make reference to anything about India or a particular nation, he included that “putting away information in more nations likewise builds up a point of reference that encourages different governments to look for more noteworthy access to their resident’s information and thusly debilitates protection and security assurance for individuals around the globe.”

Zuckerberg’s announcement comes when Indian government is really busy administering a few arrangements like Personal Data Protection Bill, 2018 and Draft E-trade Policy, which require organizations like Facebook, Google, and Amazon to store touchy information of Indian clients in the nation. Facebook’s arrangements to dispatch installments inside its Whats App informing administration hit an obstacle a year ago when RBI turned out with information localization standards. Facebook is relied upon to be consistent with the standards in the next eight-to-nine months. What’s App has opposed requests by the administration to empower detect-ability of messages to check gossipy tidbits.

“Facebook is encompassed by campaigning and information burglary discussions. Imprint’s announcement demonstrates a subtle provocation to Indian officials, will’s identity intensely subject to Facebook and What’s App in the up and coming general decisions,” said Virag Gupta, legal advisor, and digital master. Gupta has likewise been instrumental with late court procedures of What’s App in India, which was recorded by the Center for Accountability and Systemic Change(CASC) a year ago.

Whenever reached, a Facebook India representative declined to remark on the ramifications of the Zuckerberg’s announcement for India. At this moment Facebook does not have a server farm in India but rather has one in Singapore.



Biggest Cyber Attack of India Tecnimont loses 130 crore through eMail

0 Comments

Biggest Cyber Attack of India Chinese fraudsters has reportedly siphoned off Rs. 130 crore through eMail from the Indian arm of Italian company Tecnimont SpA by taking native managers into confidence that the cash was needed for a buying deal, one in all the most important cyber heists within the country.

Currently being termed jointly of the most important cybersecurity breaches within the country, the Indian arm of the Italian company, Tecnimont SpA has been hit by a cyberheist of Rs. 130 crore.

The Chinese hackers sent emails to the Indian arm, impersonating because the cluster chief executive officer, asking to transfer cash required for a buying deal, and were convincing enough to form them believe that the cash couldn’t are transferred through Italy thanks to restrictive problems.

As email is that the largest vector of communication for any enterprise around 93% of cyber attacks as well as information breaches, ransomware, malware and cyber heists like this one started at the Human Layer wherever the worker wasn’t able to differentiate a phishing email to a real one.

The tech-savvy criminals sent emails to the chief of Tecnimont Pvt Ltd, the Indian subsidiary of Italy-based Tecnimont SpA, through Associate in a Nursing email account that appeared misleadingly like that of cluster chief officer (CEO) Pierroberto Folgiero.

The report mentioned that the hackers then organized multiple conference calls to speak a few doable “secretive” and “highly confidential” acquisition in China. As per the criticism lodged by Tecnimont Pvt Ltd to the Bombay Police’s crime unit, a lot of individuals compete varied fallacious roles throughout these telecommunication conferences, concealment behind fakes identities, pretense to be the cluster chief executive officer, a position Switzerland-based attorney and alternative senior members of the corporate.

The hackers persuaded the Bharat chief that the fund couldn’t be sent from Italy as a result of sure restrictive problems. He then transferred the cash in 3 tranches throughout one week in Nov. the cash that was sent — USD five.6 million, USD 9.4 million and USD three.6 million — from Bharat to the banks in the city was taken out, inside a couple of minutes. The impostors tried for a fourth transfer, however, by then the fraud had been unearthed. In Dec, it became obvious once Tecnimont SpA chairman El Caudillo Ghiringhelli visited Bharat, the report mentioned.

The hackers conjointly organized a series of conference calls throughout this method, impersonating as representatives of the cluster chief executive officer and an attorney talking concerning a buying deal arrange in China that created the chieftain believe additional firmly into this story.

The money daily quoted a senior govt attentive to the matter as locution that rhetorical scrutiny was done by the firm. conjointly hiring a Mumbai-based law company, the report mentioned that the US-based security firm Kroll is additionally trying into the matter.

#CyberSecurity #Tecnimont



Data Privacy And Cyber-security Issues In Mergers And Acquisitions

0 Comments

Data privacy and cyber-security issues play a progressively prominent role when evaluating a possible company merger or acquisition target. Knowing a way to manage these issues might mean the difference between a mergers and acquisitions ( M&A ) transaction and one that quickly turns into a liability nightmare for the customer. As data privacy, cybersecurity, and data breach risks are necessary due diligence problems in mergers and acquisitions. Post-acquisition discovery of security issues and even notifiable breaches could be a way too common situation.

Verizon’s acquisition of Yahoo in February 2017 provides a recent, high-profile example. Verizon ultimately determined to move forward with the acquisition, even after discovering that Yahoo had suffered 2 huge data breaches, compromising over one billion user accounts. The foremost extremely publicized example of a merger or acquisition-related cybersecurity downside was Verizon’s discovery of a prior data breach at Yahoo! When having executed an acquisition agreement to acquire the corporate.

Over a third (40%) of acquiring corporations engaged in a very merger and acquisition dealings aforesaid they found a cybersecurity downside throughout the post-acquisition integration of the acquired company. Thus, 80th of respondents aforementioned that cybersecurity issues became extremely necessary within the M&A due diligence method whereas 70th of respondents aforementioned compliance issues are one amongst the foremost common forms of cybersecurity problems uncovered throughout due diligence, whereas 400th aforementioned a lack of comprehensive security design is also common.

Even for those acquiring corporations that shall inspect data security problems as a part of the M&A due diligence method. More often than not, the lawyers ask a battery of routine, privacy-related queries of a corporation even when that company doesn’t collect or handle consumer personal data. The main focus on data privacy, and not security more generally, is due partially to a general lack of awareness of broader cybersecurity issues, and a hyperawareness of the risks related to data breaches. To a large degree, an emphasis on data breach risks isn’t shocking since corporations should publically disclose breaches of private data to customers, and also the media often focuses considerable attention on these breaches, particularly large-scale ones.

This summarizes the growing potential issues like legal, financial, reputational, and operationally associated with cybersecurity, and additionally provides practical solutions on the way to identify, understand, and mitigate those risks throughout the merger or acquisition due to diligence method.
Therefore, in any merger and acquisition deal, conducting a strong level of due diligence is merely the battle. Putting in place representations and warranties during a purchase agreement, significantly as it considerations data privacy and cyber-security matters, is turning into an increasingly vital measure in guaranteeing a smooth and safe transaction.



Geospatial Information will be part of Data Protection Bill

0 Comments

The Geospatial Information Regulation Bill will be the part of proposed Data Protection Bill for shielding geospatial information.

“One may contend that the proposed geospatial bill and the information assurance charge, which manages information of an individual sort, require various types of authoritative and implementation reaction. Be that as it may, on the off chance that one examination the two bills, there is an impressive cover here. The geospatial information in any touchy and vital association additionally pulls in arrangements for protection and security,” said a senior government official who talked on the state of namelessness.

He included that capacity of geospatial information, as well, need to pursue the general security standards and principles that would be appropriate to delicate individual data or basic information in the bill proposed by the Justice BN Srikrishna-drove panel.

The proposed geospatial charge manages information on an area gathered through satellites, unmanned aeronautical vehicles (UAVs), flying machine and inflatables. Information or pictures or graphs or maps that show characteristic or man-made physical highlights, wonders, limits on earth are under its domain.

The bill gives that spreading, distributing or showing data that is probably going to influence the “security, sway or honesty” of the nation would turn into a culpable wrongdoing. There is an arrangement for setting up a security verifying specialist that would investigate uses of geospatial data or information suppliers to get the pictures people in general area.

“Cruel corrective arrangements and the larger idea of the bill made it exceptionally dubious and it is in the same class as dead at this point. Be that as it may, comparative offenses can be characterized and punishments proposed both for geospatial and individual information. In the geospatial bill, there is an arrangement for a security reviewing specialist for conceding a permit for gathering information. Also, an information assurance expert is proposed in the information security bill for upholding the information insurance administration of the nation. The cover can be stayed away from,” said the authority.

Following the accommodation of the Justice BN Srikrishna panel report, the administration is firming up an information security law that will characterize subjects as “data principals” and any element that gathers information as “data fiduciaries”. The proposed bill additionally gives reformatory arrangements to rupture of information.

The proposed bill says it would be the duty of “data fiduciaries” to deal with information in a reasonable and dependable way.

“Information security bill must be all-encompassing. An attention on touchy individual information may not work well for the nation. It is basic to incorporate more sorts of information, including geospatial information, inside the ambit of the proposed information security bill. In any case, it must be guaranteed that it is empowering in nature and would allow lawfulness to geospatial information,” says legal counselor Pawan Duggal, who manages matters of protection and digital security.

Starting at now there is no engaged lawful structure to manage geospatial information.

#GeospatialInformation #GeospatialInformationBill



FaceBook Security Issue Deepen 29 Million effected

0 Comments

Facebook Security Issue Deepen as we have said earlier in our Blog Post regarding FaceBook Hacked.
Facebook Attackers stole details from twenty-nine million users. Facebook opposition aforementioned in late Sep that hackers scarf digital login codes permitting them to require over nearly fifty million user’s accounts in its worst security breach ever, however, didn’t make sure if the data had really been taken.
The company aforementioned that for fifteen million folks, attackers accessed 2 sets of data – name and phone details together with
phone range, email, or both, counting on what the people had on their profiles.

For another fourteen million users, the attackers conjointly accessed different details enclosed username, gender, locale/language, relationship status, religion, hometown, current town, birthdate, devices accustomed access Facebook, education, work, and therefore the last ten places they checked into or were labeled in.
“We’re cooperating with the Federal Bureau of Investigation, that is actively investigating and asked North American country to not discuss WHO is also behind this attack,” Facebook aforementioned on a Blog post.

People will check whether or not they were stricken by visiting our facilitate Center. within the returning days, we’ll send custom-built messages to the thirty million folks affected to elucidate what info the attackers may need accessing, further as steps they’ll go for facilitating defend themselves, together with from suspicious emails, text messages, or calls.

This attack didn’t embody traveler, traveler children, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts. As we glance for different ways in which the folks behind this attack used Facebook, further because the risk of smaller-scale attacks, we’ll still collaborate with the Federal Bureau of Investigation, the North American country Federal Trade Commission, Irish information Protection Commission, and different authorities.

#FaceBook #FacebookHacked



Data Privacy Issue with Google Plus

0 Comments

Google is on the point of having its Cambridge Analytica moment. A security bug allowed third-party developers to access Google+ user profile information since 2015 till Google discovered and patched it in March, however, set to not inform the globe. once a user gave permission to associate degree app to access their public profile information.

The bug additionally let those developers pull their and their friends’ personal profile fields. Indeed, 496,951 users’ full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship standing were doubtless exposed, tho’ Google says it’s no proof the info was ill-used by the 438 Apps that would have had access.

Few corporations would dream of getting to come back out publically to inform customers their information had probably been exposed however had not been purloined or ill-used. Disclosures of knowledge incidents were usually saved just for the crimes.

But The Wall Street Journal’s report Monday that Google could have tried to hide up a bug that exposed the info of its Google+ social network customers shows however the wheel has turned. Google’s hiding was meant to quell any potential requires regulation over digital issue reported , and it shows however the routine, unreported privacy incidents of yesterday area unit progressively obtaining time within the limelight.

Google eventually disclosed the bug in an exceedingly, the expression a Google+ bug exposed personal information of up to 5 Lac users.

Regulators may mark currently, as they did with Uber once the corporate unconcealed a security breach that it tried to hide up with giant payments within the name of a “bug bounty” to hackers WHO found the info. the corporate has paid $148 million in settlements due to this incident, that was comparatively minor apart from the hiding. The Federal Trade Commission can keep an eye fixed on the car-hailing service for twenty years due to the matter.

The company set against informing the general public as a result of it’d cause “us coming back into the spotlight aboard or maybe rather than Facebook despite having stayed underneath the measuring system throughout the Cambridge Analytica scandal,” in step with an enclosed note. currently Google+, that was already a town, for the most part, abandoned or ne’er underpopulated by users, has become an enormous liability for the corporate.

Google additionally can amendment its Account Permissions system for giving third-party apps access to your information such you have got to verify every style of access singly instead of all without delay. Gmail Add-Ons are restricted to those “directly enhancing email practicality,” together with email shoppers, backup, CRM, mail merge and productivity tools.
#GooglePlus



Time to Logout from FaceBook – Data Privacy Issue

0 Comments

On Friday, Facebook proclaimed that a minimum of 50 Million and probably up to 90 Million Facebook users had their knowledge exposed to hackers in a very breach involving the social media platform’s “View As” feature, that helps you to read your own account as if you were somebody else.

The company declared in a political candidate journal post that earlier in the week, on Tuesday, September 25, it known a vulnerability in its code that had been a gift and unobserved for over a year. That vulnerability gave hackers the power to “take over people’s accounts” by stealing their access tokens — primarily, the “digital keys” that enable individuals to remain logged sure days, weeks, or months at a time.

At the time of its announcement, Facebook aforesaid it had already “fixed the vulnerability and enlightened enforcement.” it’s conjointly reset the access tokens for each account that it’s confirmed to be affected, still as for each account that has accessed the “View As” feature within the last year, as a preventative live. “As a result, around ninety million individuals can currently have to be compelled to log back into Facebook, or any of their apps that use Facebook Login,” Facebook aforesaid.

While acknowledging that the breach was huge, Facebook aforesaid it’s no info concerning WHO was accountable, what their intentions were, or whether or not any account info was mishandled. “Since we’ve just about started our investigation, we’ve however to work out whether or not these accounts were exploited or any info accessed,” the corporate aforesaid.

Facebook delineated the attack as having “exploited the advanced interaction of multiple problems in our code.” It’s not entirely clear whether or not the attack was a real hack — during which code is overwritten and manipulated thanks to security flaws, therefore permitting access to hostile parties — or whether or not it had been an imaginative exploitation of the means the system was designed to figure.

“People’s privacy and security is implausibly necessary, and we’re sorry this happened,” Facebook aforesaid by means of apology. it had been a step back from Facebook founder Mark Zuckerberg’s previous apologies within the wake of the Cambridge Analytica scandal, once he aforesaid, “We have a responsibility to shield your knowledge, and if we have a tendency to can’t then we have a tendency to don’t need to serve you.”

It’s conjointly in distinction to a different recent apology from Facebook, conjointly for the Cambridge Analytica breach, during which Zuckerberg acknowledged that “We didn’t take a broad enough read of our responsibility, which was a giant mistake.” and also the same is true for nearly all the opposite apologies Facebook has issued within the past.

At this time, it virtually goes the while not spoken language that news of the huge security breach comes at a foul time for Facebook, that has return underneath intense scrutiny this year for everything from privacy scandals to the worldwide disruption of democracy. thus if you’re thinking that continued to use Facebook is a smaller amount and fewer definitely worth the risk of getting your knowledge exploited, well, once again, you’re not alone.

#DataPrivacy #FaceBook #FacebookHacked



Infibeam Plung -Victim of WhatsApp Fake News !

0 Comments

Yesterday, we have seen the panic in Stock Market due to a WhatsApp message before AGM of Infibeam. Infibeam Avenues Ltd, erstwhile Infibeam Incorporation, is a leading e-commerce and payments solutions supplier to businesses and also the government.

E-commerce platform Infibeam Avenues lost over Seventy one (71%) of its stock on Friday when a WhatsApp message spooked investors regarding the firm’s accounting practices on the eve of its annual shareholders’ meeting.

Shares of the Gujarat-based e-tailer dives to the bottom of Rs 53.80 after the Fake News rumored again on WhatsApp, before closing at Rs 58.70 per security.

The message was sent many months ago by an analyst at brokerage Equirus Securities to some purchasers and resurfaced on the electronic messaging platform on weekday. The text aforementioned that the net merchandiser of Apple phones and tablets has given interest-free, unsecured loans to a subsidiary with a reimbursement arrange of over eight years. “There are problems within the company’s balance sheets,” an analyst aforementioned.

A proponent for Equirus processed, “We have solely discharged a post-conference note. There has been no report from our endways the corporate.”

In a restrictive clarification, Infibeam said it has given interest-free unsecured loans to NSI lnfinium Global, its wholly owned subsidiary, since inception. “These are short-term loans, repayable on demand. As of March 31, the closing balance of the loan to NSI is Rs 135 crore, it said.

WhatsApp BOMB!

The panic over Infibeam was triggered by a previous message that resurfaced on WhatsApp weekday. It aforementioned there have been “issues within the company’s balance sheets”. Sources aforementioned the firms business executive had stepped down

#FakeNews #Infibeam #StopFakeNews



Google Turn 20 – Marching towards Cloud Leadership

0 Comments

Google, On 27th September 2018 has turned 20 years. What started as an inquiry project, has changed into a info that covers over ninety % of search on the net.

Google began as an inquiry project by Larry Page and Sergey Brin, each student of the university. the 2 of them visualized a much better system that analyzed the relationships among websites.

The pair went on the far side merely enumeration the quantity of times keywords were used, developing the package that took under consideration factors reminiscent of relationships between web pages to assist verify wherever they ought to rank in search results.
Google was launched in Sept 1998 in an exceedingly garage rented within the Northern CA town of Menlo Park. The name could be a play on the mathematical term “googol,” that refers to the number 1 followed by one hundred zeros.

Google has full-grown larger over the years. The search choices square measure currently on the market in additional than one hundred fifty languages and over a hundred ninety countries-Google remains dedicated to assembling merchandise for everybody. At the top of the video, that is certain to create anybody homesick,

Google has created its place within the world and extremely few will argue its importance in our daily lives. such a lot so the word ‘Google’ has become substitutable with searching for things on the net.

In August 2004, Google went public on the stock exchange with shares priced at $85. Shares
in the multi-billion-dollar company square measure currently commerce higher than $1,000.

While standard search engines stratified results by enumeration what percentage times the search terms appeared on the page, the 2 theorized a few higher system that analyzed the relationships among websites.

Google celebrated its 15-year day of remembrance on Sept twenty-seven, 2013, Associate in Nursing in 2016 it celebrated its eighteenth birthday with an animated Doodle shown on internet browsers around the world. It has used different dates for its official birthday and therefore the reason for the selection of Sept twenty-seven remains unclear.

Google and YouTube
In India, YouTube has 225 million users. Even at this scale our watch time, that is that the variety of hours of content consumed per day, is growing at over a one hundred percent. So, the Indian user’s appetency for online video is unsatiable. we’ve got ne’er seen something find it irresistible within the history of online video anyplace within the world. it’s beautifully exciting. And if you verify the reach of YouTube in underground India in terms of distinctive million guests per day, it’s fifty percent quite the biggest tv network in India. The video is huge and it’s growing by the minute. The inflection purpose extremely happened with the value of knowledge changing into more cost-effective.

Google thanks to its viewers in varied completely different languages. After all, we tend to square measure all united and drawn nearer by Google.

We Congratulate Google Team and Mr Sundar Pichai on 20th Birthday of Google and Hope it will grow its Cloud much faster!



First ever GDPR notice issue to AggregateIQ

0 Comments

AggregateIQ (AIQ), a Victoria-based Canadian digital advertising, web and software firm, is the first company in Canada to receive an enforcement notice under the new European Union General Protection (GDPR) regulations. The United Kingdom Information Commissioner’s Office (the ICO) issued its first extraterritorial enforcement notice under GDPR to AIQ.
ICO slaps AggregateIQ with initial official GDPR notice.

The ICO said that although the data was gathered before 25 May, when the GDPR regulations came into effect, it was concerned about the “continued retention and processing” of data after that date. This, it said, meant GDPR applied to AIQ’s handling of that information.

Earlier this year it was linked to UK data firm Cambridge Analytica by whistleblower Chris Wylie, who alleged that Cambridge Analytica improperly acquired Facebook data belonging to 50 million people via a third party.

A Canadian analytics firm that worked for Vote Leave has received the UK’s initial formal notice beneath a key information law, the UK’s information protection watchdog has confirmed.

AggregateIQ (AIQ) was suspect of process people’s information “for functions that they might not have expected”.

The firm has appealed against the notice, that was issued by the UK’s data Commissioner’s workplace.

AIQ is a small Canadian data firm that uses data to target online ads at voters during public polls. It was paid nearly £2.7m ($3.6m) by Vote Leave to target ads at prospective voters during the Brexit referendum campaign. It was also used by pro-Brexit youth group BeLeave.

Vote Leave has been fined £61,000 and referred to the police after an Electoral Commission probe said it broke an electoral law by exceeding its spending limit by funneling money through BeLeave.

AIQ also received funding from Northern Ireland’s Democratic Unionist Party and Veterans for Britain, amounting to a total of £3.5m from all of its pro-Brexit clients.

Cambridge Analytica has been credited with helping Donald Trump win the US presidential election in 2016.
The GDPR notification was the first in the new data privacy environment where companies are legally obligated to limit the personal data they gather on people, be open about how they use that data, and allow people to demand that their information is deleted.

It was sent in July, amid the ICO’s probes into Facebook data harvesting, although the notice wasn’t posted on the ICO’s enforcement page, and in fact there is no mention of it anywhere on the ICO website. The notice itself [PDF] was hyperlinked in an annex at the end of a “investigation update” into the “use of data analytics in political campaigns.” The fact it was a GDPR notice was only just spotted last week.

#GDPRNotice #AggregateIQ #AIQ #AggregateIQcanada



Ambiguity on Personal Data Privacy Law In India

0 Comments

In July this year, the Justice BN Srikrishna committee projected India’s Personal Data Protection Bill, 2018 to the Centre. With an aim to form a comprehensive framework for data protection suggesting corporations to adopt certain practices to gather, process and store consumers’ information.

The 2018 Personal Data Protection Bill draft that corresponds the EU’s General Data Protection Regulation (GDPR) and comes with the ambiguities. It has its own pain points, a PricewaterhouseCoopers (PwC) and also the Associated Chambers of Commerce and industry of India’s (Assocham) collaborative finding aforesaid.

The draft recommends that each data fiduciary shall make sure the storage, on a server or data center located in India of at least one serving copy of the personal information. This Act applies which means that corporations would be needed to create servers locally. As the move to permit data fiduciaries to save a local copy of all personal information that’s stored outside the boundaries of India might have some negative consequences.

Following the Supreme Court’s recognition of the ‘right to privacy’ as a basic right under the Constitution of India in August 2017. The draft Bill guidelines have attracted a lot of attention within the country. Therefore, the study conjointly found out that the system integrity is also threatened when purging the information.

The exclusion of anonymized information can significantly bring down the obligations on entities each within the private and public sector. As it is recommended that so as to forestall damage to specific teams of people, the limitation of the process and publishing an analysis of anonymized information ought to be evolved.

Data destruction might compromise system integrity in several legacy and CRM systems as these aren’t built to permit data destruction or anonymization. In order to avoid important business ramifications because of data breaches, organizations got to define a well-defined testing mechanism to assess readiness to address any eventualities. The organization can get to limit the collection and reuse of information in line with the consent obtained from the information subjects.

Therefore, the report recommended that the bill ought to propose a layered approach for levying penalties for non-compliance on organizations.

#Dataprivacy



Data Localisation -Amazon Pay – Data to Indian Govt

0 Comments

Data Localisation – As a Compliance Amazon Pay will share all user information to Indian Government. This will consist of a purchaser’s bills information, consisting of private records, and sensitive data that Amazon may want to percentage with the authorities that is in contrast to Amazon’s US exercise wherein, even as disclosing user data to the government, the employer additionally has a transparency file that publishes the number of presidency requests it has received.

This would consist of a customer’s payments statistics, including private facts, and sensitive statistics that Amazon ought to
share with the government if a user has the same opinion to avail of the payments carrier locally. That is an evaluation to Amazon’s US
practice in which, while disclosing user facts to the government, the organization also has a transparency document that publishes
the number of presidency requests it has received, citing how a lot of them had been responded absolutely or in part along
with queries, it refused to answer legally.

Amazon may also proportion users’ payments statistics with the Indian government and enforceable companies, when required, in line with its
privacy policy indexed at the enterprise’s platform.

This can impact on Privacy of each user as new Data Privacy Law is coming in India, and the user will have a choice for Data Privacy.

Amazon Pay runs the era primary’s e-pockets and payments business right here.
“We can be required to the percentage the aforesaid statistics with authorities government, regulators and/or agencies for the
functions of verification of identification or for prevention, detection, research inclusive of cyber incidents, prosecution, and
punishment of offenses. you compromise and consent for APIPL (the employer that houses the payments commercial enterprise) to disclose
your statistics, in that case, required beneath the applicable law,” the privateness policy of the Seattle-based tech giant says on its
India platform.
top remark

so far, Amazon does no longer have any comparable setup for India. “This is consistent with the regulatory requirements below the
license granted via the RBI to Amazon Pay. Compliance with local laws and law is pinnacle precedence for us in all of the
nations we perform in,” a spokesperson of Amazon India stated. The development comes at
a time when India is drafting its very own privateness invoice with consumer records protection on the core of it.

#DataLocalisation #DataPrivacy



Cyber Security Check in Indian Banks !

0 Comments

The extent of data privacy norms in India is way less stringent versus those of the GDPR. Besides, the predomination for banks of public-sector that builds the impression of an implicit sovereign guarantee against the failure of such banks. This reduces the threat of reputation loss of public-sector banks because of cyber attacks.

In August 2018, When Cosmos Bank went through from cyber attack, resulting in approx. Rs 100 crore being siphoned off. In most developed countries similar attacks are rare. Such incidents need an outsized range of accounts to transfer the stolen money. Therefore, In most countries, direct money siphoning from banks through cyber-attacks are small-scale frauds through phishing attacks and stealing of payment cards or data.

Indian banks don’t have a lot of selection regarding a significant revamp of cybersecurity. Cyber attacks are global in nature and, with better cyber-risk preparation in OECD countries, hackers are increasingly specializing in vulnerabilities in emerging-market countries. this may produce existentialist issues for Indian banks. for instance, the money siphoned removed from Cosmos Bank is fourteen times the bank’s FY18 profit.
During 2008-17, banks in India faced 1,30,000 reported cases of cyber fraud involving an estimated Rs 700 crore. this is often comparable to simply 0.006% of the outstanding deposits of Indian banks. in contrast, a severe cyber attack may result in bank failure even once no money is lost directly.

In 2016, the rbi has asked banks to put in place board-approved, strong cyber-risk management systems. The regulator has additionally set norms that put losses because of cyber attacks nearly solely on banks. most significantly, the draft Personal Data Protection Bill, 2018, has projected that for breach of personal data protection, banks would face penalties the same as those under the GDPR.

As several of the ‘old’ private sector banks seem to be better prepared than their larger peers. Indian banks appear to focus a lot of on identification and prevention of cyber-attacks than breach detection, crisis management within the immediate aftermath of detection and corrective measures thenceforth. Quick breach detection and appropriate corrective actions decide the impact of such incidents on banks. Therefore, It is time that Indian banks get up to harsh cyber realities.

#CyberSecurity #cosmosbank #Cybersecuritybanks



Data Localisation & Indian SMEs & Startups

0 Comments

Data Localisation – The Global data protection wave is approaching the Indian shores also. Completely different steps within the previous few months indicate that the country is adopting the necessary local process and storing of crucial personal information.

As India is keen on introducing data protection laws, it comes as a no surprise that the government is trying to promote data localization and contour crucial areas like digital payments and e-commerce, among others. The need for localization comes at some extent once there’s a worldwide discussion happening around the world security and how firms store user data. whereas the necessity of for data localization has been there for an extended time, it got intense after the RBI suggested payment system operators within the country to store client data locally to forestall attainable foreign surveillance.

Kris Gopalakrishnan, the co-founder of Infosys, is heading a panel that might soon release a policy recommending to mandate on data localization within the country. Later in September, it’s already caught the eye of the tech community from across the world, because it may prove to be an enormous blow to tech giants like Amazon and Microsoft, who are providing these services for Indian firms for a while now.

Paytm has to return up with its own build In India version of the AI cloud for storing data locally. It’s launched a cloud computing platform in partnership with Alibaba that is aimed at developers, startups, and enterprises. The Paytm AI Cloud processes and stores all client data locally in servers placed in India whereas conforming to the safety and privacy standards.

Impact On global Players & AI Development:

With this move, global cloud service suppliers like Google, Amazon, and Microsoft are drastically affected, due to their vital presence within the country. While most specialists believe that there would be no long-run negative impact on the large cloud players, Mozilla in a very blog post had written that an information localization mandate would undermine user security, damage the expansion and competitiveness of Indian trade.
Apart from the impact on local and global cloud providers, the larger impact of restricted cloud market may be seen on alternative firms, particularly those startups that rely on client datasets to power their AI models. Data-driven technologies like AI and therefore the internet of things may notice it hard to go with data localization needs.

Therefore, Having local control of data has its own benefits and challenges. Despite the shortfalls, it might nevertheless offer Indian firms and government an simple access to data, if it’s placed locally.



Xiaomi to Migrate its Data Center in India

0 Comments

Data Localisation – The Chinese smartphone maker declared on August 31 that it’d be migrating all the user data of Indian customers to cloud infrastructure primarily based within the country. Xiaomi can move all the existing user data to cloud services provided by Amazon (Amazon Web Services) and Microsoft (Azure) by the end of 2018.

Amazon Web Services and Microsoft Azure, have already got cloud infrastructure in India. Moving all user data to those services primarily based in India would improve the access speed for customers. That’s not all though, as this move also will improve the safety and privacy of all user data.

Manu Jain, managing director, Xiaomi India foresaid that at Xiaomi the data privacy and security are of utmost importance to us. Once the migration is completed, users can notice a rise in speed once accessing the Xiaomi services. We are taking an extra step towards user data security and privacy by bringing our cloud services to India for all native data wants. As Xiaomi, ranked India’s top smartphone maker by IDC, aforesaid all-new Indian user data was being kept on native servers. This can cover all Indian user information across the Xiaomi e-commerce platform, Mi Community, Mi Cloud, MIUI and Mi TV.

As Xiaomi’s move comes as India increasingly sees information localization could be a critical part of governance. The reserve bank of India (RBI) needs data associated with payment systems stored within the country. The recent report on data protection by the BN Srikrishna committee advised that information fiduciaries ought to guarantee data is reflected locally.

Xiaomi’s move reflected the importance of the Indian market, the world’s second largest after China. As data localization is turning into a vital part of governance in India. That is the reason why RBI has notified that information pertaining to payment systems should be settled within India. So, if we glance at the country of 1.3 billion individuals, and you would like to possess access to its market, it makes logical sense to store your information within India. It’ll also give an efficient remedy to individuals affected by breaches underneath Indian laws.
Therefore, All new Indian user information since 1 July is already being kept in local servers and all existing user information on mi.com/in/ are going to be totally migrated to servers in India by mid-September 2018.



Brazil General Data Privacy Law GDPR aka LGPD

0 Comments

The new General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais or “LGPD”) (English translation), giving Brazilian citizens a lot of management over their personal information than ever before. On August 14, Brazilian President Michel Temer signed into privacy protection law.

This new law can enter into force in February 2020 and can apply to anyone collection and creating use of the private data of Brazilian residents. This new law grants people with bound rights relating to their personal information, including, among others, the correct to erasure, the correct to receive the private information, and also the right to information portability.

The Brazilian General Data Protection Act (LGPD) considerably will increase the protection provided to private data by imposing numerous rules and obligations on businesses and corporations that create use of such data. Thus, it’s going to conjointly apply to Israeli corporations doing business in Brazil.
As Brazil isn’t the sole country taking steps following the world trend of privacy legislation. India has recently released its 1st draft of personal data legislation – the personal data Protection Bill, 2018. This bill outlines necessities and limitations like those within the GDPA relating to the collection and process of private information. It conjointly imposes fines and sets out information subjects’ rights. The bill can likewise apply to foreign entities that have a business connection to India, or that keep on any activity involving identification or people in India.

One of the key components of the GDPA needs corporations to update their privacy policies and terms of use so as to reflect and go with the GDPA provisions. additionally, underneath this law, corporations should appoint an information protection officer. The GDPA imposes a fine of up to twenty of the company’s turnover within the preceding fiscal year, just in case of an infringement of a GDPA provision. Fines underneath the GDPA are restricted to a maximum of BRL 50,000,000 per every infringement.

Therefore, it might be wise for businesses and corporations that create use of private information, anyplace within the world, to make sure that their operations and activities are consistent with applicable legislation, primarily that of the jurisdiction within which the relevant information subjects reside. Failure to arrange oneself to the shifting environment of privacy and information protection is probably going to own very negative consequences. Thus, the law goes into result eighteen months when signing, giving corporations till 2020 to bring their data processing practices into compliance.

#LGPD #BrazilLGPD #BrazilGDPA #BrazilGDPR



Mobile Apps Ready for GDPR Compliance

0 Comments

GDPR Impact – Mobile App developers and publishers are completely and directly responsible for their users’ information. The App owners should assure entire visibility with real-time control over the app’s usage and activity. they have to 1st learn everything regarding how they acquire, store, transfer, and use of information, to enhance security.
Mobile apps that rely on advertising to monetize are significantly vulnerable. Apps Developers integrate an average of 18 third-party software system development kits into their apps, as SDK management platform SafeDK suggests roughly 18 opportunities to improperly method information while not consent. Although mobile apps aren’t essentially additional in danger of GDPR violations, they do have specific and nuanced tasks they have to complete so as to comply, and lots of are noticeably behind.

Each of the top 50 free iOS and Android apps within the App Store and Google Play contains multiple SDKs that seem to try and do some type of tracking and information assortment. Apps share responsibility with their information processors for what information is collected, how it’s kept and therefore the handling of information subject requests, like the right to be forgotten or information portability.

Before GDPR, several app publishers finally deleted this “legacy code” from their apps, said Ronnie Sternberg, chief business officer and co-founder of SafeDK. There’s additionally a graveyard of unused SDKs among several apps that developers never daunted to delete and will be leaky information. It’s practical for regulators to hit SDK suppliers 1st due to the immediate knock-on effect across all apps within which they’re integrated. However, that doesn’t mean apps are off the hook.

Publishers shouldn’t look forward to regulators to come back knocking on their door before they get compliant,” Morazan aforesaid. “Not to mention the actual fact that the GDPR empowers an app’s end users, their own customers, to report any violations they see to their native information protection authority.”
The first factor an app should do to comply with GDPR is run an information-mapping exercise to spot what personal data is collected, why it’s collected and therefore the lawful basis for assortment and process, whether it’s legitimate interest or, more likely, consent.
The next step is to make an information minimization policy. Under GDPR, firms will only collect information for specific business functions and can’t keep information longer than necessary. Once all of that’s settled, developers will create consent prompts. It’s not a bad idea to look at the approaches taken by some larger apps with their consent pop-ups. There’s no one way to do it, however, opt-in notices do need full transparency while not going overboard.

Therefore, the conclusion is GDPR can revolutionize the way information is handled by organizations and enterprises. Have to follow the new rules, and therefore the firms as well as mobile apps, have to change their data processing and storage practices, particularly with regards to third-party services (SDKs). Automated observance and control tools are really useful.



New ePrivacy Regulation Will Impact Businesses Over GDPR

0 Comments

Over the past months, the businesses are targeted on the overall General Data Protection Regulation (GDPR), another transformational piece of privacy legislation quietly began to create waves across Europe: the forthcoming European ePrivacy Regulation (ePR). The ePR can replace the present ePrivacy Directive, that has been in place since 2002.
The regulation in question is termed ePrivacy, and it targets, among alternative areas, the right to confidentiality and data privacy on all electronic communications. This includes emails, texts, the web, WhatsApp, Skype, online messaging, VoIP, the internet of Things (IoT), apps, online advertising networks, and telecommunications.

Sometimes referred to as the cookie law, because it is that the law that governs the use of cookies on websites, the regulation can introduce new rules for communications content and communications metadata that may mean that organizations should make sure the confidentiality of all electronic communications and forestall surveillance from third parties.
Although there’s some overlap, the key difference between ePrivacy and GDPR is that GDPR covers the handling of private information in all forms, whereas the e-Privacy regulation covers online communications additional specifically.As with GDPR, ePrivacy’s impact, and heavy fines won’t be restricted to corporations based within the EU.

With British businesses spending an average of £1.3m on GDPR compliance, the news that another new regulation can be simply round the corner might not be welcomed by some. In fact, some believe that ePrivacy might have an even bigger impact, with tech lobby teams arguing that the regulation might stifle innovation.

Implementation of the regulation might be “more turbulent” than GDPR: “The focus is slowly however certainly switch from the GDPR to the forthcoming ePrivacy Regulation that may possibly have a substantial impact on organizations’ digital promoting and advertising methods,” adds Brussels-based of counsel. observing the present proposals, the ePrivacy Regulation might be an additional turbulent journey for the promoting and advertising trade than the GDPR, and should therefore not be underestimated.”

Former Federal Trade Commission workers attorney Julie O’Neill said: “US corporations that thought they were done considering European privacy law is also sure a surprise. The forthcoming ePrivacy Regulation is probably going to affect companies’ online advertising campaigns and analytics solutions. however far the Regulation goes remains to be seen, but there’s very little doubt that several corporations can regulate their practices.”

#ePrivacy #GDPR



Less Cookies – Thanks to GDPR

0 Comments

How GDPR Affects Tracking Cookie Policies

The news sites have over one Google cookie, with topmost 5 being DoubleClick by 87% of sites, Google Analytics by 86 %, Google Tag Manager by 80 %, AdSense by 72 %, and Google arthropod genus by 69 %. The report adds that design optimization cookies fell by 27 %, advertising and promoting cookies by 14 %, and social media cookies by 9 %.

European news sites have reduced the number of third-party tracking cookies by 22 % within the 3 months since the introduction of the GDPR (General Data Protection Regulation), according to a survey of 200 sites by the Reuters Institute for the Study of Journalism at the University of Oxford. Companies that run websites ought to be aware of the matter and prepared to act.

This doesn’t prove that GDPR caused the decline, however, it should have prompted websites to appear at the cookies they were using, and that they currently had to get consent. The report says: “The introduction of GDPR might have provided news organizations with an opportunity to judge the utility of varied options, and to get rid of code that is not any longer of great use or that compromises user privacy”.

There was considerable variation in the results from the seven countries surveyed:
Finland
France
Germany
Italy
Poland
Spain
UK
The number of cookies on UK sites fell by 45 %, whereas the number on German sites fell by solely 6 %. Spain, France, and Italy all saw falls of more than 30 percent. Poland saw a 20-percent increase. However, American technology firms usually evaded the cull. Most of the sites received cookies from Google (96 %), Facebook (70 %), and Amazon (57 %). Facebook cookies dropped by 5 percentage points from 75 %, however, Facebook suffered major issues far beyond the GDPR.

However, the tool cannot give answers to the most topic of interest: how many users are currently block tracking cookies? The GDPR makes it tougher to induce blanket consent to cookie use or, at least, to induce legitimate blanket consent. If large numbers of users refuse their consent, this can reduce the worth of tracking cookies. This could result in websites eliminating cookies that not deliver any worth. Whether the recent decline could be a trend or a blip remains to be seen. The next RISJ survey may show an additional decline, or a recovery if the tracking trade finds ways that to tackle the matter.

The report’s authors used webXray, an open source tool, to count cookies between April and July 2018. They acknowledge that some sites might block the tool, therefore “the true number of [third party cookies] on a given page is also higher.” Either way, each company that runs a website ought to be aware of the matter and be prepared to act.

#LessCookies #GDPR #GDPRLessCookies



GDPR – Challenge for Online Advertisement

0 Comments

The General Data Protection Regulation brought in by the European Union in may is meant to protect personal data within the age of the web and needs websites to hunt consent to use personal information, among alternative measures. The capability to trace web users that attract the many firms that harvest user information from websites with or without the approval of the site owner to create profiles of an individual client.

Concerns regarding GDPR ought to, however, profit Alphabet’s Google and Facebook as their loyal customers are additional possible to provide consent to hold on using sites, permitting the U.S. giants to stay amassing and analyzing huge amounts of GDPR-compliant information that advertisers can pay to use. GDPR poses a challenge to those teams because all of them would like consent to use the information. whereas sites usually request consent on behalf of the ad tech corporations they use directly, uncertainty over whether or not each link within the supply chain is GDPR-compliant is pushing some to depart Europe altogether.

Tremendous publishers like national newspapers are thinking that they will get profit yet charging from advertisers for online slots as they’re compliant with the new EU rules. Europe’s new data privacy law has put a small army of tech corporations that track individuals online and is strengthening the hand of big firms like Google and Facebook within the $200 billion global digital advertising trade.

It’s challenging for the digital ecosystem. From a begin nearly 30 years ago, the internet has become the most important advertising medium within the world as a result of it permits corporations to focus on consumers with ads based from their browsing history or comments. That personal information will then go through a lot of ad tech corporations before an organization or advertising agency bids at an auction for space on the website and an advert is loaded. The transfer of private information that risks breaking the new EU privacy law. That doubt regarding compliance is threatening the middlemen and publishers to rethink how they share their user information.

Google is additionally requiring publishers to secure consent when using its ad products on their properties. Marketers and partners conjointly need to currently use more of Google’s own services whereas Facebook has lost one million active users of European monthly. When GDPR needs by some users to avoid targeted ads to the modest revenue hit. In return to GDPR, asked by advertisers to verify the right consent to use any information from third-party brokers.

How long the initial impact of GDPR can last, though, isn’t yet clear as several customers bored with the constant permission pop-ups are simply giving consent to access sites. Prosecutors are however to bring any cases for information breaches. But GDPR has ramped up the speed of change in what has been such a fragmented business. “This quite consolidation is natural in most maturing industries,” Enders analyst Matti Littunen aforesaid. “GDPR has simply accelerated it.”



WhatsApp : Find Solutions To Track Fake News

0 Comments

The government seems to be extremely serious when it comes to regulating the operational method of International technology platforms. Besides, it has become more determined to stop the dissemination of fake news through India’s most popular chat platform WhatsAppIndia has told WhatsApp that the popular messaging service company ought to set up a local entity within the country, appoint a grievance officer, and come up with solutions to trace the origin of fake news.

Prasad aforesaid the WhatsApp chief operating officer had command out assurances about a grievance system for India and had additionally promised to work on technology to check the origin of fake messages. As Daniels had also shared issues concerning payment services that Facebook-owned WhatsApp planned to launch. He said as the Ministry of IT had already flagged its concern that the location of financial data in India to the RBI.

Therefore, Prasad also suggested three points. WhatsApp should have a grievance officer in India; the corporate should be compliant with Indian laws; and third, since WhatsApp is turning into a vital role in India’s digital story, it should have a correct company entity settled in India. As the Indian government wouldn’t appreciate a situation wherein any drawback or reason is “answerable to America only”. I have been assured that all these three things will be followed.
“The RBI is working on the guidelines and Daniels has assured me (that) WhatsApp will comply with whatever guidelines RBI comes out with,” he said.

Briefing this to the media after meeting with WhatsApp’s Chief executive Chris Daniels, Minister for electronics and IT, Ravi Shankar Prasad, aforesaid the corporate was conjointly asked to search out solutions to the challenge of messages that provoke crimes like mob-lynching and revenge porn. And Daniels is probably going to meet different government and business officers throughout his stay within the country.

#Whatsapp #whatsappfakenews



Beware from Momo challenge On Social Media?

0 Comments

Almost a year when the Blue Whale Challenge allegedly led to a number of suicides among teenagers across the world.
‘Momo’ is a new social media account on famous & well-known platforms that use a picture of a doll with monstrous features like massive eyes with a wide mouth to induce curiosity among youngsters, the report added. The artwork known as “Mother Bird” by Link factory is inspired by the work of a Japanese creator Midori Hayashi, who has no association with the challenge, according to officials.
This new game challenge is known as “Momo challenge” which is a suicide-inducing game being popular on WhatsApp where a disturbing image of a sculpture is being forwarded with many instructions for the teenagers to display extreme behavior in the kind of a challenge.

Firstly, this Momo Challenge started on Facebook by giving a challenged in which an individual has to communicate with an unknown number. It allegedly involves challenges that encourage youngsters to have interaction during a series of violent acts that end with suicide. As the initial contact is established with a user, after that several challenges and activities are sent by the Momo account that has to be completed to meet ‘Momo and If the individual refuses to follow the game instructions, then Momo threatens them with violent pictures. As the account seems to be connected with 3 numbers in Japan, Mexico, and Columbia.

This Momo challenge, viral on social media platforms, particularly on WhatsApp is allegedly connected to the death of a 12-year-old girl in Argentina, the Buenos Aires Times reported. The Argentina Police linkup the death of a 12-year-old to the momo challenge. As the girl recorded her activities immediately before the suicide on her phone. Authorities suspect somebody encouraged her to take her own life, the Buenos Aires Times reported. The officials are looking for the “adolescent with whom she exchanged those messages” and have issued a warning to the parents to observe the browsing activity of their youngsters.

As youngsters are deceived easily due to the lack of composure and knowledge at their age, that is sort of natural and hence, they’re quite vulnerable. Therefore, it’s the responsibility of parents that they ought to keep a vigil and constant eye on their children’s activities and try to talk to your child regarding these games and allow them to understand why these games are unworthy & dangerous to even indulge into. For instance, facebook messenger and different messengers can also be used as an access medium to target on your youngsters. So, try and make sure that your kid is chatting and talking with individuals known to you and any unknown contacts are traced to rule out any such possibilities.



Cyber & Malware Attack on Pune-based Cosmos Bank

2 Comments

Cyber Attack on Pune-based Cosmos Bank, Hackers managed to transfer over Rs 94.24 crore through a malware attack on the server of Cosmos Bank. On Tuesday, the Indian banking system went in shudders when the Cosmos Bank admitted that it fell victim to an international group of hackers who siphoned off a complete of Rs 94.24 crore in 2 cyber attacks on August eleven and August thirteen.

On Wednesday the National Payments Council of India (NPCI) blamed the Cosmos Bank’s “own IT environment” for the unprecedented cyber loot that left over the Pune-based bank poorer by Rs 94.42 crore. In a declaration, the NPCI’s Head Risk Management, Bharat Panchal, aforesaid “the NPCI’s systems are totally secure.

Therefore, the issue has occurred inside the Cosmos Bank’s own IT surroundings due to malware-based attack on the bank’s IT system that has a fraud. Panchal distinguished that Before the attack, the transactions are reported from outside India. He repeats that the systems of NCPI – the umbrella organization for operative retail payments and settlement systems in India were completely secure and it had been endlessly watching the case arising out of the Cosmos Bank episode.

Cybersecurity should be thorough and seamless, regardless or business size. Cyber-crime is unlikely to slow down, despite government efforts and input from specialists. Its growth is being driven by the expanding number of services available online

Having the right level of preparation and specialist assistance is vital to minimize and control damage, and recover from a cyber breach and its consequences.

#CyberSecurity # CyberAttack #CosmosBank



GDPR Compliance: Big Challenge for Many Indian Firms

0 Comments

Indian Business Firms are facing a big challenge to implement GDPR Compliance in their organization. According to the recent EY survey, most of the corporations in India are still struggling to comply with the EU’s GDPR. As GDPR brought in for data protection and privacy of individuals in May 2018. Over 63 % of respondent who are aware of the regulation and its necessities reported that they were non-compliant.

This embrace several large globally recognized organizations and key government entities, it said. The survey report disclosed that 76 % of organizations who take part in the survey, still comply with their own information governance policy; whereas 45% continue to struggle in their GDPR compliance journey.

IT/ITeS sector has taken a command in terms of its GDPR compliance and 31% corporations believe that they’re compliant, as they have taken a lead with 65 % property of this sector. This can be followed by automotive organizations out of that 23% think that they’re compliant with GDPR,” the survey aforesaid. Therefore, the survey also makes efforts to search out that the challenges which companies are going through in their GDPR compliance and getting satisfactory skilled resources and It is a prime roadblock in the journey GDPR compliance.

As more than 60 % of the organizations sighted these as the major challenge in performing GDPR compliance activities. The Lack of relevant tools & training and knowing of GDPR compliance and no internal support from leadership were some of the other reasons which were cited. In the fourth survey responders belonged to the firms that are offering goods and services in the EU, but still are unaware of GDPR and its impact. But, there is a good news too as 80% organizations are aware of GDPR have proactively started their compliance journey towards it.

Since, most of the firms are planning to raise their budget as they realize the requirement for privacy and surprising 70 % organizations, having more than 5,000 employees, are planning to raise their privacy budget in the coming year. Therefore, over 85% of the firms have raised their budget in last year and want to further improve it in 2018. The organizations who have covered this survey were spread across IT and ITes, healthcare, automotive, media and entertainment, banking and financial services; and the research was conducted between April-May 2018.

As Data Privacy Law is coming in our country and Draft already roll our last Month, so we need to be prepare more aggressively and pull our socks for up coming challenge.

#GDPRCompliance #GDPR



Right to be Forgotten – Data Privacy Law

0 Comments

What is “Right to be Forgotten” in Indian Data Privacy Law.

The B.N. Srikrishna Committee has an important significance on obtaining the agreement of an individual to process & can use the personal information. The committee said consent must be “informed”, “specific” and “clear”, and needs to be capable of being withdrawn as easily as it was given. Thus, there is no right to erasure of data in the proposed law, and the bill will be going through a parliamentary process of word and approval before it becomes law, and might be some changes has brought in.

Therefore, the Protection Bill of Private data in 2018, embrace a segment on “right to be Forgotten” but the projected bill doesn’t give the right to erasure. The Section 27 of the bill has listed out three premises in which an individual will have the “right to restrict or prevent continuing disclosure of personal data” or the right to be forgotten. This will be relevant, if data disclosure is no longer necessary, or the consent to use data has been withdrawn or if data is being used contrary to the provisions of the law. An adjudicating officer will determine the relevancy of one of the three scenarios.
The officer can also determine that the right of the individual to limit the use of her data over-rides the right to freedom of speech or right to information of any other citizen.

Every person shall have the right to seek removal of personal data from Data Controller –
(a) where personal data is no longer necessary with regard to the purpose for which it was originally collected or processed; or
(b) where the person withdraws consent; or
(c) where personal data has been obtained unlawfully; or
(d) where personal data is required to be erased in accordance with a legal obligation pursuant to a Court order.

The European Court of Justice (ECJ) ruled in favor of Mario Costeja González In 2014, a Spanish man who was sad to look out his name on Google threw up a newspaper story from 1998. In 2009 he approached the newspaper to get that article removed as he felt it was no longer relevant. The newspaper felt it was inappropriate to erase the article, and Gonzalez then approached Google to not throw up the article when his name is searched. ECJ asked Google to remove the inadequate or not relevant data from its search results. Therefore, the ruling came to be known as the “right to be forgotten” and has been strengthened in data protection laws and regulations within the EU, as well as in the EU’s General Data Protection Regulation (GDPR).

After the article for EU GDPR outlined the situation that EU citizens will exercise their “right to be forgotten”. The News Article gives individuals the right to get personal data erased under six conditions, including withdrawal of consent to use data, or if data is no longer relevant for the purpose it was collected. However, the request may not be entertained in some situations such as if the request contradicts the right of freedom of expression, or when it goes against the public interest in the area of public health or historical research or regarding statistical purposes.

#GDPR #DataPrivacy #RigtToBeForgotten



An initiative by TRAI for Personal Data

0 Comments

Are you suffering from pesky anonymous calls in India ? don’t know how your Mobile number and personal data like DOB and address are floating around ?

Nowadays in India, rules and regulation for the protection of personal data don’t seem to be sufficient for everyone. The regulator TRAI aforesaid while suggesting that consumers incline the correct to decide on and to be forgotten to safeguard their privacy.

Users of telecom services rarely know how abundant personal data they’re sharing, and how valuable that may be for a host of corporations and that is a problem. TRAI in a very set of recommendations to the department of telecom on data privacy aforesaid the existing framework for the protection of personal data and information of telecom consumers wasn’t enough.

Till such time a general data protection law is notified by the govt, the existing rules/ license conditions applicable to TSPs for protection of users’ privacy be made applicable to all the entities within the digital ecosystem.Sharing of information regarding data security breaches ought to be inspired and incentivized to prevent/mitigate such occurrences in the future.

The recommendations from TRAI come back at a time when there are rising concerns regarding privacy and safety of user information, particularly through mobile apps and social media platforms.

And therefore, this is one of the conclusions came across that the increased sensitivity towards the data protection and privacy, we tend to are in support of trai’s rules for the protection of personal data.



Data Privacy Law’s Impact on Indian Election System

0 Comments

What will be the impact of Data Privacy Law on our Existing election system?

The Draft Data Privacy Law suggested by Justice Srikrishna committee says processing sensitive personal data by the State without the consent of the individual can be done for the functioning of the Parliament or a state Legislature and for providing state benefits to individuals.

But as per my view publishing personal data online (on EC Website) without any checks throws the data sets open for third parties and could be used for harmful ends. One of the primary sources of data for political data analytics is the electoral roll that can be downloaded from the Election Commission website. e.g., the names of people in the voter list coupled with their gender, and house number could be used by the third person to find out where their target lives and possibly breach the privacy of any individual.

Protecting personal data and restoring control over its ownership and flow has also become imperative ahead of the 2019 Lok Sabha elections. Demographic data of the constituencies can be extracted from the electoral roll and used for targeted campaigns in elections via social media.

A study by the University of Oxford researchers on ‘Online Social Media Manipulation’ has found evidence of such campaigns in 48 countries, including in India. The study found that political parties and governments have spent more than half a billion dollars on the implementation of psychological operations and public opinion manipulation over social media.

Facebook, for example, has faced flak for its opaque data sharing practice, after personal data on the platform was used to obtain information on hundreds of thousands of voters globally, including 500,000 people in India.

The Srikrishna Committee’s report on data privacy and protection have not factored in the need to educate officials and create institutional capacity in complying with privacy norms.

We are also seeing the ambiguity to other public databases easily available such as the list of MGNREGA beneficiaries, land records, First Information Reports, and court records, which are currently not in conformance with the draft privacy bill.

#DataPrivacyLaw #Indianelectionsystem #election2019, #GDPR



India Catching Up On Anti Bribery Law

0 Comments

The anti-bribery and anti-corruption act as a serious threat to the sustained economic progress of developing and rising economies. bribery and corruption stay an enormous concern.

India has the anti-corruption legislation like the prevention of Corruption Act (“PC Act”) 1988, Prevention of money laundering Act, 2002, and therefore the Central Vigilance Act, 2003 to name some. Therefore, India has taken several new initiatives towards the corruption together with the amendments planned to the Proposed amendments as per pc Amendment Bill 2013 and suggestions of committee and Law Commission on Bill. These amendments have an offense of giving a bribe to a public official for achieving a business benefit and a strict liability for management participation in company offending, may impact non-public and public sector alike.

India and therefore the united states share a standard goal of fighting corruption, whether or not within the public or non-public sectors. each country has experienced too several instances of individuals taking advantage of their public or non-public positions to enrich themselves. In response to those considerations, anti‐corruption efforts within the U.S. and India are at an all‐time high, as is coordination among the U.S., India, and lots of different countries fighting corruption.

Corporate India is currently slowly taking steps in the right direction in principle however still not investing enough in practice. a good compliance set up would ideally include over simply a rise in budget allotted. it might involve the establishment of leading global practices, policies and procedures. it might conjointly concentrate on providing appropriate training sessions to sensitize staff across the board regarding the importance of complying with relevant laws.

What makes it imperative for India to possess an anti-bribery and corruption compliance program?

It helps to set the “tone at the top” and drive the proper culture in a very company.
The corporation has taken the good step in setting up the adequate procedures for anti-bribery and corruption programs.
It provides steering in terms of initiating and implementing a system that has to be followed and measurable benchmarks to be achieved.
Putting in place such a program makes it simple for the management to observe its effectiveness by using a list.
A centralized compliance program can address the risks related to numerous business units and merchandise, give stakeholders with relevant insights and change them to require preventive actions at the correct time.
The implementation for increasing day-by-day anti-corruption compliance program against defensive due to a violation of anti-corruption legislation.

Therefore, this report explores the importance of bribery and corruption management in India and highlights key aspects of such a compliance program. While India marches towards higher governance measures, it’s vital for firms to be proactive, keeping in mind the worldwide legal and business landscape that makes them prone to bribery and corruption.
#antibribery #anticorruption



Data Privacy Law GDPR Coming to India

5 Comments

Data Privacy Law or General Data Protection Regulations is the new Privacy Protection Regulation law which is going to be adopted soon by Organizations in India as the main purpose of the GDPR is to ensure that the privacy and personal data of every individual are steadfastly protected. It seeks to regulate the purpose for and the manner in which several entities, including governments, collect and process data about individuals using automated means data controllers.
India is behind in schedule to compared the advancements several western nations have made in privacy and data protection. This becomes a cause for concern when a regulation (such as the GDPR) sets the global standards for data protection. A situation where Indian companies are arm-twisted into accepting EU standards of data protection is undesirable but wholly possible given the flurry of activity following the GDPR. The data protection laws in India are poorly drafted and application of the same can raise serious questions taking into consideration.

India should take this chance to objectively examine how the GDPR is rolled out and the way it fares. So as to make sure that it creates a legislation that lives on, it should determine the core principles on that an information protection law are going to be found. With the divide between technology and therefore the law gaping wider with every passing day, India’s information protection law should aim to bridge any data gap between information users and data controllers. It should build in review mechanisms to make sure that controllers are command accountable, whereas at a similar time encouraging them to innovate voluntary best practices for privacy. They ought to learn from the GDPR and flesh out the rights for each individual has over her information as observed from the GDPR, India should not over-regulate, as this can be one of the surest ways that of creating a chilling effect on each technology as well as privacy.

It is vital to accept GDPR to the fullest, as GDPR lays heavy monetary penalties on non-compliant organizations. Accepting a privacy designed move can increase the organization’s awareness of privacy and information protection problems, and address vulnerabilities promptly.

Areas which require focus under the GDPR are:

1 Training and Awareness
2 Data process & Accountability
3 Notice and Consent
4 Cross-border information transfer
5 Third-party and seller management
6 Transparency of data and communication
7 Data security, storage, breach notification

Privacy and protection of an individual’s information is and will be the highest priority of the governing bodies and it’s time that we tend to devised regulative rules for an equivalent. That being aforesaid, it’s very imperative to revise the current state of information protection and privacy laws in India to safeguard personal information and data in a very rightful manner. Stronger information protection and governance laws are the necessity of the hour.

As concluded, GDPR will enhance the correct result by word and spirit, if the protection of information which measures by enterprises and empowers their customers, as well as businesses operative of different location, can also take over the GDPR standards as for data protection and privacy progressively becomes a worry.

#GDPR #DataPrivacy #GDPRIndia #BS10012 #PIMS #AAdhar #AAdharIndia #GDPRAAdhar



GDPR Impact on FB Advertisement Revenue

2 Comments

Last Night, we have seen the loss of around $119 billion in FB, as its stock price plummeted by around 19 percent, largest one-day loss in market value by any company in U.S. stock market history.

It could be due to Rollout of new European privacy law on 25th May 2018 GDPR in Europe for Personal Data Privacy, as FB is working hard on improving security controls and its Key advertising Market of EU is down due to Data privacy GDPR.

“As I’ve said on past calls, we’re investing so much insecurity that it will significantly impact our profitability,” CEO Mark Zuckerberg.

Facebook’s monthly active users were up 11 percent year-on-year, growth had fallen flat in the US and Europe, its key advertising markets. Europe’s fall was partly down to the rollout of GDPR, FB told investors.

As per my recommendation, it could be the temporary dip in the share price of Facebook, in coming days we can see the pullback in NASDAQ:FB stock and it can touch $200 mack again.

After Facebook failed to meet the revenue expectations can we see the similar trend with other like Google ? as google advertisement revenue can be impacted due to this law.

#GDPR #FaceBook #GDPR #FacebookGDPR #GoogleGDPR



GDPR: An Opportunity or Burden ?

0 Comments

Businesses these days are speedily accumulating information that identifies people. How that information is used and managed, and therefore the degree to that it protects individual privacy, varies greatly. With the GDPR, this may change.
New GDPR rules can protect the privacy of European residents and any businesses that deal with them. The hype that enclosed the introduction of the General Data Protection Regulation (GDPR) earlier this year directed a spotlight on the thorny issue of information privacy.

This is vital as loss of personal or work-related data may be a huge problem for businesses of any size or sector almost half of UK businesses have fallen victim to cyber attacks or security breaches within the last year, costing them every thousand of pounds, according to a UK government report. In essence, the GDPR is regarding protective and enabling the information privacy rights of people, handing power back to the data’s owner, whether it consists of location data, online identifiers like usernames, IP addresses or cookies, or different records.

The arrival of GDPR suggests that greater penalties for information loss are imposed, thus it’s essential that companies are compliant. However, recent information suggests that a lot of firms are still struggling with their compliance efforts. A poll by The Governance Institute (ICSA) shows that over three-quarters (78 percent) of organizations surveyed have found becoming compliant with GDPR to be “a heavy burden” on their resources. However, GDPR affects each organization, and little and mid-sized firms will fall victim to information breaches as much as the enterprise.
Having a business continuity and disaster recovery (BCDR) policy in place ought to be essential for any organization to protect client information from accidental loss or criminal information breach. However, within the case of GDPR, it ensures the integrity of the information and may facilitate firms get over a ransomware infection.

Being GDPR compliant needs understanding the information you hold, your policies and processes for managing that information and training employees to make sure they perceive and may adjust to these rules. Mapping out however information moves through the corporate and where it’s stored whether it’s in emails, CRM systems, cloud applications or on a backup appliance may be a good starting point. Once it involves defending against cyber-attacks and information breaches, human error is commonly an issue, thus educating your employees is crucial. Technology may be used to enforce consistent security policies across the organization.

Businesses should additionally make sure the ongoing confidentiality, integrity, and availability of process systems and services, likewise as having the vital ability to access personal information in a timely manner within the event of a physical or technical incident. With additional information being processed and keep, cyber threats continued to grow and with laws like GDPR being implemented, managing information is becoming increasingly complex for small businesses.

Non-compliance with the new regulation cannot solely cause reputational harm to an organization however additionally result in substantial fines. Within the coming months, case law and experience can shine a stronger light on exactly what the regulation means in reality.



GDPR Impact on Indian Market

0 Comments

General data protection regulation (GDPR) helps businesses differentiate themselves. However, the issues are growing over the way enterprises use consumer information for promoting, as current laws don’t provide any control over them. Thus, GDPR was born with a lot of demanding and prescriptive compliance challenges, backed by fines of up to 4% of a company’s annual world revenue. Alternative demanding rules include those pertaining to information breach reporting, an appointment of a compulsory information protection officer, and citizens’ right to be forgotten within the digital realm among others.

In the European Union’s (EU) GDPR envisages strict rules for handling personal information of users and specifies new protocols for handling and storing private information of users and specifies new protocols for handling and storing personal information, and sharing it with third parties. The rules also will apply to firms whose activities target data subjects within the EU. The definition of personal data currently explicitly includes location information, IP addresses, and identifiers like the genetic, economic, cultural or social identity of a natural person. People can have stronger rights over their personal information as the new rights include the correct to be forgotten, the proper to data portability, the right to object to identification. Consumer consent to process information should be freely given.

If the Indian corporations do not comply with the EU GDPR then flouting the rules will attract a finest approximate to 4-dimensional of an organization’s world annual revenue or €20 million, which is higher. Therefore, the Indian corporations ought to prepare for the EU GDPR by review their policies, procedures and existing privacy programmes; impart information privacy training to employees; and review or update contracts signed with third-party vendors, among different things. Besides, Indian corporations additionally got to evaluate how equipped they’re to deal with the audit method and use proper technology solutions to organize for a similar.

Therefore the conclusion regarding GDPR can strengthen the protection of information for enterprises and empower and for their customer. Businesses operative in different regions too can act to adopt the GDPR standards as information protection increasingly becomes a worry.



Walmart buys Flipkart – Big Discount eCommerce War ?

0 Comments

Walmart India buys 77% stake in Bengaluru-based Flipkart for $16 bn. World’s Biggest eCommerce Deal Done. It could be a win-win situation for Indian Online Buyers as we can see a fresh Discount war in Summer Vacation, As Amazon already Infuses $385.7 Mn(INR2,600 Cr) For Trade War with Flipkart-Walmart.

As data shared with the corporate affairs ministry. Amazon is pumping fresh capital into Amazon Seller Services, its India unit, to gear up for the trade war against domestic rival Flipkart-Walmart. Amazon Corporate Holdings and Amazon.com Inc have allocated $385.7 Mn (INR2,600 Cr) investment to the Indian marketplace unit.

We have already seen Fresh Investment of Rs 3,000 crore from SoftBank into Paytm Mall (backed by Alibaba)

As every online Marketplace want to put the hold on Indian e-commerce Market, it could be interesting to see how other players apart from Amazon and PaytmMall will see this movement and handle their existing customer base.

We can see fresh competition in Mobile Market and White Goods, it can also impact on our traditional Brick and Mortar, Hope our Indian Govt can put some hold on this and give some relief to our traditional businessman which is already feeling uneasy after demonetization and GST Release.

We can also see some fresh investment in e-commerce business in coming days as Indian Big Business families also eying on this.



Beware Data Theft through Android Mobile Apps

0 Comments

Once again India has picked out Chinese apps and listed them as spyware or Mobile Malware. Indian intelligence agencies have reportedly listed as many as 42 mobile applications that have the potential to carry out a cyber-attack against the country. Under a new advisory, the agencies have reportedly issued a warning to the Indian army and paramilitary against their usage. An India Today report posted the advisory letter in its website and the report reads out as: “As per reliable inputs, a number of Android/IOS apps developed by Chinese developers or having Chinese links are reportedly either spyware or other malicious ware. Use of these apps by our force personnel can be detrimental to data security having implications on the force and national security.”

The Home Ministry has come up with the advisory with inputs from several intelligence agencies like the Research and Analysis Wing (RAW) and National Technical Research Organisation (NTRO). Army personnel has been asked to immediately uninstall the 42 mobile apps as well as format their smartphones. It is not the first time that the Indian government has flagged Chinese apps under doubts of espionage. In 2016 itself, the center had issued another advisory which asked people to refrain from using Chinese origin applications as well as smartphones made in the neighboring country. Additionally, a while back, even some internet modems were listed with suspicion of malicious activities of the gadgets.

It is interesting to note that, of the more than 40 apps, most of them mentioned in the list are anti-virus or web browsing apps. The circular has advised that all the officers and personnel should not use the apps for both official and personal purposes.

Here are the apps that have been listed, according to the report: Weibo, WeChat, SHAREit, Truecaller, UC News, UC Browser, BeautyPlus, NewsDog, VivaVideo- QU Video Inc, Parallel Space, APUS Browser, Perfect Corp, Virus Cleaner (Hi Security Lab), CM Browser, Mi Community, DU recorder, Vault-Hide, YouCam Makeup, Mi Store, CacheClear DU apps studio, DU Battery Saver, DU Cleaner, DU Privacy, 360 Security, DU Browser, Clean Master – Cheetah Mobile, Baidu Translate, Baidu Map, Wonder Camera, ES File Explorer, Photo Wonder, QQ International, QQ Music, QQ Mail, QQ Player, QQ NewsFeed, WeSync, QQ Security Centre, SelfieCity, Mail Master, Mi Video call-Xiaomi, and QQ Launcher.
Meanwhile, TrueCaller has replied to the issue. It said: “In response to certain reports, we would like to clarify that we are a Sweden based company. We are not sure why the app is on this list, but we’re investigating. Truecaller is not a malware, and all our features are permission-based and are disabled by default.”