xIoTz | Managed Cyber Assurance Platform

Data Privacy in India: Facts and Laws

October 20, 2023

Table of Contents

Data Privacy Law in India

Data privacy is also referred to as information privacy. Data privacy is the branch of data management that deals with handling personal data in compliance with data protection laws, regulations, and general privacy best practices.

Data privacy concerns often revolve around:

  1. Whether or how data is shared with third parties.
  2. How data is legally collected or stored.
  3. Regulatory restrictions such as GDPR, HIPAA, GLBA, or CCPA.

Security is an important part of protecting data from external and internal threats but it also determines who can and will share digitally stored data plays a part of the control process of sharing data confidentiality with about other people, how and where that data is stored

Almost all countries around the world have introduced some kind of legislation on data privacy to meet the needs of certain industries or segments of the population.

Data privacy vs data security

DataPrivacy is not the same as data security. Data-privacy focuses on personal information of the user and how it is collected and stored. Data security refers to the protection of data from unauthorized access or breaches. 

For example, if an ecommerce website collects transmissions from its customers, its data privacy policy will specify how that data is collected and under what circumstances it can be shared and its data protection policy will tell employees if they have internal access to that data reducing the risk of a breach.

4 Types of Data Privacy

  • Online privacy

Websites often have privacy policies in place where they must clearly state why they want to collect and use your data. Therefore, users need to understand these policies in order to handle their data responsibly.

  • Residential Information Privacy

It covers matters relating to the cost of living and living of a citizen. When a citizen’s personal information is collected, it must be kept confidential and protected.

  • Medical Privacy

It protects the user’s medical information. Such information should not be disclosed to anyone other than the organization and the user. 

  • Financial Privacy

Financial Privacy refers to the collection of financial information by a website or organization. If this information is not properly stored and secured, hackers can use certificates fraudulently.

10 Data Privacy facts that may surprise you!

  1. There were more than 13.9 lakh cybersecurity incidents in India in 2022, according to government reports. 
  2. Data of over 100 million Flipkart, Airtel, Amazon, and Jiomart customers were sold on the dark web for $6,000. 
  3. Razorpay, an online payment gateway, lost 7.3 crore worth of funds in 831 transactions as hackers stole them.
  4. Google collects the location and browsing data from Americans and Europeans more than 70 billion times a day across both regions.
  5. On average, hackers target internet-connected PCs every 39 seconds.
  6. The average cost of one or personal data breach for SMBs is $108,000.
  7. 95% of cybersecurity breaches are due to human error
  8. On average, it takes 197 days to detect a data breach.
  9. 77% of enterprises do not have a cybersecurity incident response plan
  10. Most data breaches happen over email

4 Interesting Things About Data Privacy

Let’s Take A Look At Some Intriguing Data Related To Data Privacy In India: 

  1. Data Breaches Are on the Rise: According to the Indian Computer Emergency Response Team (CERT-In), there has been a significant increase in data breaches in recent years. In 2020, India witnessed a 300% increase in cyberattacks.
  2. Privacy Concerns of Citizens: A survey by Data Security Council of India (DSCI) revealed that over 87% of Indian consumers are concerned about their data privacy. This highlights the growing awareness of privacy issues among the general public.
  3. The Role of Mobile Apps: Mobile apps are a common source of data privacy concerns. According to Statista, in 2021, India had over 624 million smartphone users, making it a prime target for data-hungry apps.
  4. Financial Sector Vulnerability: The financial sector is particularly vulnerable to data breaches. The Reserve Bank of India (RBI) reported over 8,000 cybersecurity incidents in 2020, with the majority affecting the banking sector.

Data Protection Laws in India

  • The Digital Personal Data Protection Act 2023

On August 9, 2023, India passed a data protection law that will govern how entities who process users’ personal data. The Digital Personal Data Protection Act (“the Act”) will establish guardrails for how organizations should handle personal data and offers citizens control over the personal data gathered for them.

  • The Information Technology Act, 2000

This act includes provisions related to data disclosure and the failure to protect data. Specifically, Section 43A stipulates that if any corporate body is negligent in maintaining reasonable security practices, resulting in wrongful loss or gain to any person, they are liable to compensate the affected party.

  • The Personal Data Protection Bill, 2019

This bill aims to establish a comprehensive framework for personal data protection in India. Furthermore, it introduces concepts like ‘data fiduciary’ and ‘data processor’ and includes provisions for collecting, storing, and processing personal data.

Common Warning Signs of a Cybersecurity Attack

  • Monitor unusual behavior for system irregularities.
  • Investigate suspicious files or malware promptly.
  • Regularly review network communication patterns.
  • Keep anti-virus and anti-malware programs updated.
  • Run scans to identify missing patches and security risks.
  • Check your credit rating for indications of fraud.

Protecting Your Company from a Cybersecurity Attack

  • Encrypt Critical Data 
  • Update Anti-Virus and Anti-Malware Software 
  • Set appropriate access controls and employ multifactor authentication 
  • Establish and communicate a security governance structure 
  • Implement Network Monitoring Tool (IDS) 
  • Educate Users and Create Awareness


Data privacy is like keeping secrets on the internet. It means handling sensitive personal data in the right way, following rules and being careful. We worry about things like who gets our info, how it’s collected, and following laws like GDPR and HIPAA. 

Data privacy is different from data security, which is about stopping bad guys from getting our info. Countries make laws to protect people’s info, and we need to follow the rules on websites too. We should know and follow privacy rules when we use apps and websites. 

There are many cyber problems happening, like hacks and leaks, so we must be careful. In India, more and more people worry about their safety. Mobile apps and banks need to be extra careful too. India has made laws to protect people’s info, and we all need to be smart about keeping our data safe online.

Related Blogs:

Cyber law in India

Understanding Cyber Law : Protecting Digital Rights 

Cyber safety in the age of social media

Related Terms:

Cyber Safety 

Cyber Awareness

Cybersecurity culture

Quick Links:

For Career Opportunities

For Partnership Opportunities

For a Live Demonstration

Explore our Blogs

Posted in AwarenessTags: