The government of India is all set to implement a new law called the Digital Private Data Protection Act, 2023 (DPDP). This law is dedicated to safeguarding the personal details of citizens. This act regulates how companies collect or store and use personal data. This implementation will protect information that is directly connected to the individual, such as their name, address, or phone number.
In a recent move, the government and law enforcement agencies are taking strict action against the unauthorized use of Personally identifiable information (PII).
The Union Home Ministry, through the Indian Cybercrime Coordination Centre (I4C), is specifically cracking down on unauthorized use of Permanent Account Numbers (PAN) and has directed the shutdown of any unauthorized use of PAN by fintech and other consumer technology companies, according to three sources quoted by ET.
“This was known as a ‘Pan enrichment’ service, which would help loan distribution companies create a profile of their customers against their Pan numbers, for cross sell of credit and other financial products,” said a top executive at a fintech firm on the condition of anonymity. “Sometimes this data was also used to cross-check the details put in by the customer in his or her application form,” he added.
---Advertisement---How Was The Data Misused By Big Companies
Some industry insiders exposed how many companies use the PAN number of the customer. These Companies would save the PAN number of a customer when they provide it, and use the Income Tax department’s backend systems to access the customer’s full name, address, phone number, and many such details. As the PAN card number is linked to credit reports of consumers, it becomes very sensitive information.
Although it is not a case of data leakage, it was still unauthorized usage of the backend system of the Income Tax department.
“There has been no disruption in the authorized service, which is through the National Securities Depository (NSDL), where they do not share any personal data against the PAN number but just say whether the details provided match with their database,” the executive added.
Reports say that these services have been facing disruptions for the past few weeks as most of these unauthorized services are being shut down after government intervention.
Bigger Plans By The Government
The reports also suggest that these could be part of the government’s bigger plan. These strategies might include plans for shutting down any unauthorized access to PII of Indian citizens. This will come under scrutiny post the notification of the data protection rules.
The DPDP Act of 2023 specifically makes it mandatory that citizen data can only be used after taking due consent and through authorized channels only.
“After the Supreme Court judgment on Aadhaar, the rules around access to this database had gotten codified and formalized; now the government will crack down on every unauthorized access to any government database,” the executive said.
Industry insiders also suggest that this government move could be a step to clean up all the systems before the strict data protection rules come into effect.
