'Providing personal information and sensitive data is a necessary evil'

Font Size

Print

Feedback

Email

Discuss

Related Articles

Gold the most preferred investment

: Sivarama Krishnan, executive director, Business Solutions, Pricewaterhouse Coopers, spoke with Abhay Rao of The Financial Express about identity theft in Indian and why is it a threat we should watch out for. Excerpts

How does identity theft in India occur? Is it something we should be worried about?

In India, people are very careless when it comes to privacy and personal information. We give out our address and phone numbers to shops, restraints etc, which is unnecessary and careless on our part. Identity theft can occur in multiple forms. One of the main areas of concern and places via which identity theft occurs is, through service providers who have our personal information.

In credit cards and banks, if someone hacks the database and steals personal and sensitive data put up, they are at a major risk. While this is a large worry in most countries, in India this is the smallest thread to be worried out, mainly due to the ease with which we part with information in any case. The recent Kingfisher Airline fiasco or people buying mobile connections with false credit cards and incorrect details are a clear example of the lack of awareness and security in these areas. Here the state of mind is not that of guarding your personal details and information. Identity thefts have never really come into the limelight before, as though there are a large number of such cases that occur, very few are ever reported. In India, the opportunities to misuse data and garner other identities is very large, and hence this is something that we should be aware of and worried about.

Why is there such poor reporting of identity theft cases?

Under which laws can you report an identity theft? There is no recourse for people here but to let such things go or maybe complain to the involved organisation, like banks or credit card providers at the most. The law in India does not see most of these cases as identity theft to begin with. A simple thing like acquiring credit cards is also overlooked as an identity theft. These cases are not classified or sensitised as an issue of identity theft. We treat these as frauds and do not go back to the root cause of the fraud, and say this is an identity theft to begin with.

Till these basic things are taken care of, one cannot hope to control identity thefts in India.

Do you think anti-phising and data protection softwares that claim to protect you against identity theft actually work?

Currently, if one sits to analyse all the people who have access to data that should be concerned private and sensitive, it is mind-boggling to say the least. In the internet world the minute one starts financial transactions online, their service providers have the ability to trace your movements at every step of the way. Applications that protect you from falling prey to identity theft currently help you reduce the traces you leave behind on the internet. However, they cannot completely eliminate the information you had provided, since, your service provider and your computer will always have that data stored. Still, I do feel that such software's will help you reduce the risk of middlemen from gathering your personal information and using it to their advantage.

What can one do about the prevailing situation of identity thefts in India? How can one safeguard themself from such threats? What do you feel about identity insurance in India?

Providing personal information and sensitive data is a necessary evil, especially in India. Here, personal information is always exchanged, be it on the internet or otherwise. Thus identity theft risks cannot ever be altogether eliminated. However, if our legislation minimises the usage and storage of personal information, things should improve. There needs to be specific norms regarding what service providers who are is possession of such information can and cannot do, or whom can they share it with, if it all. These laws are internationally accepted, however, they have not yet been passed in India. The IT acts amendments have been lying in the parliament for 2 years now.

Do not give out unnecessary information anywhere, be it shops who ask you for your address or suggestion forms which want your contact details. After all, one cannot ascertain as to how this data will be treated or protected if it at all. Personal information of others too is given out so freely in India, which is something we should inherently guard ourselves against. Every service provider who requires your personal information will have clauses regarding their data sharing norms, and, one should be sure to read through them before giving out any information. Spreading of awareness as was done in the case of phising is needed, as, this should guard more people from giving out their personal data.

Also, people need to report all such instances to consumer courts, so that something concrete is done about this soon.