Page 344 - Web_Application_v2.0_C12_Fb
P. 344

Ð ÐThe Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal
                 Data  or Information) Rules, 2011 are a set of regulations in India designed to ensure the protection
                 of sensitive  personal data. These rules are part of the Information Technology Act, 2000, and outline the
                 responsibilities  of organisations in handling such data.

              Ð ÐThe Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016
                 is an  Indian law aimed at streamlining the distribution of government subsidies, benefits, and services by
                 using  the Aadhaar number as a unique identity. Aadhaar is a 12-digit identification number issued by the
                 Unique Identification Authority of India (UIDAI) based on biometric and demographic data.

              Data privacy in India is regulated by the Personal Data Protection Bill (PDPB), introduced in 2019 and currently
              under government review.  This bill  seeks  to create  a detailed  framework for  safeguarding personal  data
              in the country. It specifies guidelines for companies on managing personal information, defines the rights
              individuals have concerning their data, and addresses protocols for handling data breaches.

                4.3  DATA SECURITY


              Data  security  is  the  practice  of  protecting  digital  information  from  unauthorised  access,  misuse,  or
              disclosure. It involves securing personal details like names, addresses, and passwords against hackers and
              cyber threats. Data security utilises a combination of strategies, technologies, and processes to safeguard
              sensitive information while maintaining its confidentiality, integrity, and availability. Below are the essential
              elements of data security:

              Ð ÐConfidentiality: Maintaining confidentiality involves restricting data
                 access solely to authorised  users or systems. Techniques such as
                 encryption,  implementing  access controls, and organising data
                 through classification help achieve this.





                                        Ð Ð  Data integrity: Ensuring the accuracy, consistency, and reliability of data at
                                            every stage of its lifecycle is vital. Measures to maintain data integrity include
                                            the use of checksums, digital signatures, and data validation techniques, which
                                            help identify and prevent unauthorised alterations.






              Ð ÐAuthorisation:  Access permissions  should be  assigned based  on  users’
                 roles, responsibilities, and trust levels. Authorization systems manage and
                 regulate the actions users are permitted to perform on certain data  or
                 resources.







                                         Ð Ð  Encryption: Encryption is a security technique that transforms readable data
                                            (plaintext) into an unreadable format (ciphertext) using an algorithm and an
                                            encryption key. This process  ensures that  only authorised  individuals with
                                            the correct decryption key can access the original data.  Encrypted data  is
                                            meaningless if captured by attackers.


                342   Touchpad Web Applications (Ver. 2.0)-XII
   339   340   341   342   343   344   345   346   347   348   349