Page 344 - Web_Application_v2.0_C12_Fb
P. 344
Ð ÐThe Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal
Data or Information) Rules, 2011 are a set of regulations in India designed to ensure the protection
of sensitive personal data. These rules are part of the Information Technology Act, 2000, and outline the
responsibilities of organisations in handling such data.
Ð ÐThe Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016
is an Indian law aimed at streamlining the distribution of government subsidies, benefits, and services by
using the Aadhaar number as a unique identity. Aadhaar is a 12-digit identification number issued by the
Unique Identification Authority of India (UIDAI) based on biometric and demographic data.
Data privacy in India is regulated by the Personal Data Protection Bill (PDPB), introduced in 2019 and currently
under government review. This bill seeks to create a detailed framework for safeguarding personal data
in the country. It specifies guidelines for companies on managing personal information, defines the rights
individuals have concerning their data, and addresses protocols for handling data breaches.
4.3 DATA SECURITY
Data security is the practice of protecting digital information from unauthorised access, misuse, or
disclosure. It involves securing personal details like names, addresses, and passwords against hackers and
cyber threats. Data security utilises a combination of strategies, technologies, and processes to safeguard
sensitive information while maintaining its confidentiality, integrity, and availability. Below are the essential
elements of data security:
Ð ÐConfidentiality: Maintaining confidentiality involves restricting data
access solely to authorised users or systems. Techniques such as
encryption, implementing access controls, and organising data
through classification help achieve this.
Ð Ð Data integrity: Ensuring the accuracy, consistency, and reliability of data at
every stage of its lifecycle is vital. Measures to maintain data integrity include
the use of checksums, digital signatures, and data validation techniques, which
help identify and prevent unauthorised alterations.
Ð ÐAuthorisation: Access permissions should be assigned based on users’
roles, responsibilities, and trust levels. Authorization systems manage and
regulate the actions users are permitted to perform on certain data or
resources.
Ð Ð Encryption: Encryption is a security technique that transforms readable data
(plaintext) into an unreadable format (ciphertext) using an algorithm and an
encryption key. This process ensures that only authorised individuals with
the correct decryption key can access the original data. Encrypted data is
meaningless if captured by attackers.
342 Touchpad Web Applications (Ver. 2.0)-XII

