Data Security is Key! Real-Time Payment is Changing Towards Digital Payments in India
The mass adoption of Digital payment systems has contributed to an environment in which many consumers, merchants, and financial institutions come to Indian market and it connect Rural areas to cities in a single platform.
Digital payment helps people to be able to pay friends and customers, settle bills, and transfer money at the fingertips. Digital Payment is no longer new — cash is an immediate payment transaction instrument after all the growth .The number of such services has grown over the years and the government is also taking all efforts to regulate them so that users are protected from any risks. This new standard is a big change for traditional payment types of “Digital payment” options which has helped build a new standard among Indian consumers.
The Government of India has launched “Digital India” campaign on 1 July 2015 through its Prime Minister, Narendra Modi, making the country digitally empowered in the field of technology.
After demonetization in India, the banking and financial transactions have seen a wide change in the way people make payments, which are majorly due to the use of online payment gateways such an UPI . This has become even more convenient with the use of Mobile apps.
The e-commerce has laid a strong requirement along with many others, which have made many people not just trusting these apps but frequently use them. The online payments which required the use of credit card or debit card details are now replaced with these Mobile wallets which keep their own balance and directly make payments without having to look for additional information. Mobile Wallet is driving the growth of real-time payments but the security of transferring money and the rule is the measuring key to avoid fraud and cyber-attacks.
Data Protection and Data Privacy Law In India.
The Minister of Electronics and Information Technology (MEIT), as the recommendations on the draft Data Protection Bill are ready in India since August 2017, the Srikrishna Committee’s objective of the Data Protection Bill has been to ensure the growth of the digital economy of the country.
AS INTRODUCED IN LOK SABHA Bill No.100 of 2017 THE DATA (PRIVACY AND PROTECTION) BILL, 2017 by SHRI BAIJAYANT PANDA, M.P. Measure Key Focus on:
❖ CHAPTER II
Right to Privacy And Data Protection
❖ CHAPTER III
Methods and Principles Of Data Collection And Protection
❖ CHAPTER IV
Transfer, Storage and Security of Personal Data
❖ CHAPTER VI
❖ CHAPTER VII
Data Privacy and Protection Authority
❖ CHAPTER IX
Highlighting of Transfer, Storage and Security of Personal Data under CHAPTER IV.
1. Prohibition on Sharing of Personal Data.
No personal data shall be shared in contravention of the provisions of this Act.
2. Retention of Personal Data.
No personal data shall be retained after the achievement of purpose for which it was collected and has been duly completed up to the satisfaction of all parties:
Provided that nothing in this section shall apply to databases of sensitive personal data duly established by the Central Government or State Government, as the case may be.
3. Prohibition on Storage of Personal Data.
No person shall store any personal data of another person for a period longer than necessary to achieve the purpose for which it was collected or received, or, if that purpose is achieved or ceases to exist for any reason, for any period following such achievement or cessation.
Save as provided in sub-section (3), any personal data collected or received in relation to the achievement of a purpose shall, if that purpose is achieved or ceases to exist for any reason, be destroyed forthwith.
The person to whom it pertains grants his consent to such storage prior to the purpose for which it was collected or received being achieved or ceasing to exist;
It is required to be stored for historical, statistical or research purposes under the provisions of an Act of Parliament: Provided that only that amount of personal data that is necessary to achieve the purpose of storage under this sub-section shall be stored and any personal data that is not required to be stored for such purpose shall be destroyed forthwith.
4. Transfer of Personal Data to Third Parties.
Any transfer of personal data to a third party shall be done pursuant to taking express, affirmative consent under Section 16 of this Act and after adequately informing them of the ramifications thereof in a comprehensive manner the requirements specified under Section 7 of this Act: Provided that any transfer of data to third parties shall be done only after ensuring that the third parties' privacy policies and security standards are in no way less privacy preserving than that of the transferring party.
5. Cross-border Transfer of Personal Data.
Any cross border transfer of personal data shall be done pursuant to taking express, affirmative consent under Section 16 of this Act and after adequately informing them of the ramifications thereof in a comprehensive manner the requirements specified under Section 7 of this Act: Provided that any cross border transfer of data to any entity or person outside the territory of India shall be done only after ensuring that the privacy policies and security standards followed by such entity are in no way less privacy preserving than those prescribed under this Act.
The Data Protection Officer shall— (a) act as an independent person; (b) address requests, clarifications or complaints made in writing, including through electronic form, by any aggrieved person or legal representative thereof; (c) take steps to initiate an inquiry and commence proceedings within seven days of receiving the complaint; (d) resolve the matter within ninety days of receipt of complaint; (e) recommend the data controller or processor to take action; and (f) record the proceedings, the results thereof and the reasons for arriving at the decision in writing.
7. Notification of Breach
It shall be the duty of the data controller and data processor, as the case may be, in case of any breach, unauthorized access, destruction, use, processing, storage, modification, de-anonymisation, unauthorized disclosure (either accidental or incidental), or other reasonably foreseeable risks of personal data, to notify to the person who is the subject of such personal data as well as the Authority and take adequate steps to mitigate any harm or damage of the data security breach within seven days.
8. Security Protocol.
It shall be the duty of the data controller and processor, as the case may be, to maintain adequate security measures and safeguards in accordance with the nature and form of security protocol as notified by the Central Government in consultation with the Authority, from time to time.