Role of Media

Media & Internal Security

Media role in internal security can be analyzed

from the prism of news, views and issues. How
it presents them to the populace can help either
in strengthening or weakening of the basics of
internal security.
 Role of Media

● Source of information: Information is important for a safety of a nation and its

growth. Media help in providing critical information to citizens.
■ E.g media inform about any attack, or about any warning by state for its
citizens etc.
● Educate: Media is important to educate people on security issues that are of
utmost important for the society.
■ E.g Loopholes in police system are threat to society. It is important to report
exact number of cases and help in sensitising the society.
● Awareness: Media make society aware of propagandas and fake news that are
used to spread panic and an environment of insecurity among citizens.
● Watchdog: Media reporting on public affairs and investigations into wrongdoing in
the administration of public affairs is must for a healthy democracy.
■ E.g: 2G, CWG scam
 Role played by Indian Media

● It has helped in bringing out the correct information regarding issues of naxalism, the
ineffectiveness of the policies pursued and thus helping in course correction.
○ It has fought tooth and nail against policies like that of Salwa Judum, which might have long
term repercussions on national integration.
● It has highlighted the issues of displacement, inequitable growth, rising inequalities, forcible
acquisition of land and other resources etc, which if not handled may become security threats in
long term.
● Many a times it has brought out the reports of lapses in governments preparedness related to
internal security and thus bringing accountability.
● In India, media has played great role in highlighting the issues of human rights violation by
security forces, absence of latest arms and technologies with police forces and thus creating a
public opinion against such lapses.
● It has helped in building resilience against any kind of efforts by ISIS to spread roots in India by
creating a popular opinion against it.
 Issues

● TRP issues
● Yellow journalism
● Dissemination of unverified news
● One sided information
● Breaking News
● Amplifying fear factor
● Live telecast of sensitive information
○ During Mumbai terror attacks, TV channels live telecasted operations by security forces
● Blowing news out of context
● Irresponsible individuals on sensitive issues
Paid News:
• It is one of the most serious challenges to media. It is fundamental ethical media to be truthful and fair
since a vast number of people will eventually see it and shape their opinions based on it

Possible Solution:
• Awareness should be there in viewers to identify which journalist propagates one-sided view and does
not identify the key issues at present. Thus paid news can be identified easily by way of targeted
advertisements or sponsorships or targeting any specific community of the society. Hence viewer s
education is a must to deal with this problem.

Media Trial:
• A media trial is a trial similar to a court of law in which the media house declares an individual innocent
or guilty before the court's final judgment based on debates and discussions. Additionally, it results in
the formation of beliefs in the minds of individuals, thus impacting the case's meritocracy. The media
trials were visible in the Jessica Lal murder case and the Sushant Singh Rajput drug case, among others.

Possible Solution:
• Self Regularisation of Media channels by way of ethical codes put forthwith by The News Broadcasting
Standards Authority (NBSA) should not only be limited to fines or reprimand but also strict legal actions
against the TV channel by suspending them for a temporary period or criminally charging them in the
court of law should be implemented. Repeated offenders of such media channels should also face strict
action by the Press Council of India; although it does not have much power at present but more power
should be given to such kind of bodies.
A Handful Ownership of Media:
• Transparency in the inner workings of Indian media organisations is diminishing resulting in the jeopardization of
the media's reputation.The majority of Indian media outlets are owned/ operated either by politically connected
individuals or businessman having their political influence inclined towards one political party. For instance,
Subhash Chandra, a BJP Member of Parliament, owns the Zee Network, which includes the channels Zee News,
Wion, and others
Possible Solution:
• According to the European Broadcasting Union (EBU), it was seen that the countries with functioning public media
have greater press freedom and less corruption. Thus, establishing a public funding mechanism for the media can
be a step towards enhancing media freedom.

Attack on Journalist:
• With the rising hate crimes and threat calls faced by a journalist in today s era becomes a very serious issue for the
media industry to provide fair reporting in any subject matter especially after the death of Gauri Lankesh - news
reporter; hence it becomes an impediment for the current lot of journalist to provide fearless journalism.

• Therefore in any large scale democracy; dissent is the safety valve of the democracy as said by Justice
Chandrachud; but still these ground reporters are faced by NSA (National Security Act), UAPA (Unlawful Activity
Prevention Act) wherein they have to face serious legal issues. An example being the Uttar Pradesh incident of
ground reporting showing the incompetence of Mid-day meal schemes of state government wherein the reality
was as shocking as reported by the media person.

Possible Solution:
• (Independent Judiciary + Independent Media + Citizen Awareness) are the key to tackle such issue legally. Media is
the fourth pillar of democracy which needs to complement such issues raised by the public or judiciary at various
point of time impartially and not become just a mere spectator or puppet for the government.
Lack of Diversity in Reportage:
• There are 800 television channels in India, as well as 36,000 weekly magazine publications and
thousands of web portals. On the surface, there is a dearth of variety in news coverage as a result of the
'tyranny of distance'.

For instance, many remote areas, such as the northeast, south India, and tier-3 cities, receive little
coverage in the national media. With such impediments to journalistic freedom, it is important to
consider the strength of the fourth pillar of our democracy's base.

Possible Solution:
• Promoting independent journalism which is free from external political influences by increasing their
watch time and financially supporting them at our end; for example, Schoop Whoop Unscripted, Quint
and other regional media houses have a long way to go in our future journalism industry.
 Role and Responsibilities of Media during Terrorism

● Access to the site of events should be provided only with the consent of law
enforcement officers responsible for communication with the media, under their
reliable protection and only if all participants are guaranteed safety.
● Actions of media representatives should not endanger the lives of victims
(hostages) and other persons.
● Direct interviews with terrorists and their hostages should be prohibited.
● The media have no right to transmit information that could damage the
course of the hostage rescue operation.
● The media should not broadcast or publish terrorist claims without the
permission of authorised persons.
● Incident coverage should be objective.
 Role of Media during Terrorism

● The media should commit themselves to refrain from sensational and panic-
inducing headlines, as well as from the constant reproduction of bloody
photographs (and bloody images on TV).
● When covering terrorist attacks, the media should take into account the feelings
of hostages, other victims, their relatives.
● A “Code of the press” i.e. some general principles should be established
 What Should be done

● The reasonable restrictions on freedom of speech must be treated as sacrosanct by

media houses and must be self-adhered.
● The media houses must evolve their own code of ethics and self regulation mechanisms
through which actions against those acting against the interest of the national security can be
taken.
● Governments must also be proactive and must continuously provide immediate,
accurate and reliable information so that public is not influenced by sensational and biased
news reporting.
● Media houses must also strengthen their local networks so that they can provide actual
ground reports, can provide information in local languages because at present there exist a
gap between local and national news which should be bridged.
● With emergence of multiple sources of information the credibility of information is lost. This
aspect must be taken care of because credibility is of paramount importance for media.
Fake News
• Misinformation and disinformation spread in media is becoming a serious social
challenge. It is leading to the poisonous atmosphere on the web and causing riots and
lynchings on the road.
• In the age of the in WhatsApp, Facebook, Twitter. it is a serious problem as rumours,
morphed images, click-baits, motivated stories, unverified information, planted
stories for various interests spread easily among 35 crore internet users in India.
Government
Response

• On 2 April 2018, the government amended

the ‘Guidelines for Accreditation of
Journalists’, to tackle fake news across
media by providing for cancellation of
accreditation of journalists even before the
completion of proposed 15-days inquiry.
• It was withdrawn in fifteen hours after
protests by media for being authoritarian.
 • The current response to fake news primarily
revolves around three prongs
Current • Rebuttal
Removal of the fake news item
Strategy
•
• Educating the public.
 Laws and Regulation to Curb Fake News in India

● Press Council of India can warn, admonish or censure the newspaper, the news
agency, the editor or the journalist or disapprove the conduct of the editor or the journalist
if it finds that a newspaper or a news agency has violated journalistic ethics.
● News Broadcasters Association (NBA) represents the private television news and
current affairs broadcasters. The self-regulatory body probes complaints against
electronic media.
● Indian Broadcast Foundation (IBF) also looks into the complaints against contents
aired by channels.
● Civil or Criminal Case for Defamation is another resort against fake news for
individuals and groups hurt by the fake news - IPC Section 499 (defamation) and 500
 Laws and Regulation to Curb Fake News in India

● Broadcasting Content Complaint Council (BCCC) admits complaints against TV

broadcasters for objectionable TV content and fake news.
● Indian Penal Code (IPC) has certain sections which could curb fake news:
Sections 153 (wantonly giving provocation with intent to cause riot) and 295
(injuring or defiling place of worship with intent to insult the religion of any class) can
be invoked to guard against fake news.
 Way Forward

● Any future legislation to curb fake news should take the whole picture into
account and not blame the media and go for knee-jerk reactions; in this age of
new media anyone can create and circulate new for undisclosed benefits.
● Countering content manipulation and fake news to restore faith in social media
without undermining internet and media freedom will require public education,
strengthening of regulations and effort of tech companies to make suitable
algorithms for news curation.
● Italy, for example, has experimentally added ‘recognizing fake news’ in school
syllabus.
● India should also seriously emphasize cybersecurity, internet education, fake
news education in the academic curriculum at all levels.
 Way Forward

● Internet shutdowns are often used by the government as a way to control social media
rumours from spreading.
● In Kannur, Kerala, the government conducted fake news classes in government
schools.-
● The government is planning to conduct more public-education initiatives to make
the population more aware of fake news.
● Fact-checking has sparked the creation of fact-checking websites in India to counter
fake news.
● Ideas such as linking Aadhaar to social media accounts have been suggested to the
Supreme Court of India by the Attorney General.
Social Media
 Internal Security

● Cyber Terrorism
● Fraud
● Criminal Activity and Money laundering
● Propagation of Mob logic Eg: Referendum - Brexit
● International users influencing intra national events Eg: Arab Spring
● Communal Violence and Fanning Tensions
● Virtual Community
● Hacking
 New Risk - False Information

The rapid spread of false information through social media is among the emerging risks
identified by the World Economic Forum in its Global Risks 2013 report
2012 North East Violence
Muzaffarnagar Riots,2013
Delhi Riots, 2020
2020 Palghar mob lynching
 Challenges in Monitoring Social Media

● Server Location and Laws of Different Countries: Lack of Geographical Boundaries

makes social media regulation an arduous task. Major Complicating Factors to secure
the networks and Media Much of the hardware and software that make up the
communications ecosystem is sourced externally.
● Encrypted Message: Use of phones/whatsapp to send and receive messages,
concerns the government because the communications sent via such devices and
applications are encrypted and could not be monitored and consequently hinders the
country's efforts to fight terrorism and crime.
● Complicated Networks: The task of securing the networks is also complicated by the
fact that much of the infrastructure is in the hands of private companies who see
measures such as security auditing and other regulations and frameworks as adding to
their costs. Source of Origin is difficult to find out.
 Challenges in Monitoring Social Media

● Social Media and Legal Issues: Social media as a phenomenon has grown by leaps
and bounds and with the passage of time the Information Technology Act, 2000, is not
capable of effectively addressing the legal, policy and regulatory concerns generated by
the use of social media in India. The questionable use of Article 66A of this act, which
now stands revoked after a ground breaking decision by the Supreme Court of India in
2015 for upholding values of liberty and freedom, the two pillars of democracy
● Privacy concerns related to internet monitoring - The way in which the internet
allows data to be produced, collected, combined, shared, stored, and analysed is
constantly changing, and the need for redefining personal data and what type of
protections personal data deserves and can no longer be a given
 Use of Social Media by Terrorist Organizations

● In Recruitment from other countries

● In Name of religion
● Targeting Women
Way Forward
 Way Forward

● Social media analysis generated intelligence or SOCMINT is being developed as a

successful model in many countries abroad to isolate hotspots or subjects that go viral
and is used as a predictive tool.
● The Mumbai Police has launched a project called “Social Media Lab”, the first of its
kind in the country.
○ The lab would monitor relevant information from Facebook, YouTube, Twitter, as
well as all other open sources in the public domain.
 Way Forward

● Internet shutdowns are often used by the government as a way to control social media
rumours from spreading.
● In Kannur, Kerala, the government conducted fake news classes in government
schools.-
● The government is planning to conduct more public-education initiatives to make
the population more aware of fake news.
● Fact-checking has sparked the creation of fact-checking websites in India to counter
fake news.
● Ideas such as linking Aadhaar to social media accounts have been suggested to the
Supreme Court of India by the Attorney General.
Satyamev Jayate
• On February 25, 2021 the Centre framed the Information Technology (Intermediary Guidelines and
Digital Media Ethics Code) Rules 2021, in the exercise of powers under section 87 (2) of the
Information Technology Act, 2000 and in supersession of the earlier Information Technology
(Intermediary Guidelines) Rules 2011.
• Overview of the New rules:
• It mandates a grievance redressal system for over the top (OTT) and digital portals in the country.
This is necessary for the users of social media to raise their grievance against the misuse of social
media.
• Significant social media firms have to appoint a chief compliance officer and have a nodal contact
person who can be in touch with law enforcement agencies 24/7.
• A grievance officer: Social media platforms will also have to name a grievance officer who shall
register the grievance within 24 hours and dispose of it in 15 days.
• Removal of content: If there are complaints against the dignity of users, particularly women – about
exposed private parts of individuals or nudity or sexual act or impersonation etc – social media
platforms will be required to remove that within 24 hours after a complaint is made.
• A monthly report: They also will have to publish a monthly report about the number of complaints
received and the status of redressal.
• There will be three levels of regulation for news publishers — self-regulation, a self-regulatory body,
headed by a retired judge or an eminent person, and oversight from the Information and
Broadcasting Ministry, including codes of practices and a grievance committee.
• What happens in case of non-compliance?
• Social media giants such as Facebook, Twitter, Instagram and WhatsApp
messenger could face a ban if they do not comply with the new Information
Technology rules.
• They also run the risk of losing their status as “intermediaries” and may become
liable for criminal action if they do not comply with the revised regulations.
•
• Conclusion
• Controlling online content and an excess of restriction/guideline could influence
the innovative freedom of the content essayists/makers. A balance must be struck
between regulation and freedom of content ensuring responsible digital media.
 Model Questions

1. “Media is a very important organ to fight terrorism.” In light of this discuss the critical role media
need to play in fight against the terrorism?
2. “The linkage of hundreds of millions of the Aadhaar Card to social media accounts serves no useful
purpose.” Comment.
What is Cyber Security?

• Cyber security or information technology security are the techniques

of protecting computers, networks, programs and data from unauthorised
access or attacks that are aimed for exploitation of cyber-physical systems and
critical information infrastructure.
Keywords
• Application Security: To protect applications from threats that can come through flaws in the
application design
• Information Security: To protect information from unauthorised access to avoid identity
theft and to protect privacy.
• Disaster Recovery: It is a process that includes performing risk assessment, establishing
priorities, developing recovery strategies in case of a cyber disaster.
• Network Security: includes activities to protect the usability, reliability, integrityand safety
of the network.
• Cyber-physical systems integrate sensing, computation, control and networking into physical
objects and infrastructure, connecting them to the Internet and to each other.
• Examples: Industrial control systems, water systems, robotics systems, smart grid etc.
• Critical Information Infrastructure: The Information Technology Act of 2000defines Critical
Information Infrastructure as a computer resource, the incapacitation or destruction of
which shall have debilitating impact on national security, economy, public health or safety.
 Need for Cyber security:
• With the vision of a trillion-dollar digital component, accounting for one-fifth of the $5-
trillion national economy, the importance of cyberspace in India would only keep
growing as Indians have taken to mobile broadband like fish to water, driven by
affordable tariffs, low-cost smartphones and a spurt in availability of audio-visual content
in Indian languages.
• Financial services, payments, health services, etc are all connected to digital mediums;
and due to Covid-19, this is expected to increase.
• There has been a rapid increase in the use of the online environment where millions of
users have access to internet resources and are providing contents on a daily basis.
• To ensure critical infrastructure system do not collapse under any situation.
• To ensure Business continuity.
• For the success of government initiatives like Digital India, Make in India and Smart
Cities.
• To balance Individual’s rights, liberty and privacy.
Present Status of Cyber Security
• Cyber, which is often referred to as the fifth domain of warfare, is now largely
being employed against civilian targets, bringing the war into our homes.
• Most nations have been concentrating mainly on erecting cyber defences to
protect military and strategic targets, but this will now need to change.
• Ransomware attacks have skyrocketed, with demands and payments going into
multi-millions of dollars. India figures prominently in this list, being one of the
most affected.
• Banking and financial services were most prone to ransomware attacks till date,
but oil, electricity grids, and lately, health care, have begun to figure prominently.
• The Covid-19 pandemic has increased cyber-crimes in India by 500% and India is
one of the top 3 attacked countries in the world as far as cyber-attacks are
concerned.
• There are emerging threats from the proliferation of new technologies like drones
and IoT devices.
• Cybercrimes in India caused Rs 1.25 trillion loss in 2019.
• Recent Cyberattacks
• Recently, few “State-sponsored” Chinese hacker groups targeted various
Indian power centres. However, these groups have been thwarted after
government cyber agencies warned it about their activities.
• Recently, Australia had to stave off its biggest cyber threat with the attack
targeting everything from public utilities to education and health
infrastructure. India has also been a victim to many such cyber-attacks in
the past like WannaCry, Petya ransomware, Mirai botnet etc.
• Towards the end of 2020, a major cyberattacks headlined ‘SolarWinds’ —
was believed to have been sponsored from Russia. It involved data
breaches across several wings of the U.S. government, including defence,
energy and state.
• Thousands of U.S. organisations were hacked in early 2021 in an unusually
aggressive cyberattack, by a Chinese group Hafnium, which had exploited
serious flaws in Microsoft’s software, thus gaining remote control over
affected systems.
• Another Russia-backed group, Nobellium, next launched a phishing attack
on 3,000 e-mail accounts, targeting USAID and several other organisations.
 Cyber warfare
• Cyber warfare is computer- or network-based conflict involving politically motivated attacks by a nation-
state on another nation-state. In these types of attacks, nation-state actors attempt to disrupt the activities
of organizations or nation-states, especially for strategic or military purposes and cyber espionage.
• Examples:
• In 2020, the United States (US) department of defence (DoD) exposed an information-stealing malware,
SlothfulMedia, which they said was being used to launch cyberattacks against targets in India, Kazakhstan,
Kyrgyzstan, Malaysia, Russia and Ukraine.
• The most notorious example is that of the misinformation campaign conducted by Russian bots during the
2016 US presidential elections.
• Intellectual property (IP) rights are another avenue of strategic competition — in 2014, the US justice
department indicted five Chinese military hackers and accused them of stealing secrets from US Steel, JP
Morgan, Alcoa, Westinghouse Electrical Co., and United Steelworkers.
• Military cyberattacks are perhaps the most associated with cyberwarfare — the “Sandworm Team”, a group
associated with Russian intelligence, has conducted attacks on government sectors in the US, Ukraine,
Poland, and on the European Union and NATO.
• A well-documented cyberattack occurred in 2010 when a malware “Stuxnet” that was designed to damage
Iran’s nuclear capability by making Iranian scientists and government think there were a series of internal
engineering mishaps at their enrichment facility.
Cyber Terrorism

• Cyberterrorism is any
premeditated, politically
motivated attack against
information systems, programs
and data that results in
violence.
• Cyber-terrorism can also be
understood as “the use of
computer network tools to shut
down critical national
infrastructures (such as energy,
transportation, government
operations) or to coerce or
intimidate a government or
civilian population.”
What is a zero-click attack?

• A zero-click attack helps

spyware like Pegasus gain
control over a device without
human interaction or human
error.
• So, all awareness about how to
avoid a phishing attack or which
links not to click are pointless if
the target is the system itself.
Cybercrime Against Women
• Not so long ago, social media was awash with the ‘Bois locker room’ incident that
circulated obscene images of under-age girls via leaked chats from an exclusive group.
• With this as our frame of reference, it is time we pause and acknowledge that ‘Bois
locker room’ is not an isolated incident of young boys enabling rape culture, but instead
is symptomatic of our societal mentality.
• Reports of increased cyber bullying and cyber harassment have escalated over the past
few years with the NCRB data showing 6,030 cybercrimes registered by women in the
year 2018.
• We need a targeted legislation that criminalises cyber Violence Against Women and
Girls (VAWG). In the absence of any special legislation, both the IT Act and the IPC are
interim solutions inadequate to contain the magnitude of problems.
• The reason for this is that the IPC predates the digital era while the IT Act was formulated
to enhance e-commerce as opposed to sensitising a hitherto unequal space.
• Hence, devising a statute that exclusively addresses cyber abuse, harassment and
violence faced by women will go a long way in changing the existing discourse on
safety and equality.
What are the Challenges Related to Cyber Security in India?

• Profit-Friendly Infrastructure Mindset: Post liberalisation, the Information Technology

(IT), electricity and telecom sector has witnessed large investments by the private sector. However,
their inadequate focus on cyber attack preparedness and recovery in regulatory frameworks is a cause
of concern.
• All operators are focused on profits, and do not want to invest in infrastructure that will not
generate profits.
• Absence of Separate Procedural Code: There is no separate procedural code for the investigation of
cyber or computer-related offences.
• Trans-National Nature of Cyber Attacks: Most cyber crimes are trans-national in nature. The collection
of evidence from foreign territories is not only a difficult but also a tardy process.
• Expanding Digital Ecosystem: In the last couple of years, India has traversed on the path of digitalising
its various economic factors and has carved a niche for itself successfully.
• Latest technologies like 5G and the Internet of Things (IoT) will increase the coverage of the
internet-connected ecosystem.
 • With the advent of digitalisation, paramount consumer and citizen data will be
stored in digital format and transactions are likely to be carried out online which
makes India a breeding ground for potential hackers and cyber-criminals.
• Limited Expertise and Authority: Offences related to crypto-currency remain under-
reported as the capacity to solve such crimes remains limited.
• Although most State cyber labs are capable of analysing hard disks and mobile
phones, they are yet to be recognized as 'Examiners of Electronic Evidence' (by the
central government). Until then, they cannot provide expert opinions on electronic
data.
• Cognitive hacking attack attempts to change the target audience’s thoughts and
actions, galvanise societies and disrupt harmony using disinformation
Government Measures
• Online cybercrime reporting portal has been launched to enable complainants to
report complaints pertaining to Child Pornography/Child Sexual Abuse Material,
rape/gang rape imageries or sexually explicit content.
• A scheme for establishment of Indian Cyber Crime Coordination Centre (I4C) has
been established to handle issues related to cybercrime in the country in a
comprehensive and coordinated manner.
• Establishment of National Critical Information Infrastructure Protection Centre
(NCIIPC) for protection of critical information infrastructure in the country.
• All organizations providing digital services have been mandated to report cyber
security incidents to Indian Computer Emergency Response Team (CERT-IN).
• Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been
launched for providing detection of malicious programmes and free tools to
remove such programmes.
• Formulation of Crisis Management Plan for countering cyberattacks and cyber
terrorism.
Cybercrime volunteer programme
• Indian Cyber Crime Coordination Centre (I4C) has envisaged the Cyber Crime
Volunteers Program to bring together citizens with passion to serve the nation on
a single platform and contribute in the fight against cybercrime in the country.
The programme targets to rope in around 500 persons to flag unlawful content
on the Internet.
National Cyber Security Strategy 2020
• The government will release a new cybersecurity strategy.
• The strategy would holistically cover the entire ecosystem of cyber space in
India.
• The vision of this strategy is to ensure safe, secure, resilient, vibrant, and trusted
cyber space.
• The new strategy would serve as a guideline to tackle various aspects, be it data
as a national resource, building indigenous capabilities or cyber audit.
• National Cyber Security Policy, 2013
• The Government of India took the first formalized step towards cyber
security in 2013, vide the Ministry of Communication and
Information Technology, Department of Electronics and Information
Technology’s National Cyber Security Policy, 2013.
• The Policy is aimed at building a secure and resilient cyberspace for
citizens, businesses and the Government.
• Its mission is to protect cyberspace information and infrastructure,
build capabilities to prevent and respond to cyber-attacks, and
minimize damages through coordinated efforts of institutional
structures, people, processes, and technology.
Cyber Security Index 2020
 Way forward
• The need to be aware of the nature of the cyber threat and take adequate precautionary measures, has become
extremely vital.
• New technologies such as artificial intelligence, Machine learning and quantum computing, also present new
opportunities.
• Nations that are adequately prepared and have made rapid progress in artificial intelligence and quantum
computing have a clear advantage over states that lag behind in these fields.
• Pressure also needs to be put on officials in the public domain to carry out regular vulnerability
assessments and create necessary awareness of the growing cyber threat.
• It is time that cybersecurity as a specialised discipline becomes an integral component of any IT syllabus being
taught within our university systems as well as outside.
• Coordination among CERTs of different countries.
• Ensure that vulnerable sections of our society do not fall prey to the evil designs of cyber criminals.
• Understanding and implementing the global best practices of the cyber space.
• Need for India to move on from IT security to cyber security.
• Organisations that are hit by cyber-attacks must inform law enforcement immediately instead of worrying about
their reputations.
• Important to have crisis management plans so that it helps to react in a given situation.
• A dedicated industry forum for cyber security should be set up to develop trusted indigenous solutions to check
cyber-attack
• Strategy should include the following:
• Since a global consensus is unlikely any day soon, India should consider
joining or leveraging existing frameworks like the Budapest Convention on
Cybercrime. After all, cybersecurity has become a geopolitical issue, as
reiterated time and again by the Prime Minister.
• Security by design, budgeting by default: It is high time that 10% of every
IT budget in the government be earmarked for cybersecurity, as
recommended by the NASSCOM Cyber Security Task Force.
• Prevention is better than cure: Nine out of 10 data breaches can be
mitigated if we all take care of basic cybersecurity like using licensed and
updated software, using different and difficult passwords for different
services and devices, multi-factor authentication and strong encryption.
• The cybersecurity guidelines or frameworks issued by RBI, SEBI, IRDAI and
PFRDAI can be greatly synergized under the aegis of the Financial Stability
and Development Council (FSDC), thereby bringing greater sanity for the
regulators as well as the regulated entities.
 Digital Personal Data Protection (DPDP) Act, 2023

● The DPDP Act is a legal framework introduced in India to safeguard the personal
data of individuals and ensure that their data is shared only with their
consent.
● It regulates the processing of digital personal data and outlines various
provisions to protect individuals’ privacy in the digital age.

Applicability:

○ It applies to the processing of digital personal data within the territory of

India collected online or collected offline and later digitized.

○ It is also applicable to processing digital personal data outside the territory of

India, if it involves providing goods or services to the data principals
within the territory of India.
Evolution:

• The conceptual basis of the DPDP Act is the report of the Expert
Committee set up under the chairmanship of Justice BN Srikrishna, which led
to the introduction of the Personal Data Protection Act in 2019.

• After several iterations and consultations, the Digital Personal Data

Protection Act, 2023, was introduced and subsequently passed by both the Lok
Sabha and the Rajya Sabha.

Key Stakeholders:

Data Principal (DP): – the data owner.

• DP could be individuals or entities whose data is to be protected.

• The DP has to give written consent to generate and process the

data indicating the specific purpose of its use.

• DP can withdraw the consent at any time or can restrict its use.
 Data Fiduciary– A data collecting, storing, and sharing entity.

• A data fiduciary also acts as a “Consent Manager” whoenables a DP to give,

manage, review, and withdraw consent through an accessible, transparent, and
interoperable platform.

• The Central Government may notify any Data Fiduciary or class of Data
Fiduciaries as Significant Data Fiduciaries, on the basis of an assessment of
relevant factors when they turn out to be systemically significant.

• Data Processor–an entity processing the data on behalf of a data

fiduciary. Both Data fiduciary and data processor could also be the same in
certain small entities.

• Data Protection Officer (DPO): – could be any individual appointed as DPO by

a Data Fiduciary under the provisions of this Act

Other Provisions:

• Citizen’s Rights: Under data principal rights, individuals also have the right to
information, right to correction and erasure, right to grievance redressal, and
right to nominate any other person to exercise these rights in the event of the
individual’s death or incapacity.
Establishment of a Data Protection Board of India (DPBI):
• It will function as an impartial adjudicatory body responsible for resolving privacy-related
grievances and disputes between relevant parties.

• As an independent regulator, it will possess the authority to ascertain instances of non-

compliance with the Act’s provisions and impose penaltiesaccordingly.

• The appointment of the chief executive and board members of the Data Protection Board will
be carried out by the central government.

• An appeal against any order of the DPBI shall lie with the High Court. The High Court could take
up any breach Suo moto.

• No civil court shall have the jurisdiction to entertain any suit or take any action in respect of any
matter under the provisions of this Act and no injunction shall be granted by any court or other
authority in respect of any action taken under the provisions of this Act.
Penalty for infringement:
• The Act does not impose criminal penalties for non-compliance.
• The financial penalty could range from as high as Rs. 250 crores to a data
fiduciary or data processor to as low as Rs.10000 to a data principal (the owner of
data).
• Conflict with existing laws:
• The provisions of the DPDP Act will be in addition to and not supersede any other
law currently in effect.
• However, in case of any conflict between a provision of this Act and a provision of
any other law currently in effect, the provision of this Act shall take precedence to
the extent of such conflict.