A data breach is any information that compromises with the identity of an individual and adversely affects both an individual and the business & reputation of an organization [1]. The sources of data breach could be due to cyber attack on servers, careless disposal, misplacement of IT assets or misuse of personal information.

In this article, I focus on the data breach impacting at a personal level and the remedial steps individuals could take to minimize its effect. The motivation for this blog has been the recent data breach incidents in India during May 2021. It was reported by Indian Express [2] that the famous pizza brand in India, Dominos, suffered from a data leak on 22-May-2021. The report further indicates that the massive data breach of 18 crore orders (includes phone numbers, address, email address, payment details and credit card details) is publicly available on the dark web.

In another incident during the same month, Hindustan Times reported [3] that Air India suffered a massive data breach of 4.5 million customers. The personal data of registered users of a decade (26-Aug-2011 to 20-Feb-21) includes their name, date of birth, passport information, and frequent flyer information.

What is Personal Data?

European Commission [4] defines “Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.”

The various examples of Personal Data are:

• a name and surname;
• a residential address;
• date of birth;
• an email address such as name@company.com;
• an identification card number like Aadhar card, PAN card, Credit Card, passport number, driver’s license, debit card;
• location data (coordinates of the residence, for example, the location data function on a mobile phone);
• data held by a hospital or doctor, which could be a symbol that uniquely identifies a person.

What is the impact on an individual with these data breaches?

In my earlier article [1], I have highlighted the impact on society due to the data breach.  Somebody having your data will try to talk you through and convince you by sharing your own data (collected due to data breach) that he is from an authentic source. Do not fall prey to such instances where someone reads your address or other credentials.

Laws related to Data Protection

The General Data Protection Regulation (GDPR) concerns the protection of personal data in the European Union (EU). The GDPR data protection law, adopted in 2016, went into effect on May 25th 2018 and applies to all its 28 member states in the European Union. The GDPR provides fundamental rights for EU citizens and legislation that is deemed fit in this digital age.

The key take-aways from the seven principles of GDPR, leading to the compliance level, is given in the picture below.

In this digital era, we also need a similar law in India that protects its citizens from any misuse of personal data. More so, it becomes important during this unprecedented time, wherein people are confined to their homes due to the pandemic situation. We tend to use all digital means to get our daily needs like milk, bread, grocery and all other personal items, including perishable and non-perishable items.

What steps can an individual take to protect their Personal data? 

I am detailing below some Do’s and Don’ts that individuals can use and follow these recommended tips and best practices to avoid being a data breach victim.

1. Whenever you enter the data on a website, do not enter the non-mandatory fields (including phone number or address).
2. Do not save your credit card information on the website for later use. Some of the websites provide the option of saving credit card details for future purposes or for ease of ordering.
3. Avoid creating and using the same user account and password on multiple sites. The drawback of using the same user account and password on numerous websites is that in case of any compromise and the user ID and password from one website go to a hacker, they can use it on other websites.
4. Be wary of offers of help following a data breach.
5. Be suspicious of emails, phone calls and messages from frauds who may masquerade.
6. Change the password immediately whenever you are aware of a compromise on a particular website.
7. Avoid using similar patterns of password on various website.
8. Use secure passwords. One can make use of a password manager and use complex passwords, which are not easy to guess.
9. Try to use two-factor authentication wherever feasible.
10. Try to use Virtual Private Network (VPN) to avoid websites to use your location and IP address.
11. Read, Follow and Make use of the messages you receive from authentic sources (for example, your bank and other government institutions). Do not fall prey to messages from unknown or unwarranted sources.
12. Never share your OTP under any circumstance. It should not be shared with anyone.
13. Ensure to install the latest patches and keep your system updated with the latest release from the software provider.
14. Automate your software updates.
15. Turn off your devices like laptop and desktop when not in use.
16. Be mindful when you create user IDs and log in to websites. Don’t create user credentials unless you want to use them and ensure that they are from trusted sources.
17. Always remember to log out from the website after use.
18. Opt-out of Ad tracking.
19. If in doubt, block social media invitations (Facebook friend or LinkedIn connection requests).
20. While browsing on the internet, always use secure websites (check for padlock in the address bar). That is try to avoid those websites that use http. Secure websites have their address starting with HTTPS. My website [6] also starts with https.
21. Only shop on secure websites.
22. Finally, check if your email or phone number is in a data breach. “Have I been Pwned” (HIBP) [7] is a free resource for anyone to quickly assess if they have been put at risk due to an online account.

I hope this article, which highlights the gravity of the situation and the useful tips, will help fellow citizens be cognizant of the matter and take adequate steps to protect their online presence and avoid being a victim during a future data breach.