Data privacy: Three in four Indians hold public sector offices responsible for breach

• 69% blamed banks and financial service providers, and 56% identified central government offices, databases, and staff for breach of personal data.
  
• The largest group, constituting 72% of those surveyed, had their mobile numbers leaked, followed by email addresses (63%).
  
• 72% of respondents acknowledged that their personal details were leaked or are in the public domain.
  

Data breach stories are increasing by the day and this impacts one’s privacy directly. Who is to blame for the leaks? Well, a survey by community social media platform LocalCircles has found that 81% of Indians attribute the data leaks to state/local government offices, databases, and staff (such as RTO, municipality, hospitals, public distribution system, property registration office, etc.).

56% identified central government offices, databases, and staff (like EPF, Passport, CoWIN, Aarogya Setu, Aadhaar, Income Tax, Vehicle Ownership, Voter ID, etc.) as the culprits.

The latest data breach involves COVID vaccination data of the Indian government. The Ministry of Health downplayed the breach but ordered CERT-In to probe how CoWIN portal data ended up on Telegram. The surveyed feel that penalties and disincentives as the personal data protection bill awaits parliament presentation, highlighting wider data security concerns.

Blame on telecom and financial services providers

Every three in four who were surveyed, i.e. 75% of respondents, pointed fingers at telecom service providers, 69% blamed banks and financial service providers.

eCommerce and payment apps/websites also the culprit?

Furthermore, 44% of the participants held eCommerce apps/sites responsible, while 31% pointed to payment apps/sites. Additionally, 25% of the respondents attributed the leaks to education institutes/apps and another 25% to various other businesses/entities.

Majority feel their personal data has been compromised

The survey also focused on determining whether respondents' personal information was present in the public domain and if any data had been compromised. The question asked was, "What personal details of yours are currently in the public domain or in databases from where they have been leaked?" A mere 9% of participants stated that "no personal details have been leaked or are in the public domain."

However, a significant 72% of respondents acknowledged that their "personal details were leaked or are in the public domain." On the other hand, 19% of those surveyed refrained from providing a definitive response, opting for "can't say." As a result, it was observed that seven out of ten citizens surveyed believe that one or more of their personal data elements have already been exposed to the public or compromised in databases.

Most leaked personal information

The survey also sought to find out what information of citizens is easily available in the public domain. Among the respondents who reported that their personal information had been leaked, the survey identified the most common data elements that were compromised. The largest group, constituting 72% of those surveyed, had their mobile numbers leaked. Additionally, 63% of respondents had their email addresses exposed, while 53% reported that their Aadhaar numbers were compromised. Furthermore, 50% stated that their PAN card numbers had been leaked, and 25% had their Voter ID numbers exposed.

For a smaller percentage of respondents, multiple pieces of personal information were compromised, as revealed by the following results: 22% had their credit/debit card numbers leaked, 9% disclosed their annual income/salary, and 19% reported other details that were not specifically mentioned in the survey. It is evident from the survey results that some individuals experienced the unfortunate situation of having multiple aspects of their personal information exposed.