BREACH OF PERSONAL DATA HELD BY THE STATE: CRITICAL CONSIDERATIONS IN THE BREACH NOTIFICATION PROCESS UNDER INDIA’S UPCOMING DATA PROTECTION LAW
Downloads
Abstract
Instances such as government databases being left open without requiring password access, criminals selling access to government databases for ‘sessions of 10 minutes’ and botched procedures leaking data have made breach of personal data held with the State business as usual. A report by World Economic Forum (2019) stated that UIDAI – the principal Aadhaar implementing agency has had its database incessantly breached since inception, compromising sensitive personal data of over 1.1 billion Indians. A COVID-19 tracking app introduced by Madhya Pradesh was breached within days (Ranjan 2020). Recently, the CSC BHIM website was breached resulting in highly sensitive personal data of over 70 lakh people being compromised (Sengupta 2020). The breached data included, inter alia, scans of caste certificates, Aadhaar cards, residence, payment related data and PAN cards. The breach also compromised personal data of minors. The firm that identified this breach has stated that the same has occurred due to a misconfiguration which allowed public access to the database.
The WEF (2019) report mentioned earlier ranked the Aadhaar leak(s) as the biggest in the world, followed by the Marriott-Starwood breach, which put personal information of 500 million people at risk. However, the data protection authority of U.K. (the ICO) has decided to impose a fine of £99,200,396 on Marriott (Information Commissioner's Office 2019). Such a situation with the Aadhaar breach is unimaginable, despite attemptsi to seek damages from the Government for the same.
External References to this Article
Loading reference data...
License Terms
Ownership and Licensing:
Authors of research papers submitted to any journal published by The Law Brigade Publishers retain the copyright of their work while granting the journal specific rights. Authors maintain ownership of the copyright and grant the journal the right of first publication. Simultaneously, authors agree to license their research papers under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) License.
License Permissions:
Under the CC BY-SA 4.0 License, others are permitted to share and adapt the work, even for commercial purposes, provided that appropriate attribution is given to the authors, and acknowledgment is made of the initial publication by The Law Brigade Publishers. This license encourages the broad dissemination and reuse of research papers while ensuring that the original work is properly credited.
Additional Distribution Arrangements:
Authors are free to enter into separate, non-exclusive contractual arrangements for distributing the published version of the work (e.g., posting it to institutional repositories or publishing it in books), provided that the original publication by The Law Brigade Publishers is acknowledged.
Online Posting:
Authors are encouraged to share their work online (e.g., in institutional repositories or on personal websites) both prior to submission and after publication. This practice can facilitate productive exchanges and increase the visibility and citation of the work.
Responsibility and Liability:
Authors are responsible for ensuring that their submitted research papers do not infringe on the copyright, privacy, or other rights of third parties. The Law Brigade Publishers disclaims any liability for any copyright infringement or violation of third-party rights within the submitted research papers.
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyright © 2026 by Abishek Nippani
The copyright and license terms mentioned on this page take precedence over any other license terms mentioned on the article full text PDF or any other material associated with the article.
