In July 2017, one of the biggest data breach in India was reported in which personal data of over 100 million customers got compromised. Sensitive information like customer details, names, email addresses, date of activation, mobile numbers were leaked. Even the Aadhaar or Unique Identification Number was also disclosed. Though the company assured customers its data was protected by security, it filed a complaint alleging the unlawful access of systems.
Additionally, there have been media reports of personal details of Aadhaar holders getting leaked and published on websites. In such a situation, it’s anyone’s guess what can happen to super sensitive details of GSTN on which apart from personal details there are financial details. The developments have prompted calls for India to adopt stronger laws and mechanisms and protect consumers from data breaches.
Scale of GST rollout is massive
India has 50 million SMEs and 3100 startups. The GST Network (GSTN) would throw up 5 billion invoices a month, plus, 15 million retailers that have to undergo digitized sales. The scale is massive. However, looking at data security levels in India, a big question mark hangs over the security of data that is online. Besides willful crime and cyber-attacks there could be data crash. What happens then? The world is already reeling under the onslaught of cyber-attacks such as Petya and Ransomware.
The Goods and Services Tax Network (GSTN) is nodal agency for providing IT infrastructure and services to Centre and State Governments as well as tax payers and stakeholders for implementing the GST. Keeping the sensitivity of the information in mind, it is a must to have a strong security system in place in order to ensure protection of data and tax-related information. The system should also have stability as well as total backup.
Why is GST data sensitive for businesses and enterprises of India?
Data security is of great importance for all, particularly for businesses and enterprises. Let us take an example: If invoicing details get leaked, it can be damaging for a an enterprise because the invoice includes the item cost. In case a competitor comes to know the details that could be a substantial drawback. Consequently, GST information should be doubly encrypted and best possible security system should be in place.
Data security standards in India’s Information Security Systems
India ranks 23rd among 165 countries on the Global Cybersecurity Index (GCI). The list is released by the International Telecommunication Union (ITU), the UN telecommunications agency. According to the agency more effort is required in this critical area of data security. The GCI measures a number of factors including key areas of legal, organizational, technical, capacity building and international cooperation for its findings.
Compared to companies in European Union (EU), which have typically stringent data protection standards, Indian companies do not have to reveal data breaches to clients. This raises ethical questions of security and accountability. Moreover, super sensitive information gets leaked easily in India. There is little reason to believe the same cannot happen with the GSTN. Regular media reports of multiple leaks from the government’s end are not reassuring at all. Ministries as well as departments have been noticed to be sharing information, resulting in disclosure of names, numbers, addresses and bank account numbers and details.
The Narendra Modi government has been pushing for digital governance and cashless economy through steps such as the demonetization and GST. In this specific context, protection of official, private and classified data assumes significance. Governments should consider digital risks as one of the high-priority areas and take immediate steps to thwart data breaches as well as failures. The image of a Digital India gets tarnished with reports of frequent debit card forgeries, data breach, as well as cyber-attacks.