The recent spate of prolific events has made Privacy a point of household discussion; a necessary discussion that was bound to happen, nevertheless there couldn’t have been a more opportune time. The dotcom bubble has reached its ended and we are advancing to a new paradigm of prodigious technological marvels; the thoughts of which have been part of science fiction for a long time. Artificial Intelligence, Machine Learning and Block chain populate the headlines and it is data that drives these new age technologies. Stringent Privacy regulations are nigh upon us with the GDPR, New York State Law, The pending Indian Data protection Law amongst others finally impose considerable onus on entities and strive to commence a new era in data privacy, one that puts control back in the individuals hands and holds entities accountable.
The Ministry of Information and Technology through the aptly appointed Justice Srikrishna committee recently released the Personal Data protection Bill of 2018. The bill has come at a truly opportune time in consideration of major international events like the Cambridge Analytica issue, the WannaCry and Petya attack, serious banking data theft and the advent of strong international privacy laws like the GDPR.
While the bill would take the natural course of time in terms of developing into an act, the present iteration of the bill largely showcases the intent and powers of the government with respect to privacy in India to put highly onerous and apt obligations on entities in India. The enactment of the bill would lead to a major impact of the existing cyber insurance ecosystem in India.
While most entities have opted for cyber insurance in India in the past in order to get aspects like forensic costs , cyber extortion costs and other first party expenses cover, the advent of the strict regulations vide the proposed bill would lead to the data liability cover (that provides entities coverage for defence costs and damages incurred upon data subjects/principals filing a suit) being tested and the policy transforming itself to respond to the various obligations and liabilities arising from sections like that of 24-27 viz Rights of Data principals and Section 75 viz compensation ,Sections 69-73 for penalties and remedies in particular.
The compulsory notification to the regulators commenced under the bill, the privacy notice and authority assessment obligations shall require entities to re-assess their cyber risk standing as well calibrate their cyber insurance in that regard. At Global Insurance Brokers we are already working on the modifications that would need to be made under existing cyber insurance programs in India. We are sure the bill will also lead to an already increasing market penetration of the product as well. At Present we have launched the “Global Digest to the Personal Data Protection Bill ,2018” which provides relevant impacts on the cyber insurance ecosystem in detail vis-à-vis the tenets of a bill, you can contact us for a copy of the same.