In 2017, the biggest of data breaches was reported in which data of 100 million customers was compromised. Information like customer details, including names, emails, date of activation, mobile numbers got leaked. In some cases, even the Aadhaar or the Unique Identification Number got disclosed. Though the company vouches for data security of the highest standards, a complaint was filed for unlawful access of systems.
Moreover, there have been reports of personal Aadhaar details getting published on websites. In such situation, what is the security of the GSTN data, which not only contains personal but also financial details? Such developments have fueled demands for the country to adopt stronger laws to protect citizens from data breaches.
Massive scale of GST rollout
There are 50 million SMEs and 3,100 startups in India. The GST Network (GSTN) is expected to yield 5 billion invoices a month; 15 million retailers need to undertake digitization of sales. Looking at the data security levels in India, a question mark hangs over the integrity of the network that is online. Besides crime and cyber attacks, there could be data crashes. What happens then? Is there a sound backup plan? As it is, the world is reeling under cyber-attacks such as Ransomware and Petya.
The Goods and Services Tax Network (GSTN) is the principal agency for IT infrastructure and services to the Centre and State Governments and tax payers for implementing the new tax law. In view of data sensitivity, there has to be a robust security system to ensure protection of data and tax-related information. The system must have stability and backup.
Why is the GST data sensitive for businesses in India?
Data security is important for all, particularly for businesses and enterprises. For example: If invoicing details are leaked, then there could be great damage for an enterprise as invoice includes item cost. If a competitor knows such details, it could be a problem. GST information must be protected by the best possible data security system.
Woeful data security in India’s IT Systems
India is at the 23rd position within 165 countries on Global Cybersecurity Index (GCI), released by the International Telecommunication Union (ITU), the UN telecommunications agency. According to the report, greater effort is needed in this area. Compared to European Union (EU) companies , which have stringent data protection rules and standards, companies in India fail. They also don't need to reveal data breach issues to clients, raising questions about accountability and security.
Also, information easily gets leaked in India. The same could happen with the GSTN data. Media reports of leaks both from the government and the private bodies are least reassuring. Ministries and departments have been guilty of information leaks, which have resulted in disclosure of names, addresses, numbers and bank account details.
Government must put up systems for data security
Narendra Modi government is pushing for digital governance as well as cashless economy such as the GST and demonetization. Protection of official, private, and classified data takes centrestage. The Indian Government must consider digital risks as a high-priority area to thwart data breach issues. Such reports don't augur well for a Digital India as reports pour in of debit card forgeries, data breach and cyber attacks.