LPPYF Law and Public Policy Youth Fellowship is an Online National Summer School Program, a Two-Month Online Immersive Legal Awareness & Action Research Certificate Training Course and Internship Program, from June-August 2023 by IMPRI Impact and Policy Research Institute. An informative and interactive panel discussion on “Technology, Laws and Public Policy” was held by Shri Amit Dubey Founder, India Future Foundation; National Cyber Security Expert.
Sir initiated the session by giving valuable insights about the Data Protection Bill, 2023, that has been passed in the Parliament recently. He then talked about the basics of technology, data protection, its breach and the implications that it possesses.
Artificial Intelligence Technology- Threat or Blessing
It is of no doubt that this era is now being dominated by Technology and Artificial Intelligence. It has been now a major topic of debate, of AI being a major blessing for humans or a threat to mankind. However, there are many that doubt the capability of AI. They often quote it as threat to human employment, and its efficiency as compared to human mind. Sir while discussing about the same pointed out that though AI has been of a great help, and has made tasks easier to perform, but what it has costed to humans is the breach of their personal data.
Every time we accept a website’s permission to share our data with, we are not actually not aware what loss it can cause to us. Data breaches are indeed a significant threat in the digital age. They involve unauthorized access, disclosure, or theft of sensitive information, often leading to severe consequences for individuals and organizations. Protecting data through cybersecurity measures, encryption, and regular updates is crucial to mitigate this threat.
Countering Data Breach
To counter data breaches, implementation of some key techniques is needed,
- Firewalls and Intrusion Detection Systems (IDS)
Install firewalls to monitor and filter incoming and outgoing network traffic. Use IDS to detect suspicious activities and potential breaches in real-time technology.
Encrypt sensitive data, both at rest and in transit, using strong encryption algorithms. Implement HTTPS for web traffic and use encrypted communication protocols technology.
- Access Control
Enforce strict access control policies. Limit data access to authorized personnel only. Implement role-based access control (RBAC) and regularly review permissions.
- Regular Updates and Patch Management
Keep all software, operating systems, and applications up to date with security patches. Remove or update outdated and vulnerable systems.
- Employee Training
Conduct cybersecurity awareness training for employees to recognize and avoid phishing and social engineering attacks. Promote strong password practices and the use of multi-factor authentication (MFA).
- Network Segmentation
Segment your network to isolate sensitive data and limit lateral movement in case of a breach.
- Incident Response Plan
Develop and regularly update an incident response plan to quickly address and mitigate breaches when they occur.
- Regular Auditing and Monitoring
Continuously monitor network traffic and user activities for anomalies.
Perform regular security audits and penetration testing to identify vulnerabilities.
- Data Backup and Recovery
Implement regular data backups and ensure they are stored securely. Test data recovery procedures to minimize downtime in case of a breach.
- Vendor Risk Management
Assess and manage the cybersecurity practices of third-party vendors who have access to your data.
- Data Classification
Classify data based on its sensitivity and apply appropriate security controls accordingly.
- Mobile Device Management (MDM)
Implement MDM solutions to secure mobile devices used for work.
- Zero Trust Architecture
Adopt a zero-trust approach, which treats every user and device as untrusted until proven otherwise, even within the internal network.
- Regular Security Audits
Conduct regular security audits and vulnerability assessments to identify and address weaknesses
- Legal and Regulatory Compliance
Ensure compliance with data protection laws and regulations relevant to your industry.
- Employee Offboarding
Have a robust offboarding process to revoke access for employees who leave the organization.
- Security Information and Event Management (SIEM)
Implement SIEM tools to centralize and analyze security event data.
Cybersecurity and technology is an ongoing process, and staying vigilant is essential to protect against evolving threats. In addition to this sir also showed some practical websites and IP addresses that allow us to check the places, and applications that have our personal data, and what threat they can actually possess with that data in their databases. Data analysis is the key to counter the investigation challenges in the future, Quantum Computing, Artificial Intelligence, and Meta Verse technology can act both as a blessing or a threat.
Using them carefully, and to keep track of data that we share is imperative. To conclude, it will be always a point of debate of AI technology being a threat or a blessing till an unambiguous to this debate settles, but what is important for us is to keep track of activities, and permissions that we allow other websites to gather.
Divyansh is a Research Intern at IMPRI.
Youtube Video of Inaugural session for Law and Public Policy Youth Fellowship Programme: https://youtu.be/fT0XLKGJ6LY
Read more session reports for Law and Public Policy Youth Fellowship: