An interesting narration from a security professional published in techinasia.com (Read the Article here), highlights how Indian Start ups are neglecting information security and opening themselves to the “Data Breach” and “Cyber Law Non Compliance Risk”.
The article indicates that in a recent study, 17 start ups in India including Ola, Zomato, HomeShop18, BookMyShow and others were found to have security vulnerabilities that could cause leak of Personal and Sensitive Personal Data of its customers. According to the author, more than 70% of the Start Ups have severe bugs compromising security and creating a potential financial risk to the company.
We refer to our earlier article “The Start-ups and Techno Legal Risks” in which we have highlighted the need for “Techno Legal Feasibility Analysis” to be undertaken by Start ups to identify and mitigate certain risks that arise out of non compliance of ITA 2008.
The article in TechInAsia also highlights the Section 43A of ITA 2008 and warns the entrepreneurs of the possibility of financial losses arsing out of data breach. It also suggests that there is a need for good “Bug Bounty” programs to ensure that these Start Ups get voluntary help from security professionals.
We also highlight that it is not only the breach of Sensitive Personal Information that creates liabilities but also breach of personal information. Additionally, ITA 2008 can create liabilities on account of many other non compliance issues and any company which does not conduct an “ITA 2008 Compliance” audit on its processes (including mobile Apps) is running the risk of not only a hacker’s attack but also liabilities that can cripple or kill the company.
There are many aspects of ITA 2008 which can land the innocent CEO or CTO of a Start Up in Jail for non compliance of ITA 2008.
The undersigned invites such companies to use the services of Naavi’s Cyber Law Center, so that it reduces the risk of a premature death.
Naavi