Data Privacy and Cyber Security in the Age of IoT and Data Analytics: Response of Law
Keywords:Cybersecurity, IT Act, maturity model, privacy, law.
IoT and Data Analytics are developing and adopted very fast. Utilities are deploying smart meters, smart lighting, etc. Even the water supply distribution agencies are deploying smart water schemes to reduce non-revenue water. Further, data analytics is done by loT of companies to provide targeted advertising and knowing user preferences. All this requires co
llecting user data to be effective.
There is an urgent need to define unambiguous laws, well defined dispute resolution that defines the consumer liability and service provider liability in light of court judgments to that effect. Further, a cyber security framework also needs to be defined and also a cyber security maturity model needs to be in place to rate the cyber security of a given agency and the steps needed to make cyber security better.
The paper intends to study national and international laws on cyber security including framework and maturity model and data privacy laws. It will then come up with concrete enforceable suggestions to make cyber security better. The suggestions will include laws, liability, framework and guidelines.
 [ITACT2008] Ministry of Law, Justice and Company Affairs (Legislative Department): The Information Technology ACT, 2008
 [CYBERSEC] MEITY: National Cybersecurity Policy, 2013
 MEITY: G.S.R 19 (E) - Information Technology (National critical Information Infrastructure Protection centre and manner of performing function and duties) Rules, 2013 dated 16.01.2014
 MEITY: G.S.R 20 (E) -Information Technology(The Indian Computer emergency response team and manner of performing function and duties ) Rules,2013 dated 16.01.2014
 BIS RULES: http://www.bis.org.in/bs/bisrules.htm
 CERT-IN: http://www.cert-in.org.in/
 [INFOATTACKS] The European Parliament and The Council of European Union: Directive 2013/40/EU on attacks against information systems and replacing Council Framework Decision 2005/222/JHA, dated 12 August 2013
 European Commission Directorate-General for Energy: M/490 Standardisation Mandate European Standardisation Organisations (ESOs) to support European Smart Grid deployment, Brussels 1st March 2011
 [EUPRIVACY] The Working Party on the Protection of Individuals With Regard To the Processing of Personal Data: Article 29 Data Protection Working Party, Opinion 12/2011 on smart metering, Adopted on 4 April 2011
 [C2M2] U.S. Department of Homeland Security: Cybersecurity Capability Maturity Model (C2M2), Version 1.1 February 2014
 National Institute of Standards and Technology: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0 February 12, 2014
 [SCPRIVACY] Supreme Court Of India: Justice K S Puttaswamy (Retd.), and anr. vs. Union of India and Ors. (Writ Petition (Civil) NO 494 OF 2012), dated 24th August 2017
View Full Article:
How to Cite
LicenseAuthors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under aÂ Creative Commons Attribution Licensethat allows others to share the work with an acknowledgement of the work''s authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal''s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (SeeÂ The Effect of Open Access).