Data Privacy and Cyber Security in the Age of IoT and Data Analytics: Response of Law


  • Rashmi Salpekar





Cybersecurity, IT Act, maturity model, privacy, law.


IoT and Data Analytics are developing and adopted very fast. Utilities are deploying smart meters, smart lighting, etc. Even the water supply distribution agencies are deploying smart water schemes to reduce non-revenue water. Further, data analytics is done by loT of companies to provide targeted advertising and knowing user preferences. All this requires co

llecting user data to be effective.

There is an urgent need to define unambiguous laws, well defined dispute resolution that defines the consumer liability and service provider liability in light of court judgments to that effect. Further, a cyber security framework also needs to be defined and also a cyber security maturity model needs to be in place to rate the cyber security of a given agency and the steps needed to make cyber security better.

The paper intends to study national and international laws on cyber security including framework and maturity model and data privacy laws. It will then come up with concrete enforceable suggestions to make cyber security better. The suggestions will include laws, liability, framework and guidelines.




[1] [ITACT2008] Ministry of Law, Justice and Company Affairs (Legislative Department): The Information Technology ACT, 2008

[2] MEITY website (standards are in

[3] [CYBERSEC] MEITY: National Cybersecurity Policy, 2013

[4] MEITY: G.S.R 19 (E) - Information Technology (National critical Information Infrastructure Protection centre and manner of performing function and duties) Rules, 2013 dated 16.01.2014

[5] MEITY: G.S.R 20 (E) -Information Technology(The Indian Computer emergency response team and manner of performing function and duties ) Rules,2013 dated 16.01.2014


[7] CERT-IN:

[8] [INFOATTACKS] The European Parliament and The Council of European Union: Directive 2013/40/EU on attacks against information systems and replacing Council Framework Decision 2005/222/JHA, dated 12 August 2013

[9] European Commission Directorate-General for Energy: M/490 Standardisation Mandate European Standardisation Organisations (ESOs) to support European Smart Grid deployment, Brussels 1st March 2011

[10] [EUPRIVACY] The Working Party on the Protection of Individuals With Regard To the Processing of Personal Data[1]: Article 29 Data Protection Working Party, Opinion 12/2011 on smart metering, Adopted on 4 April 2011

[11] [C2M2] U.S. Department of Homeland Security: Cybersecurity Capability Maturity Model (C2M2), Version 1.1 February 2014

[12] National Institute of Standards and Technology: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0 February 12, 2014

[13] [SCPRIVACY] Supreme Court Of India: Justice K S Puttaswamy (Retd.), and anr. vs. Union of India and Ors. (Writ Petition (Civil) NO 494 OF 2012), dated 24th August 2017



View Full Article:

How to Cite

Salpekar, R. (2018). Data Privacy and Cyber Security in the Age of IoT and Data Analytics: Response of Law. International Journal of Engineering & Technology, 7(3.12), 191–194.
Received 2018-07-22
Accepted 2018-07-22
Published 2018-07-20