Cybercriminals might have access to your data thanks to India’s new data localization law.
The Reserve Bank of India recently issued a directive that requires data on payment transactions occurring in India to be stored within Indian borders. This dangerous practice, also known as data localization, is used by some countries as a way of ensuring law enforcement and government access to data and exposes companies to massive cybersecurity risks. Executive Director of Digital Liberty and Federal Affairs Manager at Americans for Tax Reform, Katie McAuliffe, wrote an op-ed for the Washington Examiner detailing these new attempts by the Indian government to localize data within the country.
In the op-ed, McAuliffe explains that:
“Requiring data storage in a particular location increases the security risk to data from more citizens, businesses, and governments. Companies carefully select where they will store data and how they will store data based off of security concerns. Often, data isn’t even stored in one place — it is scattered throughout servers that make up various clouds, and some of that data is constantly moving. If criminals know that sensitive records, particularly bank transactions, credit card numbers, and routing information, are stored in one place, their targets become significantly easier to exploit.”
Ultimately, data localization would hurt the Indian economy. McAuliffe details that:
“While India has expanded its market to allow investment beyond its borders, companies might shy away from Indian markets because of stringent data localization laws. Data localization across the entire Indian economy would cost up to 0.8 percent of the country’s GDP, decrease investments by 1.3 percent, and create welfare losses equivalent to 11 percent of the monthly salary.”
Ultimately there are already processes in place to assuage the Indian government’s fears about collecting data for law enforcement purposes. McAuliffe details that:
“In the United States, the Clarifying Lawful Overseas Use of Data, or CLOUD Act sponsored by Sen. Orrin Hatch, R-Utah, and Rep. Doug Collins, R-Ga., updated U.S. law to create a more efficient mechanism of reciprocal treaties where nations can request data directly from service providers located within each other’s borders, as long as the foreign government has laws in place sufficiently protecting privacy, human rights, and due process…India and the U.S. should work through the process outlined by the CLOUD Act to address concerns about law enforcement access to data, while maintaining American security and constitutional protections.”
To read more of McAuliffe’s op-ed, click on the direct link to the Washington Examiner.