Data PrivacyData Privacy vis-à-vis Cybersecurity: Part I

March 16, 20220


Cybercriminals target personally identifiable information (PII) of the customers such as names, addresses, national identification numbers (e.g., Social Security number in the US, fiscal codes in Italy, etc.), or financial information — and then sell these records in underground digital marketplaces. Compromised PII frequently results in a loss of customer trust, regulatory fines, and even legal action.

The complexity of security systems, caused by disparate technologies and a lack of in-house expertise, can amplify these costs. However, organizations that implement a comprehensive cybersecurity strategy, guided by best practices and automated with advanced analytics, artificial intelligence (AI), and machine learning, can combat cyber threats more effectively and reduce the lifecycle and impact of breaches when they occur.

The Internet has become far more influential in everyday life than anyone could have predicted. With so much important data being transferred across public networks on a daily basis, it is no surprise that a small subset of the technologically gifted chooses to exploit the more vulnerable among us.

In order to combat data exploitation, all the nations are using every possible measure at their disposal, both collectively and individually. Data privacy, also known as information privacy, is a subset of data security that focuses on the proper handling of data – consent, notice, and regulatory obligations. Practical data privacy concerns frequently revolve around:

1. Whether or not the information is shared with third parties?

2. How data is legally collected and stored?

3. Restriction of regulatory authorities?


Cybersecurity is the method of protecting sensitive information and crucial systems from attacks through the Internet. The purpose is to resist threats that target applications and network systems, besides the point that the source of the attack is from inside or outside of the organization.

Significance of Cyber Security

Data Protection

Cyber theft is growing and can become very expensive for any business or individual. Cybersecurity issues are largely driven by the increasing exposure of identity information to the web via cloud services. Cybersecurity is important because it protects all categories of data from theft and damage.

A lot of sensitive data is exposed in the wired world, for example PII, personal information, protected health information (PHI), intellectual property and Governmental and industrial information systems. Without a cybersecurity program, an organization cannot defend itself against data breach campaigns, which makes it an irresistible target for cybercriminals.

Advancement of IoT Devices

While moving towards the idea of smart cities with smart devices, our dependence on the Internet has increased too. The establishment of the Internet of Things (IoT), has not only eased and sped up our jobs but has also provided cybercriminals new platforms to exploit. Weak passwords, unsecured ecosystem interfaces, insecure data storage and transfer, issues in IoT devices, etc., leads to potential threats of exposure of personal data.

Cost of Cyber Risks 

Cyber-attacks are breeding in numbers and consequently, the cost of damages is huge in numbers. If cybersecurity is not been taken care of, these attacks can be expensive enough to make it difficult to survive for an organization.

With the increasing connection of business infrastructures over the internet, it is expected that cybercrime may cost the world $10.5 trillion annually by 2025. Moreover, along with financial damage, there is a huge extent of reputation damage too. In the case of well-known businesses, it may cause a drastic loss of customer trust.


As per General Data Protection Regulations (GDPR), data privacy implies letting the users make their judgments about who can process their data and for what purpose. Chapter 3 of the GDPR enumerates the rights of the Data Subjects and any and every organization operating within the jurisdiction of the European Union (EU) are bound to facilitate these rights; failure to do so shall result in hefty penalties.

Importance of Data Privacy

Digitization of Services

For an organization, personal data that customers share online is resulting in immense accumulation of information as well as the risk in such data collection. Data privacy is important because the platforms collecting the vital information of an individual become duty-bound to protect the data of the users.

Importance of Data Security for the Businesses

There are several reasons why businesses should take care of data privacy:

I. A data breach can have a negative impact on the reputation and financial situation of the organization.

II. As noted earlier, a data breach may chain in the theft of valuable customer information which might affect the Data Subjects and pose as a threat. A cybercriminal can use this sensitive data to commit any crime, such as credit card frauds.

III. When a user signs to share their data with the websites, they expect it to be secured. If the website operator fails to do so, users will lose trust in the company and brand, causing decrement in brand value.

IV. A business that is compliant with data privacy regulations will enjoy a competitive advantage over those that don’t consider the subject thoughtfully.


Cybercrimes can be classified in different ways. There are two very broad classes: one, offences perpetrated by violent or potentially destructive criminals, and two, passive crimes.

Violent or possibly violent offences that use computer networks are the priority for clear factors: these offences feign a corporeal risk to any person or persons. Types of violent or potentially violent cybercrime cover attack by threat, cyberterrorism, stalking, and child pornography.

On the contrary, passive cybercrimes can be split into various sub-categories like cyber trespass, adverse cybercrimes, cyber theft, cyber fraud, and other cybercrimes.

Some common threats are:

  • Hacking: Hacking is now a multi-billion-dollar industry for cybercriminals, offering the opportunity to extract data for political and economic gain. Hacking refers to unauthorized users accessing your computer or network. There are many ways hackers can access networks and computers. There are complex methods such as changing system security, and simple methods such as guessing a user’s password and installing a key logger.
  • Cracking: Cracking is the reverse engineering of software, passwords, or encryption and can lead to unauthorized access to sensitive information.
  • Malware: Malware (short for malicious software) disrupts computer operations, gathers sensitive information, or gains access to a computer system to compromise the data and information. Antivirus software and firewalls are typically used to keep malware off of computers. Examples of malware include viruses, worms, spyware, ransomware, key loggers and backdoors, but in reality, malware can be any program that operates against the requirements of the computer user.
  • Misuse: Employees may take advantage of entrusted resources or privileges for a malicious or unintended purpose. Administrative abuse, policy violations, and the use of non- approved assets may lead to breach of data.
  • Error: Errors such as system misconfigurations and programming errors can lead to unauthorized access by cybercriminals. Incorrect programming can lead to errors internally or hackers can find loopholes that cause errors.
  • Data Leakage: Data in an organization can be misused if it is sent electronically or physically to an external destination or to recipient without due consent or prior permission.
  • Real-time Attacks: Real-time attacks are structured cyberattacks designed to intimidate or harm a company whose main source of income is a website or online resource.
  • Advanced Persistent Threats (APT): The purpose of APT is not to corrupt or tamper with files, but to steal data as it continues to arrive. Hackers attack computer systems without being detected or collecting valuable information over time.
  • Third-Party / Service Provider: Third-party networks may be used by other external cybercriminals as the first gateway to an organization’s network.


The corporate bodies and organizations should ensure safeguarding the data of the users and also put in place stringent protection measures from cybercrimes. With the borderless nature of the Internet, cybercrimes can happen across the world and can lead to severe damages.

Cybercrimes are one of the biggest threats to data privacy, among other things. To negate such cybercrime threats, the organizations should ensure to address any minor loopholes in their data processing system, to avoid any potential threats over the cyberspace.

Any exposure or breach in personal data ends up putting both the individual and the business at risk. Presently, the technology used to prevent data breaches and the regulations pertaining to data privacy has to be dynamic because cybercriminals are always one step ahead of the traditional norms and measures.

In our upcoming blog, we shall discuss the key case laws pertaining to data privacy that have molded the concept of data privacy as a fundamental right in India.

-Team AMLEGALS assisted by Ms. Radhika Agarwal (Intern)

For any query or feedback, please feel free to get in touch with or

Leave a Reply

Your email address will not be published. Required fields are marked *

Current day month ye@r *

© 2020-21 AMLEGALS Law Firm in Ahmedabad, Mumbai, Kolkata, New Delhi, Bengaluru for IBC, GST, Arbitration, Contract, Due Diligence, Corporate Laws, IPR, White Collar Crime, Litigation & Startup Advisory, Legal Advisory.


Disclaimer & Confirmation As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
    • there has been no advertisements, personal communication, solicitation, invitation or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
    • user wishes to gain more information about AMLEGALS and its attorneys for his/her own information and use;
  • the information about us is provided to the user on his/her specific request and any information obtained or materials downloaded from this website is completely at their own volition and any transmission, receipt or use of this site does not create any lawyer-client relationship; and that
  • We are not responsible for any reliance that a user places on such information and shall not be liable for any loss or damage caused due to any inaccuracy in or exclusion of any information, or its interpretation thereof.
However, the user is advised to confirm the veracity of the same from independent and expert sources.