THE GIST of Editorial for UPSC Exams : 26 March 2020 (Leakage of medical details (Mint))

Leakage of medical details (Mint)

Mains Paper 3:Security 
Prelims level:  Cyber security
Mains level:Challenges towards Cyber security

Context:

• The report by a German cybersecurity firm that medicaldetails of millions of Indian patients were leaked and arefreely available on the Internet is worrying.
• Associated risk of the breach: 
• Medical details (inmillions) of Indian patients has the potential to be minedfor deeper data analysis and for creating profiles thatcould be used for-social engineering, phishing, onlineidentity theft, other practices that thrive on theavailability of such data on the Darknet.

CLICK HERE FOR FULL EDITORIAL (Only for Course Members)

Reason for the availability of this data: 

• Absence of anysecurity in the Picture Archiving and CommunicationsSystems (PACS) servers used by medical professionals;Server to have been connected to the public Internetwithout protection.

Key analysis in detail:

• Public data leaks have been quite common in India —from government websites enabling the download ofAadhaar numbers to electoral data rolls beingdownloaded in bulk, among others.
• India still lacks a comprehensive legal framework toprotect data privacy, unlike the data protectionregulations in place in the European Union and in theU.S.
• The Draft Personal Data Protection Bill 2019 is still to betabled but could enable protection of privacy.
• The draft Bill follows up on the provisions submitted by acommittee of experts chaired by Justice B.N. Srikrishnato the Ministry of Electronics and Information Technologyin 2018.
• The committee sought to codify the relationship betweenindividuals and firms/state institutions as one between“data principals” (whose information is collected) and“data fiduciaries” (those processing the data) so thatprivacy is safeguarded by design.
• While the 2019 version of the Bill seeks to retain theintent and many of the recommendations of the JusticeSrikrishna committee, it has also diluted a few provisions.For example, while the Bill tasks the fiduciary to seek theconsent in a free, informed, specific, clear form (andwhich is capable of being withdrawn later) from theprincipal, it has removed the proviso from the 2018version of the Bill that said selling or transferringsensitive personal data by the fiduciary to a third party isan offence.
• There are other substantive issues with the Bill pertainingto the situations when state institutions are grantedexemption from seeking consent from principals toprocess or obtain their information.

CLICK HERE FOR FULL EDITORIAL (Only for Course Members)

Way forward:

• Considering the manner in which public data are beingstored and used by both the state and private entities, acomprehensive Data Protection Act is the need of the hour.

CLICK HERE FOR FULL EDITORIAL (Only for Course Members)

Online Coaching for UPSC PRE Exam

General Studies Pre. Cum Mains Study Materials

Prelims Questions:

Q.1)With reference to the usage of modern contraceptives, consider the following statements:
 

1. A new method of IUCD insertion immediately after delivery i.e. post-partum IUCD (PPIUCD) has been introduced in 2010.
2. Clinical Outreach Teams (COT) Scheme has been launched in 146 Mission ParivarVikas districts wef December 2017 for providing family planning services through mobile teams from accredited organizations in far-flung, underserved and geographically difficult areas.

Which of the statements given above is/are correct?
(a) 1 only
(b) 2 only
(c) Both 1 and 2
(d) Neither 1 nor 2

Answer...........................................

CLICK HERE FOR FULL EDITORIAL (Only for Course Members)

Mains Questions:
Q.1) Describe the major highlights of the data threats by leakage of medical details?