Latest news with #DigitalPersonalDataProtection
Mint
8 hours ago
- Health
- Mint
Confidential patient data used as street-food wrappers; hospital fined ₹32 lakh: Are your private medical records safe?
A private hospital in Thailand has been fined over ₹ 32 lakh for negligence. The penalty was slapped after confidential medical records had been found used as street-food wrappers. An influencer named Doctor Lab Panda spotted the papers being used to wrap crispy crepes, locally called khanom Tokyo. The documents showed personal health details. Records of one patient with hepatitis B were also exposed. The social media influencer posted pictures online. The post, made in May 2024, quickly went viral with over 33,000 reactions and 1,700 comments, according to the South China Morning Post. The hospital's name has not been made public so far. On August 1, Thailand's Personal Data Protection Committee fined the hospital 1.21 million baht (more than ₹ 32 lakh) for leaking over 1,000 private medical files. Officials said the hospital had hired a small family business to destroy documents but failed to monitor the process. Instead of destroying them, the contractor kept the files at home and didn't inform the hospital after the leak. This broke Thailand's data protection law, which says hospitals must protect patient information. The contractor was also fined 16,940 baht (about ₹ 49,000). This was one of six cases the PDPC has handled. The law came into full effect in 2022. 'The hepatitis B virus is unlikely to be transmitted through paper. However, we are worried that the paper has passed through who knows how many hands, and the toxins contaminated with the printing ink,' SCMP quoted one of them as saying. Another commented, 'Buyers should boycott shops that use recycled bags like this. Vendors want to cut costs even though they know it is not safe. The medical documents should be shredded instead of being sold.' 'More importance should be given to the personal rights of patients. The hospital should be sued and its licence revoked,' came from another. In June, two big hospitals in North Delhi were hit by a cyberattack. Sant Parmanand and NKS Super Speciality were the victims. At first, it looked like a technical issue. But, later both hospitals confirmed it had been a hacking attempt. Sensitive data like patient records and billing info were accessed. India's patient data privacy is protected by the Digital Personal Data Protection (DPDP) Act, 2023. It requires hospitals and clinics to take permission before collecting or using a patient's health data. The Act says data must be used only for legal and clear purposes. It must be stored safely using tools like passwords and encryption. Patients have the right to see, change or delete their data.
Mint
10 hours ago
- Health
- Mint
Confidential patient data used as street-food wrappers; hospital fined ₹32 lakh: Are your private medical records safe?
A private hospital in Thailand has been fined over ₹ 32 lakh for negligence. The penalty was slapped after confidential medical records had been found used as street-food wrappers. An influencer named Doctor Lab Panda spotted the papers being used to wrap crispy crepes, locally called khanom Tokyo. The documents showed personal health details. Records of one patient with hepatitis B were also exposed. The social media influencer posted pictures online. The post, made in May 2024, quickly went viral with over 33,000 reactions and 1,700 comments, according to the South China Morning Post. The hospital's name has not been made public so far. On August 1, Thailand's Personal Data Protection Committee fined the hospital 1.21 million baht (more than ₹ 32 lakh) for leaking over 1,000 private medical files. Officials said the hospital had hired a small family business to destroy documents but failed to monitor the process. Instead of destroying them, the contractor kept the files at home and didn't inform the hospital after the leak. This broke Thailand's data protection law, which says hospitals must protect patient information. The contractor was also fined 16,940 baht (about ₹ 49,000). This was one of six cases the PDPC has handled. The law came into full effect in 2022. 'The hepatitis B virus is unlikely to be transmitted through paper. However, we are worried that the paper has passed through who knows how many hands, and the toxins contaminated with the printing ink,' SCMP quoted one of them as saying. Another commented, 'Buyers should boycott shops that use recycled bags like this. Vendors want to cut costs even though they know it is not safe. The medical documents should be shredded instead of being sold.' 'More importance should be given to the personal rights of patients. The hospital should be sued and its licence revoked,' came from another. In June, two big hospitals in North Delhi were hit by a cyberattack. Sant Parmanand and NKS Super Speciality were the victims. At first, it looked like a technical issue. But, later both hospitals confirmed it had been a hacking attempt. Sensitive data like patient records and billing info were accessed. India's patient data privacy is protected by the Digital Personal Data Protection (DPDP) Act, 2023. It requires hospitals and clinics to take permission before collecting or using a patient's health data. The Act says data must be used only for legal and clear purposes. It must be stored safely using tools like passwords and encryption. Patients have the right to see, change or delete their data. If any rule is broken, heavy fines can be charged. Hospitals may be fined as much as ₹ 250 crore for 'failure to take security measures to prevent data breaches', as per Indian law.
Economic Times
2 days ago
- Business
- Economic Times
Data privacy law: Digital payment companies, NPCI seek pause on consent clause
iStock Digital payment companies Google Pay, PhonePe and Amazon Pay as well as the National Payments Corporation of India (NPCI) have sought exemption from Digital Personal Data Protection (DPDP) Act provisions that require user consent for each transaction, arguing that this will be too onerous, people aware of the development told mandate will also be applicable on recurring payments and will lead to a rise in cost and complexity, the companies said in submissions to the Ministry of Electronics and Information Technology (MeitY). The issue will be more pronounced in the case of smaller companies and startups, they said. The law hasn't been operationalised yet since rules floated in January for stakeholder consultation are yet to be notified. Representatives of the companies met MeitY in this regard last week. Google Pay, PhonePe, Amazon Pay and NPCI declined to respond to queries. NPCI runs the payment and settlement system, including the Unified Payments Interface (UPI). MeitY did not respond to queries. 'The core of the issue lies in the Act's emphasis on explicit consent for every data processing activity,' said one of the persons cited. 'While seemingly straightforward, industry players argued that the current interpretation and implementation of this clause could significantly disrupt existing digital payment workflows.' Recurring payments such as electricity bills or subscriptions are typically debited automatically after initial permission. Under the DPDP Act's consent requirements, industry's worry is that this will necessitate fresh user consent. 'This multi-level authentication and consent process, while enhancing security, introduces significant friction and incremental costs,' said the person cited. 'Smaller players and startups, in particular, may struggle to bear these costs and adapt their technical infrastructure, potentially hindering their growth and competitiveness.' Also Read: Explainer: Draft DPDP rules 2025 aim to protect citizens' dataThey may also face data flow challenges.'The data processing is going to become all the more tougher for the smaller players if every time they have to get a consent,' said the person. 'It's going to impact the digital data flow. Whereas the larger bigger companies would be able to manage… there would be incremental costs, yes, but they will be compliant. But some of the smaller and newer players will find it tougher.'There also appears to be ambiguity in how the law's provisions are being interpreted by government and industry, leading to uncertainty about compliance, the person original debate over data localisation engendered by the legislation, where the government focused on volume of data and industry on its criticality, foreshadows the current consent-related discussions, experts 17, subsection 5, of the DPDP Act empowers the central government to exempt certain data fiduciaries or classes of data fiduciaries from specific provisions for a specified period. This exemption can be granted through a notification before the expiry of five years from the law's industry is aiming for a time window through this clause to develop and implement alternative solutions that align with the spirit of data protection without stifling digital innovation, according to the companies.'The exemption period is seen as a window for the industry to collaborate with the government and propose viable alternatives that balance data protection with ease of digital transactions,' said the person cited. 'While no concrete alternatives have been finalised, discussions are ongoing, with some proposals reportedly in advanced stages and expected to be discussed in early August.' NPCI view While Google Pay and PhonePe, as market leaders, are seeking relief for their own operations, NPCI's submission primarily advocates for small startups and other industries that rely on the UPI framework. Its concerns stem from the potential impact on a vast ecosystem of smaller businesses that may not have the resources to overhaul systems to meet new compliance financial implications of noncompliance are substantial, with heavy fines stipulated under the Act. This incentivises companies to bake compliance costs into their operational models, which could eventually be passed on to consumers, sources submissions were made toward the end of June or early July, with others following suit after NPCI's initial representation. Elevate your knowledge and leadership skills at a cost cheaper than your daily tea. Can Coforge's ambition to lead the IT Industry become a reality? BlackRock returns, this time with Ambani. Will it be lucky second time? Amazon is making stealthy moves in healthcare, here's why! The trader who blew the whistle on Jane Street Stock Radar: Globus Spirits breaks out from 9-month consolidation; check target & stop loss for long positions Weekly Top Picks: These stocks scored 10 on 10 on Stock Reports Plus These large-caps have 'strong buy' & 'buy' recos and an upside potential of more than 25% Stock picks of the week: 5 stocks with consistent score improvement and upside potential of up to 36% in 1 year
Time of India
2 days ago
- Business
- Time of India
Data privacy law: Digital payment companies, NPCI seek pause on consent clause
Synopsis Payment companies have sought an exemption from Digital Personal Data Protection (DPDP) Act provisions that require user consent for each transaction. The mandate will lead to a rise in cost and complexity, the companies said in submissions to the Ministry of Electronics and Information Technology.
Business Standard
2 days ago
- Business
- Business Standard
ETCISO Announces the 8th Annual Conclave 2025: Redefining Cyber Leadership for the Digital Age
PRNewswire New Delhi [India], August 4: As India grapples with a 47% surge in cyberattacks in 2025, including high-profile breaches affecting major financial institutions and critical infrastructure, cybersecurity leadership has never been more crucial. Against this backdrop, The Economic Times CISO (ETCISO) announces the 8th ETCISO Annual Conclave, taking place from September 18-21, 2025, at the Grand Hyatt, Goa. This year's theme, 'The CISO Imperative: Resilience, Agility, and Strategic Leadership', addresses the urgent need for cybersecurity leaders to drive organizational transformation while navigating an increasingly complex threat landscape. With India's cybersecurity market projected to reach $35 billion by 2025 and new Digital Personal Data Protection (DPDP) Act compliance deadlines approaching, the timing couldn't be more critical. The residential summit will convene 150+ Chief Information Security Officers (CISOs), cybersecurity experts, policymakers, and innovators for four immersive days designed to deliver measurable strategic outcomes. The 2025 edition will offer focused tracks on emerging risks and future-ready frameworks, including: - AI-Powered Threat Defense - Leveraging artificial intelligence for proactive threat hunting while securing AI implementations across the enterprise - Zero Trust at Scale - Building zero trust architectures that support India's rapid digital transformation without compromising agility - Quantum-Ready Security - Preparing for quantum computing disruptions with practical implementation roadmaps - Board-Level Risk Communication - Translating technical risks into business impact metrics that drive C-suite investment - Hybrid Cloud Resilience - Securing complex multi-cloud environments while maintaining operational excellence - Regulatory Mastery - Navigating DPDP Act compliance, RBI guidelines, and emerging cybersecurity regulations - Talent Pipeline Development - Addressing India's 3.5 million cybersecurity skills gap through strategic workforce planning Unlike traditional conferences, the residential format creates an environment for deep strategic thinking and peer collaboration. The event features: - Executive War Games - Realistic breach simulations that test crisis leadership and decision-making - Panchayat-Style Strategic Sessions - Confidential peer exchanges for benchmarking and collaborative problem-solving - Innovation Experience Zone - Hands-on evaluation of emerging security technologies - CISO-to-Board Communication Labs - Practical workshops for effective risk presentation and stakeholder engagement - Regulatory Deep Dives - Expert-led sessions on compliance strategy and implementation Since 2018, the ETCISO Annual Conclave has established itself as India's premier cybersecurity leadership forum, directly influencing national cybersecurity policy and corporate security strategies. In its 8th edition, the ETCISO Annual Conclave continues to shape the future of cybersecurity leadership in India--where strategies are not just discussed, but forged.
