Companies in India face difficulties due to overlapping cybersecurity laws, with the recent Digital Personal Data Protection Act adding to these challenges. Inconsistencies in requirements across sectors result in higher compliance costs and confusion. Experts advocate for harmonization of laws and a unified regulatory authority to streamline processes and support smaller businesses.
Organizations in India are facing significant challenges due to overlapping and complex cybersecurity laws, including the IT Act, Indian SPDI Rules, and the National Cybersecurity Policy, among others. The recent introduction of the Digital Personal Data Protection (DPDP) Act brings additional responsibilities and potential penalties for data breaches, further complicating compliance for companies. The inconsistencies in requirements, such as certification processes and vulnerability assessments, hinder global and local firms alike in navigating the regulatory landscape.
Experts highlight that the lack of coherence among various laws often results in additional costs and confusion. Jared Ragland, Senior Director at BSA – The Software Alliance, noted that inconsistencies exist not only within a country’s regulations but also among various sectors— spanning power, telecom, and finance- which compounds the difficulties companies face.
Cybersecurity has gained increased governmental focus, leading to a rise in legal mandates from sector regulators. However, industry stakeholders, such as Huzefa Tavawalla from Nishith Desai Associates, call for harmonization in breach reporting requirements amid this growing complexity. A unified governance approach could simplify compliance and reporting protocols, providing clarity to businesses.
Kazim Rizvi of The Dialogue emphasizes the need for a centralized regulatory authority to oversee cybersecurity comprehensively. While larger firms may absorb compliance costs, smaller startups are disproportionately affected by confusion and overlapping laws. Rizvi advocates for a national strategy that encourages a proactive, `security-by-design´ framework to strengthen the overall cybersecurity posture in India.
The fragmented regulatory environment could result in more data breaches and consumer unrest. Furthermore, Mishi Choudhary of the Software Freedom Law Centre suggests that an omnibus legislation is required to address all facets of cybersecurity effectively. Establishing clearer guidelines would not only aid industry compliance but also ultimately benefit consumers and data security.
The article addresses the issues that Indian companies encounter due to the complicated and often overlapping cybersecurity laws. With the introduction of the Digital Personal Data Protection Act and multiple sector-specific regulations, organizations struggle to maintain compliance while facing potential penalties for breaches. The article also discusses insights from experts who argue for the need for harmonization of laws and the establishment of a centralized regulatory authority to mitigate compliance costs and confusion.
In summary, the cybersecurity landscape in India is characterized by its complexity and the overlapping nature of numerous legal frameworks. Experts stress the urgent need for regulatory harmonization and a centralized authority to streamline compliance efforts, particularly for smaller organizations facing operational hurdles. A consolidated approach to governance could enhance data security and foster a more resilient cybersecurity environment in the country.
Original Source: m.economictimes.com
Leave a Reply