Advocate (Dr.) Prashant Mali's Blog

Online Banking & Credit Card Fraud Advisory !! After listening to plight of sufferers from various online and credit card banking related frauds and handling so many cases of fraud right from Rs. 15 thousand  to Rs. 52 Lakhs, i have humbly by experience come to following conclusion and Advisory 1. Every Net banking users should have two bank accounts 2. One in technology oriented banks like icici, hdfc,axis,yes,sbi etc with online banking option etc 3. One account in any other cooperative bank but balance up to Rs. 100000/- only na d if you want to have more balance at hand Rs. 1 lakh each in different trustworthy cooperative banks. Rest can be in fixed Deposits  [ This is said coz RBI only insures up to 1 lakh i.e if the bank goes kaput up to 1lakh RBI will pay you] 4. In the technology oriented bank maintain only amount needed for handling online transactions as Bill payment or ticketing e.t.c 5. When ever required, money can be transferred to online banking accou

What is Sensitive Personal Data or Information in India ?  [ DATA PROTECTION LAWS IN INDIA ] Sensitive Personal Data or Information though not directly defined in The Section 2 of The IT Act, 2000. But the definition which has force of law is  defined under  the  section 3  of   THE INFORMATION TECHNOLOGY (REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION) RULES, 2011 made by Central Government  In exercise of the powers conferred by clause (ob) of sub­section (2) of section 87 read with section 43A of the Information Technology Act, 2000 (21 of 2000). Section 3 reads as  3.    Sensitive personal data or information. —  Sensitive personal data or information of a person means such  personal information  which consists of   information relating to;― (i)  password;      (ii) financial information such as Bank account or credit card or debit card or other payment instrument details ;        (iii) physical, physiological and mental

Google User Search Logs – Is it Personal Data or Information? Privacy concerns relate to personally information or personal data, that is, as defined in The IT Rules under The ITAct, 2000 i.e “Personal information” means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person. I nformation which can be used to uniquely identify, contact, or locate a specific individual person. Federal privacy legislation protects personal data in a number of contexts, such as health information, financial data, or credit reports. Similarly, the European data protection framework applies to "personal data," defined as "any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by re

Google and Indian Privacy Laws (Part I) Search engines are the most important actors on the Internet today and Google is the undisputed king of search. Google dominates the Internet, guiding users to the information they seek through an ocean of unrelated data with astonishing precision and speed. It is a powerful tool, evoking ambivalent feelings. On the one hand, we adore Google for its simple, modest-looking interface masking a hyper-complicated algorithm, which is the very essence of online ingenuity. We admire it for providing superb services at no (evident) cost, a practical miracle in today's market economy. On the other hand, we grow wary of Google's increasing clout as the ultimate arbiter of commercial success ("to exist is to be indexed by a search engine") and as a central database for users' personal information, not only logging their search queries but also storing their e-mail (Gmail), calendars (Calendar), photos (Picasa), videos (Yo

Your Ultimate Bank Money Stealer is Here..  A new malware is discovered called “Dump Memory Grabber,” which has already been used to steal debit and credit card information from customers using major US banks including Chase, Citibank and Capital One, The malicious code is evidently being installed directly into point-of-sale (POS) hardware (meaning registers or kiosks) and ATMs, and transmitting the harvested information straight out of the magnetic stripes on credit and debit cards - which includes everything from account numbers, to first and last names and expiration dates. How are attackers infecting physical systems? It is your favourite USB drives are the likely culprits, as modern register systems often have accessible ports, as well as direct connections to the Web. The harvested information is then used to produce cloned cards, and they are likely succeeding with the help of individuals with direct access to the POS systems and ATMs - which could include employees.

Denial-of-service (DoS) attack Now all major organizations face DDoS attacks on their public facing servers, mainly banking and finance companies face the most with demands of ransom from attackers sitting in any corner of the world. Old approaches and solutions sometimes seem to not work, but remaining educated about the same(DoS or DDoS Attacks) always helps. What is DoS ? In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer. The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular website into your browser, you are sending a req

ITA Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules 2011 The Personal Information Security Rules were notified in April 2011 and serve as the most comprehensive form of data protection in India. The Rules prescribe procedures and protocol by which body corporate must adhere to. The Rules can be brought in line with the National Privacy Principles through the following changes: 1. Notice Existing Provisions o Privacy Policy: Anybody corporate that collects, receives, possesses, stores, deals, or handles information must provide a privacy policy that provides for clear and easily accessible statements of its practices and policies, type of personal or sensitive personal data or information collected, purpose of collection and usage of such information, disclosure of information, and reasonable security practices and procedures. Rule 4 o During Collection : While collecting information directly from the person