#ParliamentUpdate: Report of the Standing Committee on Finance

The Parliamentary Standing Committee on Finance 59th Report on “Cybersecurity and Rising Incidence of Cyber/White Collar Crimes” was presented to both houses of Parliament on Thursday i.e. July 27, 2023.

The report highlights the alarming rise in cybercrimes and financial fraud, sharing that the volume of financial crimes had gone up to 6.94 lakhs in 2022 from 2.62 lakhs in the financial year 2021-2022.

The committee recommends:

:point_right:a more dynamic regulatory framework

:point_right:a centralised “Cyber Protection Authority” (CPA)

:point_right:expanding the scope of consumer grievance redressal mechanisms

:point_right:strengthening enforcement capabilities

:point_right:global coordination and collaboration

The Committee recommends a ‘multi-pronged approach’, led by the CPA to mitigate cyber-risks, including:

:point_right:investments in robust cybersecurity infrastructure

:point_right:training programs to raise awareness

:point_right:regular audits to identify vulnerabilities & ensure compliance

IFF wrote to MP Jayant Sinha, Chairperson of Standing Committee on Finance, regarding a briefing by representatives of the Reserve Bank of India, Indian Banks Association, National Payments Corporation of India and Cert-In on ‘Cyber Security & the rising incidence of cyber/white collar crimes’.

We raised 2 primary issues for consideration:

:point_right:CERT-In Cyber Security Directions which raises concerns around state sponsored surveillance, data retention, increased compliance burden, and privacy, especially in the absence of a data protection law.

We recommended revisiting such overly broad provisions & consulting with technical & cyber security experts & civil society organisations.

:point_right: Section 43A of the IT Act, 2000: Only allows compensating users in case of negligent handling of sensitive data (& not personal data).

It also forbids the adjudication of a dispute where data in custody of the Government is breached. In this way, we are not holding a very important organ accountable for ensuring safekeeping of our data. We encourage the committee to take these matters into account as well.