Your personal information is already up for sale, and there's little you can do about it

In today's world, data is everything. Data points are, by themselves, meaningless. But with context, a little bit of correlation and access to enough computing power, you can paint a picture of the world in more detail than you ever thought possible. With enough data, you might even predict the future.

Data can be used for both good and bad. In a country that’s only recently taken its first steps towards its digital future, an understanding of the dangers, as well as advantages, of this digital world is paramount.

Your data is already up for sale

Putting these dangers into stark relief is a recent investigative report by The Economic Times where the publication discovered that the personal data of lakhs of Indians is available for the asking.

The investigation, conducted over many months, revealed that “creative and granular” data on up to 1 lakh people can be had for as little as Rs 10,000 to Rs 15,000. That works out to around Rs 2 per dozen, even bananas are more expensive.

Bananas 720

Your digital life can be worth less than these bananas.

ET reveals that the data they purchased from these brokers was very personal in nature. The expected details like residential address, phone number and email address were leaked, but details on marital status, purchase history (on Amazon and eBay), income, profession, etc., were also leaked.

Logically speaking, if the data is sold for so little, its value must be as limited. But this isn’t necessarily the case. The bulk of the data will be used by companies for profiling customers, by agents harassing you to take loans and more. Google, Facebook, Amazon and the like do the same on a much larger scale for a similar, but arguably less intrusive purpose: Ads.

The real danger is identity theft and fraud. Despite the incessant warnings from banks, you’ll be more willing to hand over your personal data, including CVV and OTP numbers, to someone on a phone if they appear to know more about you than the average scamster.

Online-payment-credit-card-deals-shopping-ecommerce-Tech2-720

What if someone were to call you saying that they were from your bank and that there was some trouble with a specific phone you bought on eBay on 28 February? You’d be perfectly willing to accept that they’re legitimate. If they tell you that the transaction failed and that they’ll need your CVV and OTP to reconfirm, you’re likely to hand over those details without a second’s hesitation.

You might believe that you’re smarter than this, and it might even be true in some cases, but the average person will be caught out. How many times have you asked a cop for his badge or a ticket collector for his ID? An implicit faith in the “system” is but natural in any society.

In India, this “system” for the digital world just doesn’t exist. People are wary, they don’t trust it yet. Demonetisation forced this on an unwilling public.

Today, it’ll be easier for the average Indian to spot a fake cop than it will be to spot a digital scamster. You can’t protect yourself against a threat you don’t even know exists.

Big data is about the little things

The thing with big data is that it’s about the little things: What you purchased, how much you spent, the type of card you used, the brands you prefer, etc. All these little things add up.

The data that ET gathered was sourced from agents working for banks and telcos, from merchants selling off their customer data, from copy machine operators keeping digital copies of documents and more.

10 years ago, you could be assured of a reasonable level of data security simply because it wasn't so easy to share data. Sharing one lakh, curated data entries would literally involve one lakh pieces of paper and vast filing cabinets. Today, it's an excel file away. The type of data we're giving out has changed, but not by much. The only thing that's new today is a request for your email ID and, in the case of Aadhar, your biometric data.

And anyway, why would you worry about giving out your email ID when your Facebook profile is open to all?

Professional data mining firms in western markets even gather information from PoS (Point of Sale) machines and relates the data to more data pulled from publicly available social media profiles. We’re yet to achieve such heights of data mining prowess, but I’m sure we’ll get there eventually.

Mastercard credit debit card 720

The collection of this data in India isn’t regulated and we have experts who have told us that data privacy is still largely a legal grey area in our country.

Reports suggest that since demonetisation, we’ve seen a 400-1000 percent increase in digital transactions. Others suggest that digital transactions have grown by 25 percent monthly since November.

Digital payment platforms like PayTM and FreeCharge have seen unprecedented growth since then.

Banks are also reporting an increased use of credit and debit cards and everyone is falling over themselves to get us onto their platform.

20 days after demonetisation, we saw the number of new bank accounts surge by over 30 lakh.

A man counts Indian rupee banknotes after withdrawing them from an ATM in Agartala, India REUTERS/Jayanta Dey

A man counts Indian rupee banknotes after withdrawing them from an ATM in Agartala, India. Image: Reuters

Where do you think all of that data is going? I’m sure that banks and digital wallet services will have watertight legal agreements allowing for this (Do you read the terms and conditions?), and who’s monitoring the third-party agents who are freely walking around with all this data?

I know for a fact that the number of calls I’ve received asking me if I want a loan or a credit card have gone up since I opened a new bank account. These callers know my name, where I work and my designation, and these callers are not affiliated to any particular bank.

Can I do something about it? Of course not. My data is already out there and circulating among untold numbers of “agents” whether I want it to or not.

For me, this is a minor irritant, but it can get worse. And, I suspect, many of you are in the same boat.

Educate the masses

This data can be used for money laundering, identity theft, running scams and worse. It’s out there, whether we wish it or not and there is little that we can do about it. We’re also fast moving towards a fully digital world, which is, for many, uncharted territory.

At the very least, the need of the hour is an extensive awareness campaign that highlights the need for vigilance and the importance of protecting essential data.


Published Date: Feb 28, 2017 01:52 pm | Updated Date: Feb 28, 2017 01:52 pm