ONE YEAR ADVANCED DIPLOMA IN CYBER SECURITY &
DATA PROTECTION LAWS
SEMESTER – II
1.2.4. DATA PROTECTION LAW IN INDIA
I. Introduction to Data and Data Protection Laws:
- Definition of Data
- Kinds of Data
- Public Data
- Personal Data
- Sensitive Personal Data
- Health Data
- Biometric Data
- Meta Data
- Big Data
- Data Principal and Data Fiduciaries
II. Data Protection Law in India:
- IT Act, 2000 and Data Protection
- Information Technology (Reasonable Security Practices and Procedures and
Sensitive Personal Data or Information) Rules, 2011 (“the IT Rules”).
III. Non-Personal Data Governance Framework ('the NPD Framework'),
- Digital Information Security in Healthcare Act ('DISHA') – Health Data
- central-level and a state-level digital health authority
- privacy and security measures for digital health data
- storage and exchange of electronic health data.
- National Electronic Health Authority 'NeHA' at the central level
- State Electronic Health Authority ('SeHA’) at the State level
- Indian Constitution – Art -21
- Judicial Decisions of Right to privacy and other related rights.
- Right to Privacy, Supreme Court Judgment, K.S. Puttaswamy v. Union of India, 2017 (10) SCALE 1.
- R Rajagopal and Ors v. State of Tamil Nadu [Writ Petition (Civil) No. 422 of 1994],
- Mr X v. Hospital Z [Civil Appeal No. 4641 of 1998].
- Subhranshu Rout @ Gugul v. State of Odisha [BLAPL No. 4592 of 2020],
- Sri Vasunathan v. the Registrar General, High Court of Karnataka and Ors [General Writ Petition No. 62038 of 2016],
- Dharamraj Bhanushankar Dave v. State of Gujarat and Ors [SCA No. 1854 of 2015]
- Aadhar judgment
IV.Emergence of Data Protection Laws in India
A. Personal Data Protection Bill 2019
- Competition Commission of India and Ant trust regulation vis-a vis data protection,
- Sri Krishna Committee report, Existing Approaches to Data Protection, Understanding the Contours of the Indian Approach, Data Principals and Data Fiduciaries, Jurisdiction.
- Conceptual Understanding of Jurisdiction
- Prescriptive Jurisdiction .
- The Case for Data Non-Exceptionalism...
- Putative Bases for Jurisdiction .
- Retrospective and Transitional Application of the Data Protection Law
- A revised operational framework for consent Consequences of such a Framework .
- Enforcement of the Revised Framework.
- Standard of Consent .
- Different Standards for Different Types of Personal Data Processing .
- Consent Dashboard and Avoiding Consent Fatigue.
- Consent and Contractual Necessity
- Protection of Children‘s Personal Data
- processing of child’s personal data in the GDPR.
- The consent to the processing of child’s personal data.
- The methods to verify the legitimacy of the consent in the GDPR.
- The different juridical regimes of the consent to the processing of personal data and of the consent concerning contracts in relation to a child.
- The profiling of child’s personal data. –
- Identification of guardian data fiduciaries
- Who is a child
- Barred Practices.
- Regulatory Approach .
- Community Data.
- Entities to which the Law Applies.
- Obligations of Data Fiduciaries
- Amendments to the Aadhaar Act.
- Amendments to the RTI Act.
- SDPI (Sensitive personal Data or Information Rules 2011
- NON-CONSENSUAL PROCESSING , Non-Consensual Grounds for Processing, Functions of the State, Compliance with Law or Order of Court or Tribunal
- Exemptions... Security of the State. Prevention, Detection, Investigation and Prosecution of Contraventions of Law.... : Enforcement
A. Structure and Functions of the (Data Protection Authorities)
B. The Regulated Entities: Classification and Obligations..
C. Data protection authority of India DPI
D. Government Data and risks to personal data
a. Special categories of personal data
b. Individual rights in processing personal data
c. Restrictions on International Data transfers,
E. Data Security and Data Breach
F. Privacy and Electronic Communications (EC Directive) Regulations (PECR) 2003
G. Objective and broad scope (email, phone, SMS, automated calls, robocalls)
- Provisions relating to electronic marketing communications
- ICO Guidance on direct Marketing and Direct Marketing Commission Code
- DMA telephone preference services
- ICO services to the public- Reporting complaints and concerns Penalties for Data breach,
- Privacy notices, Subject access , Employment practices, CCTV, Data protection impact assessment.
1.2.5. CYBER SECURITY AND FORENSICS
This paper emphasises on Advance concepts of Cyber Security and Data Protection with practical orientation with help of Digital Evidence Retrievals and Analysis Systems (DERAS)– A Virtual Lab.
The primary purpose of the DERAS LAB is to equip enrolled student’s with the knowledge, skills, and abilities to properly identify and seize digital evidence. Through a combination of lecture, demonstration, hands-on exercises, labs, and a practical exercise investigators learn how to seize digital evidence from a personal computer (PC) and notebook computer hard drives, floppy diskettes, compact disks (CDs), DVDs, thumb drives, various flash media, Cloud databases, Dedicated Servers, Virtual Data Storage Platforms etc. acquiring forensically valid images for digital evidence and retrieval processing.
Scientifically Authenticated Evidence determines legal proceedings immensely, In recent time’s evidence emerge from IT and ICT utilization’s as well, hence students of the course should understand the following
- Digital formats of data storage media
- The internal architecture of the existing Storage Medias
- Data storage mechanisms on Digital Domain’s (DD)
- Data retrieval process both deleted and prevalent memory structure’s
- Analyzing the process of retrieved data etc.
I. Network and Cyber Security
- Network Security Model, Network Security Threats
- Firewalls: Overview, Types, Features, User Management
- Intrusion Detection System, Intrusion Prevention System
- Public Key Infrastructure, Digital Signature Schemes
II. Internet and Web Application Security
- Email security: PGP and SMIME
- Web Security: Web authentication, Injection Flaws, SQL Injection
- Web Browser Security
- E-Commerce Security
- Wireless Network Security
- Wireless Network Components
- Security issues in Wireless Networks
- Securing a Wireless Network
- Mobile Security
III. Understanding World of Deep and Dark Web
- Understand the complete working, terminology and be able to have a complete understanding about the Deep/Dark web.
- To access the Deep web as well as the Dark web with Complete Ease and total security.
- To visit some advanced and famous websites located on the Hidden Web(Deep and Dark Web).
- Understanding Working, Trading, Buying, Selling as well as Mining CRYPTOCURRENCIES.
- About the Dangers as well as precautions to be taken care of while surfing the Web.
- Use Darknet Email services.
- Anonymously access the dark net and TOR hidden services (onion services)
LAB SESSIONS: - DIGITAL EVIDENCE RETRIEVALS AND ANALYSIS SYSTEMS (DERAS)
DERAS Lab tools:
1. Linux Based VAPT tools
DEFT: Digital Evidence Forensic Tools Kit (Kali Linux)
Disk Identification/spacing/structuring tools
- mount /dev /sdb1 /home/urmika/moun
- unmount moun
- dd if = /dev/sdb1 -of = /sdb1.iso
- ddrescue /dev/sdb1 /home/urmika/rescue.iso
Hashing tools :
- md5sum /dev/sdb1 -> md5.txt
- sha1sum /dev/sdb -> sha1.txt