THE REAL QUESTION IS: ARE WE UNKNOWINGLY HELPING FRAUDSTERS BY SHARING OUR PERSONAL DATA TOO EASILY?
Rs 3000 Crores lost to "Digital Arrest" scams
That was the alarming observation made by the Supreme Court in November 2025. Most of the victims were elderly citizens, but the reality is far more concerning - the younger generation is increasingly becoming a target as well.
Cyber fraud today is no longer limited to sophisticated hacking. In many cases, it thrives on confusion, fear and lack of awareness.
Fraudsters often rely on something surprisingly simple: our personal data.
Every day, we share personal information with multiple service providers - banks, telecom companies, e-commerce platforms, hospitals, educational institutions, and digital apps. While sharing data has become routine in the digital economy, very few individuals pause to ask a fundamental question:
Why is my data being collected, and how is it being used?
Understanding this is crucial.
Personal data in the wrong hands can become a powerful tool for cyber criminals. It enables them to impersonate authorities, manipulate victims psychologically, and execute scams such as the infamous "digital arrest" frauds.
This is precisely why the Digital Personal Data Protection (DPDP) Act, 2023 places responsibility not only on organizations but also empowers individuals.
Protection of personal data is not solely the prerogative of companies. It is equally important for the individual who shares the data - referred to as the "Data Principal" under the Act.
Before sharing personal information, individuals should ask:
- What is the purpose of collecting this data?
- How will the organization store and protect it?
- Who else will have access to this data?
To ensure transparency and accountability, the DPDP Act clearly defines the rights of the Data Principal under Sections 11-14.
These rights empower individuals to:
- Access their personal data held by an organization
- Know the identity of all data processors or service providers with whom the data has been shared
- Withdraw consent at any time
- Raise grievances or complaints regarding misuse of their personal data
In a rapidly digitizing economy, awareness is our strongest defence.
Organizations must strengthen their data protection frameworks. But equally important is citizen awareness about their rights and responsibilities.
Because in the digital age, protecting personal data is not just about compliance - it is about safeguarding trust, security and financial well-being.
CAclubindia
