DATA BREACHES DEMYSTIFIED: HOW THE EXCLUSION OF PSEUDONYMIZED DATA WEAKENS INDIA’S DATA PROTECTION LANDSCAPE

This research paper delves into the limitations of Section 3 of the Information Technology Act, 2000 (IT Act) of India concerning the definition of “personal information.” While the section effectively protects identifiable data, it fails to encompass pseudonymized data, creating a vulnerability in the legal framework. This gap potentially exposes individuals to security breaches and unauthorized use of their personal information. The paper explores the concept of personal information, analyzes the shortcomings of Section 3, and examines the implications for data security. It further proposes solutions, including legislative amendments and best practices for data controllers, to address this critical issue.