GST: Security Issues Plaguing India’s Latest Tax Reform

CERT-LatestNews ThreatsEconomic ThreatsStrategic Uncategorized


India ranks 23 among 165 countries on Global Cybersecurity Index (GCI), which has been released by the International Telecommunication Union (ITU)—the telecommunications agency of the United Nations (UN). The body says more effort is needed in this extremely critical area. The GCI basically measures a host of factors to reach its findings such as key areas of organizational, technical, legal, and international cooperation.

Moreover, India’s biggest ever data breach has been reported recently in which personal data of over 100 million customers got compromised. Leaked ultra-sensitive information included personal customer details, such as names, date of activation, mobile numbers, email addresses, etc.—all of which were reportedly found on a little heard website. In some instances, the Aadhaar or Unique Identification Number was also leaked. Despite the company in question assuring customers of high levels of data security, the organization has filed a written complaint alleging that its systems were unlawful accessed.

However, the phenomenon is not only restricted to the company. There have been umpteen reports of personal details of Aadhaar holders getting disclosed and even published online. It is a precarious situation. The alarming developments have prompted calls for India to adopt and install laws and mechanisms to protect citizens from data breaches. As India moves towards digitalization, government must wake up to its duty of protecting the citizens and their interests. Initiatives such as demonetization and GST rollout will fail if not aided by robust data security systems.

Huge scale of GST rollout and implementation

Super sensitive details are being loaded on the Goods and Services Tax (GST) Network or the GSTN where besides personal details, there are a number of financial and legal details. According to figures, India has around 50 million SMEs and 3100 startups. The GSTN will produce 5 billion invoices a month; moreover, there are 15 million retailers which need to digitize sales. The scale is huge. However, all this seems to be at risk, looking at the level of data security which exists in India. A big question mark hangs over everything that is online. Besides wilful crime and hacking, there is the danger of data crash. What happens in the event of data getting destroyed?

The GSTN is the nodal agency which is responsible for providing IT infrastructure and services to Central and State Governments, tax payers and businesses. With sensitive details on the network, India must have a strong data security system to ensure protection of data and tax-related information. The system needs to have adequate stability and backup. Moreover, big fintech companies such as SAP, Microsoft, Deskera are luring enterprises with GST-compliant software. They will also have to ensure data security at their end. In case the government lacks the required infrastructure, it should take help from such big companies as far as data storage infrastructure and accountability is concerned.

Why should businesses and enterprises consider GST data sensitive?

Data security is of importance for everyone, particularly businesses and enterprises. Leakage of data from the network could lead to great harm for them. For example, if invoicing details get disclosed, the outcome can be damaging for an enterprise, since the invoice includes the item cost. If your competitor comes to know of it, it could be a big setback for businesses. Plus, there are other aspects. Therefore, the GSTN information must be protected through adoption of the best possible security systems and practices to prevent data breaches from taking place.

Companies in the European Union (EU) have stringent data protection standards. In comparison, Indian organizations do not follow the same standards and practices. This raises obvious questions about accountability as well as security. Looking at the current state of affairs, there is little reason to believe sensitive information would not get leaked. Regular reports of data breaches from private bodies as well as the government are not reassuring in the least. Departments and ministries have often been found to be lackadaisical and apathetic as far as data security is concerned. This has resulted in leakage of names, numbers, addresses, bank account numbers and details, etc.

Worrisome data security standards in India’s Information Security Systems

Though the Indian government is pushing digital governance and cashless economy, there is little assurance on account of data protection. Protection of official, private and classified data has to be of paramount importance for any establishment. The government has to consider digital risks as high-priority and effective steps must be taken to restore the people’s faith in our systems. Image of Digital India receives a setback when the common man is inundated with reports of data breaches, debit card forgeries and cyber-attacks.