Internet and technology are synonymous today with people highly dependent on its usage for work, financial transactions and personal use. The pandemic escalated the use internet in the country especially for fund transfers and online shopping. And the trend continues to grow as more people get digital literate. However, this ease also exposes people to cyber security and privacy issues as data protection is still in a nascent stage in the country. It is a well-known fact that data is the new mineral in the technological world and every business is looking to leverage this.
Cyber and data security have become one of the biggest challenges faced by e-commerce businesses. Security breaches are a common occurrence, however, in Nepal, data breaches remain mostly unreported. This is perhaps because there are no notification requirements for such breach of data placed upon the data controller. Past examples show that no substantial action has been initiated by law enforcement authorities or the users themselves.
Why is protection against data breaches not considered a major part of business investment in Nepal? The answer is (1) lack of awareness among people about the importance of their personal data, and (2) no strict data privacy laws in Nepal.
It is impossible to fully explain the significance of data security in e-commerce, as the application of data evolves quite rapidly. Large consumer data is gathered by online merchants, including transaction histories and personal information. Businesses value this information because it helps them improve their goods and services. It is also used for showing personalised advertisement and automated decision making (often without obtaining consent). Data is similarly important for business competitors or actors of malicious intent. E-commerce platforms are exposed to a variety of risks without strong data security safeguards, including hacking, data breaches, identity theft and financial fraud.
Data breaches can have severe consequences for both businesses and individuals. For businesses, a breach can lead to reputational damage, financial losses and legal liabilities. Customers may lose trust in a company that fails to protect their data, resulting in decreased sales and long-term reputational harm. Misuse of private data of individuals makes them vulnerable to criminal attacks. Moreover, in Nepal, the lack of mandatory reporting requirements for data breaches means that businesses may not be held accountable for their slack security practices, further undermining the incentive to invest in cybersecurity.
To address these challenges and ensure the security of e-commerce in Nepal, several critical steps should be taken:
a. Awareness: The foremost thing is to educate public about the importance of data security and privacy. Individuals should be aware of the risks associated with sharing their personal information online and take steps to protect themselves.
b. Privacy Legislation: Nepal must develop and implement comprehensive data protection legislation that sets clear standards for the collection, storage and use of personal data. Such laws should also mandate the reporting of data breaches, cross-border transfer security and penalties for non-compliance.
c. Digital Security: There should be legislative mandate to adopt minimum security standards, and further e-commerce businesses must also adopt industry best practices for data security like data encryption, regular security audits and employee training on cybersecurity awareness.
d. Government Oversight: Government agencies should play a proactive role in monitoring and enforcing data protection regulations. This includes conducting audits, investigating breaches and imposing penalties on non-compliant organisations.
e. Notification Rights: Individuals should have the right to know how their data is being used and the option to opt out of certain data collection practices. Transparency and consent should be at the forefront of data processing.
All in all, the internet has changed the way we live and direct business, with internet businesses being a huge recipient of this transformation. Nonetheless, the accommodation of e-commerce in Nepal accompanies its own arrangement of difficulties, especially in the domain of information security and assurance. The absence of mindfulness about data privacy and the shortfall of strong regulations in Nepal have established a circumstance where data breaches are not addressed adequately, ultimately presenting threat to organisations and concerned individuals.