Amazon India had left exposed the tax reports of some sellers to others on its platform and although the company had rectified a technical glitch which caused it, it had exposed a lot of information to others on platform.
Sellers downloading their monthly financial reports (data of their sales through Amazon.in) were served with those of other vendors, leading to a breach of competitive businesses data.
On Wednesday, Amazon India said the glitch affected a “minuscule number” of the 4,00,000 sellers on its platform had been rectified soon after sellers flagged it.
According to Economic Times, in an incidence happened last Sunday, a merchant who sells smartphone accessories on Amazon logged onto the platform to download his tax report for December, and found that the inventory reflected in it did not tally with what he had sold. Upon closer inspection, he realised that the GST number on the report was not his.
All this while, the unsolicited exposure of a Amazon India’s data has almost frightened its users. The merchant tax reports, that were accidently passed on business data of sellers/merchants to other unintended merchants/seller which are in fact competitors. The leaked data included sales, category-wise split and inventory data. If found by rival seller, this could prove to be of material value to them and detrimental to the merchant/seller whose data was outed, experts said.
No “Data Privacy” Rule for Compensation
Of late, it was reported that food startup FreshMenu had also faced a data breach that left exposed the personal details of 110,000 users and top of it the company stubbornly admitted to the breach only after two years.
At the moment, India do not have a provision for a user, whose data has been exposed, to recover damages from companies responsible for this. A section in the draft Data Protection Bill, which is undergoing consultations and pruning, however, lays down directives for early disclosure of leaks and a mechanism to try cases pertaining to such lapses.
In the proposed Data Protection Bill, which is likely to be moved in Parliament in June, it has been proposed that if a company’s customer data is breached, it is liable to a penalty of 4 per cent of its global revenues. Criminal liability has been proposed too.