Have you taken a car loan in the last 10 odd years? If your answer is yes, chances are that your name, address, phone, number, bank account number, the name of the dealer, the date of purchase, the loan amount, what car you bought and all other sundry details are available for public to see and buy on a website. It is just crazy how much information is out there on the Excel files meticulously created, compiled and then uploaded on a publicly accessible server.

It is scary, in case you find such things scary. Although most people in India don't mind and rarely care about their privacy. But even the most ardent supporters of "what you have to hide" argument will find the amount of information that is available on the site -- http://cars.indian.net.in .

The data on this site is arranged in various Excel files. Some of these files have dates against them, possibly referring to the year and month when the data was compiled. Some other files are city specific, detailing who all took a car loan in that city and for what car, along with other details.

So exhaustive are the details provided in the car loan database that not only the names and address of the loan taker have been leaked but also the personal phone numbers, what time the car was bought, the person's education and profession, his or her bank account number along with employment details. Not only that, the data even has details of the person who referred the customer for the loan, along with his or her private details.

All of this data, along with more, is also up for sale. "This data has been collated by Infinite Loop Development Ltd. If you wish to have personal details removed from this website, please email info@infiniteloop.ie with the exact url where your details appear. If you'd like to buy this data, it's available for sale for $200 USD. Please email us if you are interested," notes the agency that has supposedly collected the data.

The latest data spill is just one of several we have seen in India in the recent times. Recently, there were reports how Aadhaar data of millions of people was available through a simple Google search because agencies handling this data were careless enough to put them on a server that was publicly accessible and was indexed by Google bots.

Also Read: Bengaluru cops throw privacy out of window, share over 40K phone numbers on Twitter

Where is privacy law?

At the same time, it is a common knowledge that in India phone numbers are often culled or stolen from database held by various companies and organisations and are then sold. There are tens of websites in India trying to sell this data. Some of these companies claim that they have over 1 billion phones numbers in the database they sell.The reason why it is easier for a company to put up exhaustive and private data of Indians up for sale on a website is not just because Indians don't care much about privacy. It is also because in India there is no law that guarantees privacy to Indians and mandates punishment in case of a private data leak or data breach.

Although there has been a lot of debate around the need for a privacy law in India, the government, earlier under the UPA and now under NDA, has shown no urgency in putting together a law that can safeguard the private data of Indians. In fact, the government has argued that Indians don't have a right to privacy.

But the latest car loan data breach shows that India urgently needs a privacy law, especially now when hundreds of millions of people have handed over all their private details, along with biometric data, to government as part of Aadhaar program. The Aadhaar data is also going to be used by hundreds of private and government organisations and in absence of a strong privacy law it is impossible to ensure that agencies and people involved in handling this data will do so carefully.