August 3, 2015

Data Privacy

According to Forrester – ‘Privacy is a game changer; it will be to organizations in 2016 what websites were to companies in 2000’.

What is Data Privacy

Data Privacy is all about giving a person certain rights over his/her Personal Information. For eg, Informing the person about what is being done with his/her personal data, how it is being used, getting consent for such usage, whether it is being shared with an external party, whether it is being sent to a different country, how it is being protected, etc.

Do note that protection of the data is just one right amongst the host of rights mentioned above. That is known as personal data protection – and is often confused with data privacy as a whole.

How is Personal Information defined?

Personal Information is essentially any information that can be used to identify an individual. This includes demographic data, identity data, financial data, health data, etc. Today this definition has been expanded to also include data like online identifiers (data elements that get captured while a user is online), device identifiers (from a user’s device), location data, IP addresses, etc – in short, a host of technical information that doesn’t easily come to mind when one thinks of Personal Information

This expanded definition of personal information coupled with the pace at which the world is digitising has catapulted the need to implement privacy in an organization to an urgent & imperative need.

Data Privacy in Indian Organizations

The common – and mistaken – perception is that there is no law for Data Privacy in India. While India may not have a comprehensive data privacy law, the basic principles of privacy for organizations is covered under the rules for sensitive data protection under Section 43A of the Indian Information Technology (IT) Act. And the liabilities for any breach includes for civil and criminal penalties. So organizations in India need to comply.

Moreover, those organizations dealing with Personal Information of individuals in any other country – directly or indirectly – come under the purview of that country’s data privacy laws. And almost every country in the world has a law around data privacy. Hence it is imperative for all organizations in India to look at Data Privacy seriously.

And it is not true that Data Privacy is restricted to large organizations alone. We recently worked with a 40-people strong company to develop their privacy policy. They needed to get it done as their client – a large multinational – was demanding one to continue doing business with them.

Data Privacy Consulting at Arrka

Arrka is one of the pioneers in this domain in India. We have been providing services in Data Privacy for the last four years and have a dedicated team of consultants who specialise in the domain. We have had the privilege of working with the regulator (DSCI) in this domain and also helping one of the largest organizations in India implement their privacy program. We have also set up the Arrka Privacy Testing Centre that provides privacy testing & assessment services for Mobile Apps.

Some of the services we offer are:

  • Privacy Policy Development: Developing a privacy policy is the first step for an organization in its privacy journey. We help organizations develop their privacy policy taking into account the personal information they deal with, the geographies (and hence the laws) that they are exposed to, their business context, their digital initiatives & exposure, etc.
  • Personal Information Identification & Definition: While this may seem like a straightforward activity, it often is not so. Given how the definition of personal information is evolving, organizations often have to do a detailed discovery process to precisely identify the complete list of PI they deal with
  • Personal Information Mapping: Once Personal Information has been identified, the next critical and humungous task for an organization is to map this personal information across the organization and its external third parties. Where does it reside, who has access to it, who controls it, how does it flow, what kind of processing is done with it, what is it used for, etc. Without this map, an organization cannot implement privacy controls – which are required to implement its privacy policy
  • Privacy Program Implementation: Once the above base is built, the actual privacy policy needs to be implemented and rolled out. We work with organizations in doing this.
  • Privacy Testing of Mobile Apps: This is a specialised offering from Arrka – via our Privacy Testing Centre. Mobile apps throw up their own unique

 

Data Privacy Training at Arrka:

We are the first and only accredited training provider for privacy by the Data Security Council of India (DSCI) for their flagship Privacy certification – DCPP (DSCI Certified Privacy Professional).

We provide the following training programs for privacy:

  • DCPP Boot Camp: This is a 3-day intensive workshop designed to equip individuals to take the DCPP certification exam. For upcoming boot camp details please drop an email to privacy@arrka.com for details.
  • Workshop on ‘Introduction to Data Privacy’: This is a one-day introductory workshop for individuals who want to understand what Data Privacy is all about, what is its relevance to their organization – especially from the Indian context. The program is offered as an in-house program for enterprises as well as an open program. For upcoming workshops on ‘Introduction to Data Privacy’ please drop an mail to privacy@arrka.com for details.

In addition to the structured programs above, we offer specialised, customized training and awareness programs addressing specific requirements of enterprises.

For further details, write to privacy@arrka.com