Naavi.org

To

All Professionals in Privacy and Data Protection any where in India

IDPS 2024 the flagship event of FDPPI is no ordinary event. This is a “Knowledge Extravaganza”. The event focusses on more than 12 hours of intense discussions on Data Protection in India, EU and US with special reference to AI and Robotics.

The event is also further enriched with multiple Focussed Group Discussions on Impact of DPDPA 2023 on Advocates, MSMEs, DPOs and Data Auditors.

There will be many goodies on offer…like

During the Conference:

1. 20% discount on Delegate fee for Members of FDPPI
2. 10% to 20% -Special discounts for Members of other professional organizations.
3. Free Download of a E Book on Data Protection contributed by FDPPI members
4. CPE credit Certificate for 12 hours

During and after the Conference upto 31st December 2024

1. 10% discount for  certification programs
2. 5% discount for direct entry to C.DPO.DA. examination.
3. 20% discount on “Guardians of Privacy….Comprehensive handbook on DPDPA 2023 and DGPSI” by Naavi
4. 20% discount on the to be published “DGPSI-The perfect prescription for DPDPA Compliance” by Naavi

With all this the delegate fee is a pittance of Rs 1500/- for virtual attendance and Rs 3000/- for physical attendance. Over and above this, you may have the discounts.

Probably many of you think FDPPI is crazy to price this conference at this price and not at say Rs 10000/-. which could have been an optimal pricing. We have no regrets. FDPPI considers the difference of Rs 7000/- per delegate as its contribution to the society.

In this context, there is no excuse for any professional claiming to be interested in Privacy and Data Protection in India not to register for this program at least virtually. There are many delegates who are travelling from as far as Delhi at their cost to be present in the program physically. Hats off to their commitment. But others can surely attend virtually. Even if you cannot attend for the entire day, do register since you will be able to get all the benefits including limited time access to the recorded proceedings.

KLE Law College has a huge facility but we want it to be stretched… Will Privacy Professionals respond?

Naavi

One of the much discussed aspects of Privacy is the use of AI technology in surveillance. For law makers, it is always a challenge to balance the needs of surveillance for security purposes vs the ethics of avoiding privacy infringement. CCTV cameras on the road or in large premises can often be source of privacy infringement since the footages can be linked to a facial recognition system  and cause infringement of privacy.

Laws often provide exemptions in privacy laws for law enforcement agencies for surveillance. In India, Any instrumentality of the state is exempted from the provisions of DPDPA in the interests of sovereignty and integrity of state etc including “Maintenance of Public Order” or “Preventing incitement to any cognizable offence related to national security or public order.

But these exemptions are not available for private sector organizations who may use similar surveillance to protect corporate assets. In most cases software service providers may have easy access to the data from the law enforcement agencies either with their knowledge or otherwise.

CCTVs are also used by private sector in their offices and factory premises and in these organizations the justification has to be built on “Security” of the enterprise. Most of the gated communities use CCTV and Visitor Entry systems where the facial identity of the individuals is captured by the security agencies as a routine. In such instances, use of AI to identify people both from facial recognition as well as other behavioural factors such as gait recognition is an interesting challenge to the DPO.

The pictures collected for Visitors in most cases are good enough to be used with AI for a successful KYC in any Banking systems.  Hence these close range pictures are highly risky from the privacy perspective and leaving it in the hands of security agencies is a matter of concern.  The DPOs have very little controls of misuse in such cases.

Normally, the physical security managers who monitor CCTV or Visitor management  are not part of the Information Security system. They may report to facility managers and not to CISOs.

Recognizing the importance of “Electronic Vigilance” and impact on Privacy, it is time for organizations to think if they are sufficiently involving facility managers in their Information Security management team or involving their CISOs and DPOs in facility management.

Most information security standards do recognize the physical security aspects such as Power systems, AC ducts, Lift systems,  etc along with the network of CCTV are part of the overall Information Security systems. But most of these stop at looking at past CCTV footages when a crime is committed and identifying criminal actions.

With the advent of AI it is now possible to identify a suspected behaviour in real time and prevent occurrence of a crime. Common sense says that there should be no disagreement in using technology to enhance security in a corporate premises or a gated community.  But Privacy professionals may have an objection to the behavioural monitoring without consent and taking some automated decisions that could cause harm to data principals.

Currently, CCTV capturing is done with just a notice pasted on the wall. The Visitor Management systems may not have specific electronic consent built into the system. Hopefully some of the developers of this system may be building in such consents on the screen.  There are many security managers who even collect Aadhaar Cards or PAN cards and hold them in safe custody for return of the visitor badges issued. The DPOs of such organizations need to recognize the risk of the security personnel misusing the temporary custody of the document. Similarly all hotels collect copies of such documents and retain it for a long time even after the person checks out.

While it is perfectly justifiable to collect identity documents, make analysis of available data for security purpose, the organizations need to have adequate security measures to prevent misuse. Developing appropriate policies, creating awareness and training of the manpower are therefore as big a challenge as preventing Phishing and Ransomware attacks.

DPOs need to focus on such Electronic Vigilance systems in the post DPDPA scenario.

Naavi

To

All Information Security Auditors

From Naavi, FDPPI

Dear Friend

This communication is for all of you who are professionals in the area of Information Security. I trust many of you are certified for your expertise from various organizations.

You could be a Lead auditor for ISO, You could be a PDPSE or CISA from ISACA, You could be a CISSP certificate holder . You could also be a IAPP or DSCI certified Privacy professional.

You could also be a Chartered Accountant or a Company Secretary or a Cost Accountant and member of CMA and advising and auditing your clients on various aspects of business.

It is my pleasure to invite you all for the two day event of FDPPI at Bangalore on 30th November and 1st December 2024.

This is the flagship event of FDPPI and the fifth in the series started in 2020. This year our co-organizer is KLE Law College and the event will happen in their auditorium at Ullal, Bengaluru.

This is a premier international event with speakers from India and abroad sharing their views on Privacy and Data Protection in the era of AI and Robotics. The legal aspects of DPDPA in India, EU Ai Act in Europe as well as many of the recent laws in USA are being discussed by professionals.

There is a special focussed session directed to Data Auditors which is a new profession emerging in India consequent to DPDPA 2023.

In this session we will discuss the concept of Data Auditors as envisaged in DPDPA 2023 and what are the professional opportunities in this domain.

We will also discuss how the those who are currently in different audit professions can add Data Audit to their portfolio. This will be a unique session which could provide you new insights to the emerging opportunities.

Please look at the full details of the conference available a www.idps2024.in.

This is an event which you cannot miss. Register today and book your presence. It will be our pleasure to meet you all and exchange professional thoughts. If you are not able to attend physically, explore attending virtually since this is a hybrid event.

Regards

Naavi

IDPS 2024 is an annual event which every Data Protection Professional looks forward to in India for knowledge enhancement. This year the main theme is “AI and Robotics” and their impact on Privacy.

At this time, I would recall that in IDPS 2023, as well as in IDPS 2022, we had discussed “Emerging Technology” and its impact on Privacy.

For example, even in 2022, we had a panel discussion on Emerging technologies and Challenges , a link to which is available here

Has anything changed this year? Has the technology advanced further?

We have new generation of LLMs and new versions of humanoid robots. Some of these robots have been operationalized in India as well. New laws such as EU AI Act are emerging. US is struggling to find a solution to a federal AI law. The Quantum Computing has made more progress and the threat of our crypto systems being broken is closer to reality than earlier. Neuro rights which we started discussing in IDPS 2022 now finds an expression in California and Colorado laws of data protection. India itself which was discussing a Digital India Act appears to have slowed down its initiatives on the laws for new technology

IDPS 2024 has planned several Keynotes and Panel discussions and even a master class on AI to discuss the current developments in AI in EU, US and India.

It should be interesting to also discuss the use of humanoid robots in the Indian scenario and we hope to have some interesting discussions on the same.

The IDPS 2024 looks to be an exciting two days which Data Protection Professionals should not miss.

Checkout at www.idps2024.in and register today.

Naavi

November 30 and December 1, KLE Law college auditorium in Ullal, Bengaluru will host IDPS 2024 (Indian Data Protection Summit 2024), the premier Data Protection Summit in India.

Several international speakers will be participating both physically and virtually and along with other speakers from India will discuss several topics around “Challenges of AI and Robotics on Privacy”.

www.idps2024.in has full details

During the occasion, FDPPI will be honouring some professionals with Awards. Some special Focussed group sessions are planned for different segments of processionals like Advocates, MSMEs, DPOs, and Data Auditors. A master class on AI is also planned.

Professionals will get 12 CPE points and a participation certificate after the event (softcopy).

The participation is available both physically and virtually.. with an unbelievable price of Rs 3000/- per delegate for physical presence and Rs 1500/- per person for virtual presence.

The notional financial value of the participation as per Data Valuation Standard of India could be over Rs 24000/-

FDPPI and KLE therefore are together contributing to the society more than Rs 20000/- per delegate as their social commitment.

Those who donot use this opportunity can only blame themselves.

Register today

Naavi

DTS or Data Trust score is a derivative of DGPSI the unique framework developed by FDPPI. After an auditor audits the DPDPA compliance system of an organization, the auditor also simultaneously generates the Data Trust Score for the enterprise which reflects the maturity of implementation of DPDPA Compliance. This is a conversion of subjective assessment of the auditor into an objective score.

The organization is free to use this score either to improve itself or to disclose it to its customers to enhance their confidence.

In addition, DTS can be used as an “Insurability Index” at the time of seeking insurance against the liabilities of DPDPA and for negotiating the premium for the insurance policy. Similarly when there is a claim, DTS can be used to negotiate the Claim with the insurer.

Additionally, since DGPSI is a process based implementation in the enterprise, DTS can be calculated for each process separately. When a certain process represents a “Product”, “Service” or an “AI algorithm”, the DTS allocated to the process can be used as a marketing tag indicating the induced compliance impact when the product or service is used by a third party.

Learn more about this by attending the Focused Group Discussion for Data Auditors at the IDPS 2024 conference in Bengaluru on November 30 and December 1.

Register today at www.idps2024.in

Naavi