When ITA 2000 was enacted and notified on 17th October 2000, technology made its entry into commerce with the recognition of electronic documents and digital signatures. Digital Signatures were also a tool of information security and non repudiable authentication. The concept of due diligence and section 85 had also introduced the concept of corporate responsibility for security for prevention of cyber crimes.
With the 2008 amendments the role of law on information security was further tightened and CERT In got notified as the apex cyber security organization in the country. Sections like section 43A, 69A, 69B etc highlighted the need for corporate compliance action.
However this legal intrusion into information security practice was brushed off by the industry and ITA 2008 compliance and IISF 309 (Indian Information Security Framework) remained only a wishful thinking of Naavi.
After 24 years, with the advent of DPDPA 2023, it appears that industry is now able to recognize this new field of information security combined with law. Just as AI enabled Data Analytics has become the corner stone of innovation in data driven organizations, ITA 2000 driven DPDPA 2023 has become the essence of the corporate information securty practices in the emerging times.
At the Empowering CxOs conference in Bengaluru on 5th September 2024, this aspect came for discussion in a panel “The Future of Data Privacy by Driving a Privacy-First Culture – Balancing Innovation and Privacy: A Strategic Approach.” which I had the privilege to moderate.
The entire event is available at https://www.youtube.com/watch?v=B5ZjUS77xms (Panel discussion is available at 7.10.46)
During the discussions it was clear that the future of technology related to information security would be embedded with DPDPA 2023 in a manner which the industry has fully realized and is trying to find ways to implement.
In this direction DGPSI comes out as a solution in the form of compliance framework to be considered and the training programs like C.DPO.DA. scheduled by FDPPI for information security professionals stand out as a timely introduction to the eco system.
We hope that this integration of Technology and Law in terms of “Information Security and Privacy Protection” will grow from strength to strength in the coming days.
Naavi
