IS 17428 follows its big brother- PDPSI, but lags behind ..by far

This is a continuation of the series of articles

IS 17428-I under para 5.12  states,

Staff handling personal information or activities related to processing personal information shall:
a) Be trained and kept aware about developments depending on their role;
b) Be aware of their responsibility in protecting data;
c) Be traceable to their actions or inactions;
d) Subject to appropriate disciplinary actions when proved to be in violation of responsibility.
The organization shall determine suitable criteria for qualification, competency and evaluate staff before assigning them responsibility related to data privacy.

In the PDPSI the need to equip the employees is handled both at the operative level as well as at the senior level.

Standard 10 under PDPSI states:

“The organization shall establish appropriate strategic and tactical measures to build and maintain a culture of Privacy Protection throug data protection across the entity and covering all stake holders.”

In the detailed explanation of Standard 10, it i stated,

“…Measures are therefore required to be taken by an organization to ensure that the compliance culture is built across all levels of employees, Vendors, business associates as well as the customers, so that every stake holder is aware of and implements the compliance measures as if the responsibility percolates to all.

This requires both incentivization and dis-incentivization strategies to be used for the best impact. Implementation of whistleblower policies and an effective grievance redressal mechanism both for internal and external disputes is also considered essential to maintain the compliance culture across the organization.”

This is further supplemented by the Model implementation specifications that cover “Employee Privacy Management”,  “Work from Home”, “Augmented HR Policy” etc.

Additionally, Standard 9 mentions abut Employee onboarding/Termination policy besides other aspects.

PDPSI goes one more step further and identifies that Data Protection being a “Cross Functional Responsibility”, the DPO is likely to encounter issues of non cooperation or hostility from other senior management professionals and advises appropriate policy  under Implementation specification no 7 that

“The organization shall adopt and implement a suitable policy to ensure harmonious functioning of the DPO with the other senior executives of the organization with an appropriate clarity of roles and responsibilities including measures to resolve differences.”

Thus PDPSI thinks far ahead of frameworks such as IS 17428 and retains its tag line..

Essence of the Essential and yet different by a distance. * meaning  (*सब का सार, फिर भी, अलग…by Far

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.