Naavi.org

5^th September 2021

PRESS RELEASE

FDPPI Proposes a New Data Privacy Compliance Framework

Foundation of Data Protection Professionals in India (FDPPI) is organizing a free webinar on 19^th September 2021, to build awareness on a unique Data Protection Compliance framework that can help the data processing industry in India to meet the Data Privacy obligations under the current Data Protection regulations applicable to Indian establishments.

The framework called “Personal Data Protection Standard of India” (PDPSI) is a unified framework that can assist a company to be compliant with the data protection requirements under Information Technology Act 2000, the proposed Personal Data Protection Bill 2019 (PDPB 2019) as well as GDPR and other international data protection regulations that may be applicable to Indian establishments.

PDPSI is a revolutionary concept “Made in India for the World” and incorporates several innovative futuristic ideas such as computation of “Data Trust Score” (DTS) and incorporating Data Valuation System in corporate Governance.

FDPPI has already developed a team of trained Auditors and Consultants and also created a group of Certification bodies which can undertake Consultancy and Audit based on the PDPSI framework and certify them for the Management.

When the PDPB 2019 is passed, the Government of India will set up a Data Protection Authority which will introduce codes of practice for industries to follow. PDPSI is an advance proactive initiative from the industry professionals to develop a system of compliance in tune with the global standards and flexible enough to meet the emerging requirements of PDPB 2019 when passed.

The webinar will be conducted by Naavi, the veteran Data Protection and Governance consultant, founder of www.naavi.org and Founder Chairman of FDPPI . During the webinar, Naavi will introduce the Standard and its implementation specifications with comparison of similar frameworks available from other agencies.

The webinar is sponsored by FDPPI for the benefit of Data Protection professionals in India to spread awareness of this framework. Registration would be free. The webinar would be conducted on September 19, 2021 (Sunday) from 11.00 am to 1.00 pm. Entry by registration at  www.fdppi.in or through e-mail fdppi@fdppi.in

Sd

Chairman

FDPPI

We at FDPPI think that PDPSI is a useful framework that can assist the Indian Data Fiduciaries to be compliant to multiple data protection laws.

But what matters is not what we think…but what you think…

It is possible that for many of you, PDPSI is a new term and you have not had an opportunity to study what is it and how does it compare to IS 17428 etc.

Now there is an opportunity to discuss this . Block your calendar today for September 19th, 11.00 am. Let’s meet and discuss.

Naavi

PDPSI or Personal Data Protection Act of India is a compliance framework that is unique. It has been developed by professionals with years of experience in the field of Privacy and Data Protection, as a unified framework for meeting the compliance of multiple data protection laws.

Unlike some of the other frameworks for PIMS  (Personal Information Management System) or or DPMS (Data Privacy Management System), PDPSI is a compliance framework for “Personal Data Protection Compliance Management System” (PDP-CMS).

Again unlike the PIMS or DPMS systems which are an extension of other ISMS systems, PDPSI is a standalone system that has a focus on the compliance requirement to a target jurisdiction.

Unlike other PIMS or DPMS systems, PDPSI framework for PDP-CMS extends to calculation of the Data Trust Score (DTS) which is a Trust Seal indicating the level of compliance maturity of an organization.

Naavi, Chairman of FDPPI which is developing a system of Accredited PDP-CMS auditors, Certification Bodies and a system of Certification, will be explaining the salient features of PDPSI and why it is a comprehensive and forward looking compliance model appropriate for Data Controllers and Data Fiduciaries.

The two hour session on 19th September 2021 will be conducted as an Online webinar at 11.00 am and is offered free on registration.

Those interested in registration may complete the following form or send an e-mail to FDPPI.

Naavi

(In continuation of the previous article)

PDPSI is a framework which evolved from the Indian Information Security Framework (IISF-309) which was first developed for compliance of ITA 2000, and published in March 2009.

PDPSI was designed to be of use for “Compliance” of data protection regulations for an organization which is involved in processing of personal data and is subject to the Indian jurisdiction.  The primary law of the Indian jurisdiction  now is ITA 2000 and is read with PDPB 2019 as the “Due Diligence Requirement” under ITA 2000.

PDPSI takes into account the fact that if the Indian organization is involved in processing personal data originating from abroad, the organization will be required to factor-in compliance of the appropriate law applicable to the “Country of Origin” of the personal data. It is therefore a “Unified Compliance Framework”.

Further PDPSI restricts its objective to “Compliance” of “Data Protection Law applicable to an Indian Data Fiduciary”. The  terms such as PIMS or DPMS used in ISO 27701 and IS 17428 indicate that these frameworks provide/attempt to provide a certification on the Personal Information or Personal Data Management system per-se. These standards do not claim to have been designed for “Compliance” but have drawn heavily from the GDPR in identifying the principles of Privacy which the PIMS/DPMS system tries to “manage”.

PDPSI on the other hand is designed for compliance. It is a template for compliance of any data protection law and incorporates many controls which are relevant for Indian requirement under ITA 2000-PDPB 2019 which may not be available in other laws such as GDPR. PDPSI is therefore more comprehensive than the IS 17428.

Also, both ISO 27701 and IS 17428 are not independent standards and have to be read with ISO 27001/2 and will not be certifiable except with ISO 27001 certification. Both ISO 27701 and IS 17428 have to therefore be considered as an augmented ISO 27001 rather than independent standards by themselves.

PDPSI however is an independent certifiable standard and incorporates protection of information through the CIA principle as part of its Implementation Specifications.

PDPSI is a framework which addresses “Management of Personal Information in an organization for the purpose of protecting the privacy of the data principal as indicated in the relevant law”.

This system is better referred to as PDP-CMS or “Personal Data Protection Compliance Management System” instead of PIMS or DPMS.

The primary focus of PDPSI controls are  therefore the prescriptions under the target regulation and any generic managerial controls which may be part of the system are meant to/ designed help the compliance in the longer run.

It is therefore possible to develop PDPSI certification as a tightly integrated certification for compliance of a given data protection regulation.

For example PDPSI-In can be considered as near compliance of Indian data protection regulation while  PDPSI-EU may be related to compliance of EU GDPR and PDPSI-Sg may be related to compliance of Singapore PDPA 2012. etc.

PDPSI however recognizes that “Compliance” of a law inherently involves “Interpretation” of law and hence even the best interpretation of a professional can only be a second guess on what the Data Protection Authority of the day thinks is the correct interpretation or a third guess on what the Courts may interpret.

While PDPSI attempts to partially address the alignment of compliance with the DPA’s interpretation, it may  not be possible to align the compliance with the possible interpretation of a Court in a future judicial proceedings and in that context PDPSI would be a “Good Faith” interpretation of what the Data Protection Jurisprudence could be.

Understanding PDPSI in its full perspective requires a more detailed discussion. FDPPI and Naavi are committed to explain these principles to all interested professionals who would be curious to know why PDPSI is considered as the “Bade Bhai” to IS 17428 which is the “Chote Bhai”.

Naavi is planning to conduct a free introductory webinar shortly to explain PDPSI concept in detail. FDPPI is also separately conducting Certification programs to develop DPOs who can implement the PDPSI in a corporate scenario.

Watch out for the introductory free webinar and book your interest through e-mail with naavi or as a comment here under.

Naavi

Recently, the Bureau of Indian Standards introduced a new standard called IS 17428 as the standard for providing privacy assurance for individuals and for organizations to set up a “DPMS” or data protection Management System.

Apple is posing a great challenge to law enforcement across the world with its proposal to introduce its new version of phone (I phone 13) with a chip that can connect to the Low Earth Orbit (LOE) Satellite. The phone comes with a customized Qualcomm X60 baseband chip  which may be able to connect to the Global star’s satellite communication.  This facility will enable the phone to have connectivity from remote locations where there are no network connectivity. It is said that adventurists such as hikers, mountaineers etc may find this very useful if they are lost in the wilderness.

While for technological considerations, this appears exciting,  the introduction of this type of universal connectivity will pose a huge threat to the society. It will be immediately used by all Naxalites, Terrorists and Criminals. At present the tracking of mobile phones with reference to the mobile location is one of the biggest advantages that the law enforcement is using to crack many crimes. Crimes like rapes, murders etc are often tranced with the help of the mobile phone tracking.

Once iphone 13 is introduced,  whether normal users use the facility or not, all criminals will definitely use the facility. It is said that the price of the phone may not be much different from other models and there could be increased subscription costs. But “Affordability” is never a challenge for criminals and hence Apple will be the biggest abettor for all types of crimes.

The Home Ministry should immediately ensure that the current system of  licensing of satellite phones is further tightened and iPhone 13 is banned. Current generation of satellite phones are at least identifiable as different by the very looks. But iPhone 13 may look similar to other phones and hence any criminal in our midst may be using the phone for nefarious purposes sitting next to us without we being able to locate such phones easily.

I wish the Government of India takes immediate steps to ban the use of iPhone 13 in India with immediate effect.

Naavi

Refer: :Computerworld.com

Also refer: Forbes.com