Naavi.org

Registration now open. Course to commence from October 3, 2021

A Feedback from a participant of the previous program:

What was unique about this training and certification was the depth of coverage. With Naavi Sir being an expert in ITA 2000/08, he was able to bring in the required relevance and he was able to quote on specific cases and how ITA 2000/08 by itself includes data privacy requirements. His references to the HC judgements on matters of Personal Data Protection emphasized the importance. The content and teaching were well rounded and inclusive of surrounding aspects that perhaps one cannot expect in more mundane training programmes. The content presented by Ramesh Sir was very very elaborate on GDPR and all encompassing …. the discussions and points made by Naavi Sir while clarifying our doubts were themselves like a separate training session with valuable insights conveyed which he had gathered over the years …. overall it was a very enriching imparting of knowledge…. K.N.NarasingaRao, (Consultant, ICT at IIMB Bengaluru)

Naavi

BSNL is a public sector company and many of us want to encourage it. But there is a limit to which the inefficiency of BSNL may be tolerated.

I have installed the BSNL Fiber connectivity by converting my existing land line connection to the fiber connection.

Unfortunately the service is so problematic that I need to consider cancelling my subscription.

In the meantime there have been some press statements that BSNL wants to convert all its copper lines to fiber. If this is done, there could be more problems for commuters and hence I draw the attention of the Telecom ministry to look into the matter immediately.

Firstly, whenever fiber connectivity is down, which is quite often, the regular telephone line also becomes inaccessible. Hence those who depend on the telephone line for voice calls are blocked out of voice connectivity.

Secondly, BSNL connectivity interjects advertisements when we try to connect to a website. An example is the picture below where I have tried to connect to www.pdpa2019.in through my browser and I am directed to this advertisement page.

These advertisement intrusions are potential sources for virus introduction and an unwanted intrusion. If one looks at this picture it appears as if the advertisement is appearing on the website of www.pdpa2019.in where as it is introduced by BSNL before opening the target website and as an “Impersonation” of the advertisement beneficiary.

This is an offence which can be brought under ITA 2000 and other laws and the concerned technical persons of BSNL may be criminally charged.

The customer service itself is being handled by outsourced agencies and despite their best efforts, fall short of the requirement.

Also, Jio Fiber is using underground cabling with dual cable connectivity and overhead  cabling is only from a nearby pole. This reduces the risks of cable cut due to natural and other reasons.

I hope BSNL tries to improve its services as the fiber service was one of the best opportunities for it to turn around the organization and if it fails this time, then this could be the end of BSNL.

Naavi

5^th September 2021

PRESS RELEASE

FDPPI Proposes a New Data Privacy Compliance Framework

Foundation of Data Protection Professionals in India (FDPPI) is organizing a free webinar on 19^th September 2021, to build awareness on a unique Data Protection Compliance framework that can help the data processing industry in India to meet the Data Privacy obligations under the current Data Protection regulations applicable to Indian establishments.

The framework called “Personal Data Protection Standard of India” (PDPSI) is a unified framework that can assist a company to be compliant with the data protection requirements under Information Technology Act 2000, the proposed Personal Data Protection Bill 2019 (PDPB 2019) as well as GDPR and other international data protection regulations that may be applicable to Indian establishments.

PDPSI is a revolutionary concept “Made in India for the World” and incorporates several innovative futuristic ideas such as computation of “Data Trust Score” (DTS) and incorporating Data Valuation System in corporate Governance.

FDPPI has already developed a team of trained Auditors and Consultants and also created a group of Certification bodies which can undertake Consultancy and Audit based on the PDPSI framework and certify them for the Management.

When the PDPB 2019 is passed, the Government of India will set up a Data Protection Authority which will introduce codes of practice for industries to follow. PDPSI is an advance proactive initiative from the industry professionals to develop a system of compliance in tune with the global standards and flexible enough to meet the emerging requirements of PDPB 2019 when passed.

The webinar will be conducted by Naavi, the veteran Data Protection and Governance consultant, founder of www.naavi.org and Founder Chairman of FDPPI . During the webinar, Naavi will introduce the Standard and its implementation specifications with comparison of similar frameworks available from other agencies.

The webinar is sponsored by FDPPI for the benefit of Data Protection professionals in India to spread awareness of this framework. Registration would be free. The webinar would be conducted on September 19, 2021 (Sunday) from 11.00 am to 1.00 pm. Entry by registration at  www.fdppi.in or through e-mail fdppi@fdppi.in

Sd

Chairman

FDPPI

We at FDPPI think that PDPSI is a useful framework that can assist the Indian Data Fiduciaries to be compliant to multiple data protection laws.

But what matters is not what we think…but what you think…

It is possible that for many of you, PDPSI is a new term and you have not had an opportunity to study what is it and how does it compare to IS 17428 etc.

Now there is an opportunity to discuss this . Block your calendar today for September 19th, 11.00 am. Let’s meet and discuss.

Naavi

PDPSI or Personal Data Protection Act of India is a compliance framework that is unique. It has been developed by professionals with years of experience in the field of Privacy and Data Protection, as a unified framework for meeting the compliance of multiple data protection laws.

Unlike some of the other frameworks for PIMS  (Personal Information Management System) or or DPMS (Data Privacy Management System), PDPSI is a compliance framework for “Personal Data Protection Compliance Management System” (PDP-CMS).

Again unlike the PIMS or DPMS systems which are an extension of other ISMS systems, PDPSI is a standalone system that has a focus on the compliance requirement to a target jurisdiction.

Unlike other PIMS or DPMS systems, PDPSI framework for PDP-CMS extends to calculation of the Data Trust Score (DTS) which is a Trust Seal indicating the level of compliance maturity of an organization.

Naavi, Chairman of FDPPI which is developing a system of Accredited PDP-CMS auditors, Certification Bodies and a system of Certification, will be explaining the salient features of PDPSI and why it is a comprehensive and forward looking compliance model appropriate for Data Controllers and Data Fiduciaries.

The two hour session on 19th September 2021 will be conducted as an Online webinar at 11.00 am and is offered free on registration.

Those interested in registration may complete the following form or send an e-mail to FDPPI.

Naavi

(In continuation of the previous article)

PDPSI is a framework which evolved from the Indian Information Security Framework (IISF-309) which was first developed for compliance of ITA 2000, and published in March 2009.

PDPSI was designed to be of use for “Compliance” of data protection regulations for an organization which is involved in processing of personal data and is subject to the Indian jurisdiction.  The primary law of the Indian jurisdiction  now is ITA 2000 and is read with PDPB 2019 as the “Due Diligence Requirement” under ITA 2000.

PDPSI takes into account the fact that if the Indian organization is involved in processing personal data originating from abroad, the organization will be required to factor-in compliance of the appropriate law applicable to the “Country of Origin” of the personal data. It is therefore a “Unified Compliance Framework”.

Further PDPSI restricts its objective to “Compliance” of “Data Protection Law applicable to an Indian Data Fiduciary”. The  terms such as PIMS or DPMS used in ISO 27701 and IS 17428 indicate that these frameworks provide/attempt to provide a certification on the Personal Information or Personal Data Management system per-se. These standards do not claim to have been designed for “Compliance” but have drawn heavily from the GDPR in identifying the principles of Privacy which the PIMS/DPMS system tries to “manage”.

PDPSI on the other hand is designed for compliance. It is a template for compliance of any data protection law and incorporates many controls which are relevant for Indian requirement under ITA 2000-PDPB 2019 which may not be available in other laws such as GDPR. PDPSI is therefore more comprehensive than the IS 17428.

Also, both ISO 27701 and IS 17428 are not independent standards and have to be read with ISO 27001/2 and will not be certifiable except with ISO 27001 certification. Both ISO 27701 and IS 17428 have to therefore be considered as an augmented ISO 27001 rather than independent standards by themselves.

PDPSI however is an independent certifiable standard and incorporates protection of information through the CIA principle as part of its Implementation Specifications.

PDPSI is a framework which addresses “Management of Personal Information in an organization for the purpose of protecting the privacy of the data principal as indicated in the relevant law”.

This system is better referred to as PDP-CMS or “Personal Data Protection Compliance Management System” instead of PIMS or DPMS.

The primary focus of PDPSI controls are  therefore the prescriptions under the target regulation and any generic managerial controls which may be part of the system are meant to/ designed help the compliance in the longer run.

It is therefore possible to develop PDPSI certification as a tightly integrated certification for compliance of a given data protection regulation.

For example PDPSI-In can be considered as near compliance of Indian data protection regulation while  PDPSI-EU may be related to compliance of EU GDPR and PDPSI-Sg may be related to compliance of Singapore PDPA 2012. etc.

PDPSI however recognizes that “Compliance” of a law inherently involves “Interpretation” of law and hence even the best interpretation of a professional can only be a second guess on what the Data Protection Authority of the day thinks is the correct interpretation or a third guess on what the Courts may interpret.

While PDPSI attempts to partially address the alignment of compliance with the DPA’s interpretation, it may  not be possible to align the compliance with the possible interpretation of a Court in a future judicial proceedings and in that context PDPSI would be a “Good Faith” interpretation of what the Data Protection Jurisprudence could be.

Understanding PDPSI in its full perspective requires a more detailed discussion. FDPPI and Naavi are committed to explain these principles to all interested professionals who would be curious to know why PDPSI is considered as the “Bade Bhai” to IS 17428 which is the “Chote Bhai”.

Naavi is planning to conduct a free introductory webinar shortly to explain PDPSI concept in detail. FDPPI is also separately conducting Certification programs to develop DPOs who can implement the PDPSI in a corporate scenario.

Watch out for the introductory free webinar and book your interest through e-mail with naavi or as a comment here under.

Naavi