Naavi.org

FDPPI/Naavi has been working on DGPSI as a framework of compliance. The DTS system is also associated with it and provides a score on the maturity of assessment of the compliance.

In view of the lack of compliance of websites in general for compliance of ITA 2000 as well as DPDPA 2023, FDPPI has decided to introduce a Compliance marker for websites namely “Web-DTS” with immediate effect through some of its accredited data auditors.

FDPPI has developed a Web assessment under DGPSI and for establishing a Compliance score exclusively for compliance of DPDPA 2023 .

The framework which is part of the DGPSI is scheduled to be unveiled by FDPPI during the Privacy Day Celebrations on February 27/28 in Bangalore.

Currently this system may evaluate the compliance of a website on request from the publicly available information so that minimal compliance measures may be initiated. The Company may chose to publish the DTS score preferably after plugging the gaps.

Naavi

DGPSI (Data Governance and Protection Standard of India) is a suggested standard and a framework of compliance for organizations who intend to implement “Compliance By Design”. In this respect it is more like ISO 27701 which tries to establish a framework for “Privacy by Design”.

“Privacy” is a right of an individual and all Privacy Activists are committed to the protection of the right to privacy. The world however consists of Privacy Activists and also Data Driven Business and E-Governance authorities. Hence it is essential that “Privacy by Design” has to accommodate “Data Dependent Business” and “Data Oriented Governance”. The legislation whether it is DPDPA 2023 or GDPR or CCPA/CPRA has to therefore accommodate all the stake holders.

Hence “Privacy” cannot be at the exclusion of the right of monetization by the business nor right of “Surveillance” by the Government. Even the “Right to Security” of individuals is as much a fundamental right as “Right to Privacy” and has to be recognized. The law therefore has to accommodate these diverse interests when it makes the law. While GDPR also has provisions which accommodate rights of security and governance to some extent, Indian law namely DPDPA 2023 is more conscious of this responsibility. Hence DPDPA 2023 has certain provisions which may make puritans a little uncomfortable.

FDPPI has recognized this need for harmony and had adopted this as one of its objectives in its memorandum by stating

“To bring harmony in the pursuance of Civil Rights of individuals such as Privacy and Freedom of Expression along with the Right to Information and Right to Cyber Security .”

The approach of DGPSI as an instrument of “Compliance By Design” of which “Privacy by Design” is a component along with Personal Data Governance and personal Data Security. Hence it accommodates compliance of not only DPDPA 2023 but also ITA 2000 and BIS standard of Data Governance.

Just as a Fair Data Protection law has to be fair to the business and Government, DGPSI also is a “Fair Compliance Framework” which tries to be fair to the CFO, CMO along with DPO and CISO. Through “Distributed Responsibility” criteria it even tries to be fair to the DPO and spreads the responsibility across the organization. Through “Implementation Charter” signed by the top management it brings the Board level commitment to support the DPO. By adding Data Valuation and Data Monetization as a policy DGPSI tries to support the CFO/CEO/CMO and adoption of innovative data analytics.

“To be fair to all stake holders within and outside the Company” is therefore the underlying principle of DGPSI. It is practical and recognizes the need of an organization to survive and grow while remaining in compliance with the law of the land. Need to survive is through compliance for mitigating the penalty risk under DPDPA 2023 and ITA 2000. Need to grow is nurtured by enabling policies for handling the dilemma of data monetization and innovative Data Governance. The DGPSI auditors who interpret the principles of DGPSI in a given context need to remember this “Compliance Dharma” to protect the interests of all stake holders.

Naavi

P.S: At the dawn of the Shrirama Shaka of Kaliyuga, let us remember the lessons of Ramayana and adopt it to the challenges faced by a DGPSI auditor. Just as Lord Rama had to balance between his personal interests, wife’s interest, interest to protect the honour of his father, interest to protect the desires and wishes of his citizens and yield to one at different times but for logical and justifiable reasons, DGPSI may at times yield to one of the stake holder’s interest against the other. Maintaining the balance is the work of a DGPSI auditor and as tough as what Lord Rama faced when he had to explain some of his actions.

The inauguration of the Bala Rama Temple in Ayodhya has started a new era in India which should revitalize the old civilization of India. We are therefore entering a new era which we can call the Shrirama shaka.

Naavi.org has been advocating “Cyber Law” and was born with the slogan Let’s Build a Responsible Cyber Society where law would be fair and people would comply voluntarily.

In practice it is not always possible for the law to be drafted in a balanced manner and even if it is so, for the Judicial system to apply it fairly. But the endeavour has to continue. The concept of “Jurisprudence” has to guide both the law makers and law enforcers to be fair and balanced.

Naavi.org is neither a law maker nor the law enforcer but has been trying to fight either a bad law or a bad enforcement while at the same time trying to persuade the public to be compliant. In the past we have supported the litigation requirements of public through CEAC as well as direct participation in the S Umashankar case.

This effort of support to the fair establishment of law as a part of the “Rama Raajya” concept will continue even in the emerging Shrirama Shaka. However, due to the contextual circumstances, Naavi we may restrict our activities to only education and not take up litigation support work.

To mark a new beginning, Naavi will re-dedicate himself to a new range of educational activities both in the Cyber Law as well as in the Data Protection Area.

Watch out for the announcements through this website.

Naavi

The concept of Data Protection as management of Personal Data of individuals involving certain Privacy Principles in addition to information security concepts emerged from the need to protect the Privacy Right of the individual.

In protecting the Privacy the concept of Information Security got enhanced with the principles of providing a right of choice to the personal data owner on what are his preferences regarding the use of personal data by a third party. Hence “Consent” became the main parameter on which the personal data needs to be governed by any organization.

At the same time to be fair to the community there was a need to incorporate some of the legitimate interests of the business and the Government. Hence the final outcome of the data protection law is an attempt to balance the interests of the individuals along with the interest of the business and the Government.

This principle of “Fair Governance” is reflected in the DGPSI framework which is the only framework available on date for compliance of DPDPA 2023.

Some of the key principles adopted by DGPSI (Data Governance and Protection Standard of India) which reflects “Fair Governance” is

a) Need for Data Valuation policy to enable the Management understand the financial risks involved in the Governance of Personal Data

b) Need for a Data Monetization policy to represent the interest of the business where “Privacy Compliant Data Monetization” is pursued.

c) Need for “Data Disclosure Policy” to support the requirements of law enforcement and Government to ensure that the personal data is not misused.

d) Need for Responsibility Distribution so that the entire organization and its work force takes up the responsibility for compliance.

Understanding and implementing the requirements of different sections of Personal Data Users is also the concept of Fair Governance of a Kingdom which came to be recognized as the “Rama Rajya” concept which we may remember on the day when India is entering an era of awakening with the opening of the Ayodhya Rama Temple.

Naavi

While we are awaiting the civilizational event at Ayodhya tomorrow DGPSI of FDPPI takes a leaf out of the concept of Ramarajya as a symbol of Fair Data Governance as part of the Compliance framework of DPDPA.

Naavi