Naavi.org

FDPPI is launching its Virtual Faculty led program on C.DPO.DA. in April as a week end course of 18 hours spread over 6 week end days from April 12th. All of you are by now aware of the event and some of you have already registered for the event.

FDPPI in its unique trend of education, has also invited those who are registered for the recorded virtual courses to join this faculty led course without further payment.

Most of you are also aware of the two books “Guardians of Privacy…A Comprehensive handbook on DPDPA 2023 and DGPSI” and “DGPSI, The perfect prescription for DPDPA Compliance”.

However, FDPPI wants all those who sport C.DPO.DA. Certificate to pass an online exam which is a challenge even for experts.

Any body who considers themselves as an Expert in Privacy and wants to be a DPO or Data Auditor and those who have already obtained certificates from other organizations are free to challenge the exam without going through the FDPPI training program.

However, since we value the “Knowledge” more than “Information”, we encourage people to attend the training program and then take the exam and the fee structure therefore is fixed accordingly. (Check for details in www.fdppi.in)

I consider this program as a “Training of the Trainer” program so that all those who want to undertake training on their own for people to prepare for DPDPA Compliance can use this opportunity to discuss with other experts and fine tune their own thoughts.

Hence we request all professionals whether they intend taking this course or not to indicated to me what do they expect in a course of this nature…

The program is for 18 hours and expected to cover the Law related to DPDPA, The implementation challenges, The Governance measures, Audit framework and Compliance maturity Assessment.

We will be glad to conduct the program as per your curriculum.

We will be glad to invite three of the respondents who provide valuable suggestions to a virtual panel discussion during the program so that they can benefit the participants with their wisdom.

Yes… We do what others donot do.. We are different…for a purpose…

(Check for details at www.fdppi.in)

Naavi

Naavi has been in discussion with some Insurance Companies about the need for DPDPA Risk Insurance. I am not sure if any of the leading Insurance Companies have introduced specific insurance policies to cover the DPDPA Risks while some are extending their liability policies to respond to enquiries if any.

I would like to draw the attention of the viewers to many of the discussions on Cyber Insurance in this website in which we have highlighted that in India, Insurance contracts are considered “Contracts of Good Faith” or “Uberrimae Fidei” contracts. What this means is that at the time of underwriting a Cyber Insurance Contract, it is for the insured to provide a good faith disclosure of risks and if any of these disclosures are found to be wrong, the insurance claim may be disallowed later.

Data Fiduciaries should therefore think twice and check the proposals made along with the disclosures carefully before placing their reliance on the coverage they may obtain from the policies.

Ideally the following Risks need to be covered by a Data Fiduciary as “DPDPA Non Compliance Risk”

1. Penalties to be imposed by the Data Protection Board when an inquiry is conducted and the organization is found non compliant.
2. Expenses incurred for Data Breach investigation, Forensic and legal consultancy in case of suspected and actual data breaches
3. Third party liability to data principals arising out of data breach.

Data Fiduciaries need to ensure if all these risks are covered or only the expenses related to the data breach investigation and defence of liabilities are covered.

The third party liabilities are difficult to estimate since it depends on the claims that can be made by data principals. The penalties could be large and may extend upto Rs 250 crores.

The actual extent of penalty may also depend on the security measures that an organization may have implemented.

Hence estimating the value of the Insurance Policy required by an organization and setting a fair premium is a challenge.

At the same time, a Pre-Underwriting audit and Post Claim submission audit becomes important steps that both the insured and the insurer should consider before fixing the premium as well as settling a claim.

We look forward to a response from the Insurance Companies in India if they are ready to provide the DPDPA Risk Insurance.

Considering the “Good Faith” nature of Insurance Contracts and disputes that may arise regarding “Proximate cause of loss” , Insurers are advised to be careful and seek advise from experts before finalizing the contracts. They should not expect that the “Insurance Brokers” provide the necessary guidance since they have their own vested interests. Hence it is preferable for the Data Fiduciaries to seek independent consultants to assist them in choosing a DPDPA Insurance policy.

Reference Articles

DPDPA Insurance and Insurability Assessment

A Golden era for Insurance Industry ushered in through Personal Data Protection Act of India

Should there be Insurance for DPDPA Fine?

Cyber Insurance and Data breach Liabilityhttps://www.naavi.org/wp/cyber-insurance-and-data-breach-liability/

Other articles

In what can be considered as a historical event where a global leader explained his philosophy of life with the world, Indian Prime Minister Mr Narendra Modi lived upto his acronym “Namo” and explained some of his thoughts which are relevant to the business also.

One of the gems of wisdom that Mr Modi stated is the difference between Information and Knowledge. He emphasized that Knowledge evolves through processing, reflection & Understanding and is not just a collection of facts.

https://www.threads.net/@kumardeepam/post/DHSlEPmMJ2a/media

I would like to relate this statement to the approach of FDPPI in its training programs such as C.DPO.DA. When Naavi focuses on preparing the professionals for the C.DPO.DA. Certification, he focusses on trying to convert the words in the DPDPA to practical implications. This is the biggest differentiation of FDPPI’s certification vs other certifications.

One of the next programs that FDPPI is conducting for C.DPO.DA. aspirants is coming up in April 2025 where over 3 hours each weekend, Naavi will explain his understanding of DPDPA in the context of its implementation in the corporate environment.

This program should be a trendsetter in the domain of DPDPA Training in India and I invite all the aspiring Lead Implementers of DPDPA compliance, aspiring auditors and aspiring trainers to be part of this event. Register today and not miss an opportunity to interact with this “Exploration of Knowledge”.

Check here for registration.

Here is a continuation of Naavi’s series of videos on DGPSI.