So far in the industry when we speak of “Data Protection” and “Data Audit” we think of Personal Data only. “Non Personal Data Protection” is often considered the domain of IS professionals who are only Tech Professionals. Personal Data Protection Professionals are conscious of laws such as GDPR or DPDPB 2022 while IS professionals are more focussed on ISO standards such as 27001.

The reality however is that in an organization, the Data Pool consists of “Data” which in some context is considered “Personal” and in some context considered as “Non Personal”. According to Naavi’s Theory of data, “Data is in the beholder’s eyes”. It can be personal and non personal at the same time depending on the user. This is similar to the concept of physics which says that light is both a matter and a wave.

A career Data Protection Professional should therefore be conversant with both Personal Data Protection and Non Personal Data Protection. Unfortunately just as the Curriculum in Engineering and Law are mutually exclusive and makes it difficult to produce “Techno Legal Professionals” at the College level, keeping Information Security and Personal Data Protection exclusive makes it difficult to train “Techno Legal Career”.

Now as a pioneering effort, Naavi in association with FDPPI has started a blended course where both aspects of Cyber Laws such as ITA 2000/8 and the upcoming DIA as well as the upcoming DPDPB 2022 and GDPR are being taught to a single group. This is being done by offering a combo Certification program with FDPPI-DNV certification for Data Protection and FDPPI-CLC certification program for Cyber Laws.

No doubt this is a unique and first of the kind experiment of bringing two disciplines into a single platform. We hope this will be appreciated and will become a norm in the future.

Both Programs will be launched on June 17, 2023. The Data Protection program is scheduled as 3 hours sessions on both Saturdays and Sundays for 4 weeks (8 sessions of 3 hours each)

The Cyber Law Course is presented as a hybrid course. It will be formally launched on June 17, 2023 in the afternoon at 3.30 pm. Firstly 14 hours of recorded version of the course would be made available to students. Then during subsequent Saturdays’ 90 minute interactive sessions will be held on June 24 and July 1st and July 8th to discuss the different aspects of the recorded sessions. The June 24th Session would discuss upto Digital Contracts. July 1st session would discuss the Cyber Crimes and July 8th session will discuss the Compliance issues arising from ITA 2000.

It is optional for students to take the combo offer or restrict themselves to one of the courses.

The links for joining the courses are available below:

Link for Data Protection Course:

Link for Cyber Law Course:

FDPPI is conducting the FDPPI-DNV program for development of Data Protection Officers and Data Auditors in India, as an instructor lead program starting from June 17. The early bird discount worth Rs 5000 for the same is ending today midnight.

FDPPI-Cyber Law College is also conducting an online program on recorded cum instructor lead program. Early bird discount worth Rs 1000 will be expiring today midnight.

FDPPI has opened a prestigious “Indian National Register of Data Protection Professionals” and early bird discount worth Rs 3000/- is ending today midnight.

Today is therefore time to act.

Link for Data Protection Course:

Link for Cyber Law Course:

Link for Indian National Register of Data Protection Professionals

When the earlier draft of Data Protection Law in India had been proposed by the Indian Government in the form of DPA 2021, the law had combined certain aspects of Non Personal Data Protection also into the DPA 2021 making it a combo act. Hence the reporting of data breach to CERT-In was within the provisions of the Personal Data Protection law. Now in DPDPB 2022, the separation between compliance related to non personal data and personal data has been maintained under two laws namely the Information Technology Act 2000 and DPDPB2022.

However in the current ITA 2000 only Section 43A is being deleted and other sections which may be applied to Personal Data collection, storage and management remains. When the Government comes up with the Digital India Act, the overlapping provisions may be rationalized. But the nature of data is such that the lifecycle of personal data and non personal data may merge. Just as new identification parameters of an individual flowing into an organization may convert the hither to non personal data to personal data, the anonymization process may convert the non personal data to personal data. Hence the two laws are not capable of being completely separated.

Recognizing this, the undersigned has been promoting courses on both Non Personal Data Protection and Personal Data Protection though they are referred to as Course on Cyber Law and Course on Data Protection separately.

As a coincidence, Naavi is now launching a new course on each of these programs simultaneously. On June 17, the course on Data Protection will be commencing as an online course. The Cyber Law Course in an updated form has also been just launched with nearly 15 hours of recorded content. In June the Government has planned to provide an updated version of Digital India Act to replace Information Technology Act and hence the current Cyber Law course will be continued with a course on DIA as available by the end of June.

It is expected that knowledge of both the programs would be a powerful combination which has not been offered as a combo by any organization. Hence this will be unique and will make the participant a “King of Data Protection Law” at least from the awareness aspect.

For both programs certain early bird discounts have been announced and they end today.

The Time to Act is therefore now..Last day of Early Bird Discount…

Naavi has always believed in providing value for the community and hence whenever such programs are conducted, some form of concessions are provided for the participants. Often this is presented as “Early Bird Discount or Membership benefits.

Now the FDPPI-DNV program which costs Rs 40000/- with examination fee will be available at Rs 35000/- till end of today. The Cyber Law program which costs Rs 8000/- with examination fee will be available at Ra 6000/- till end of today. (All prices are inclusive of GST)

Since the target audience for both are different, the two programs are offered as separate programs.

At the special request of a few who suggested that Cyber Law course is also relevant for DPOs , for today only a third offer is being made whereby those who take both the programs till the end of the day will get a cash back voucher of Rs 1000/- and a set of free e-books on Cyber Law worth Rs 900/-.

Such students will pay Rs 41000/- and will receive PayTm voucher of Rs 1000/- as cash back incentive along with thee set of E Books and eligibility to sit for both exams as well as ability to be Registered in the coveted hall of fame register…”Indian National Register of Data Protection Professionals”.

This offer is applicable only till the end of today.

The links for registration is available below with more information:

Link for Data Protection Course:

Link for Cyber Law Course:

If you believe that Knowledge is Power, this is the time to act.

All the professionals will also get an entry eligibility to the Indian National Register of Data Protection Professionals.

The future of Data Protection would include both personal and non personal data protection and hence completing both courses would be making the professional the “King of Data Protection Knowledge”.

One wiseman said..

“Opportunities fly past all of us.. but it is only the wise persons who are alert to recognize and catch..They succeed and the rest are left behind”

Let us remember and be the wise and successful person…

Naavi

Recently a senior Privacy Pro from Bangalore posted in a professional group posted this message…

“Is.Byjus reading our WhatsApp messages?

I enquired about tuitions to my 7th standard son in a WhatsApp group and within 5 mins I got a call from Byjus!!!”

I also observed that after I listened to my own video on Youtube on Section 65B immediately thereafter the next video suggestion by YouTune was a video on Advaita by a Swami Tatvananda of Ramakrishna Mission. …perhaps because the video had alluded to “Body” and “Soul” and liking the data in a hard disk to soul in a body.

Both the above incidents indicate that the content in WhatsApp or Youtube video used by the user was observed by WhatsApp and Google respectively and used for further promotion. My video was also played on a mobile and hence it could be Google reading the content through android.

If private conversation in a WhatsApp group becomes known to Baiju a commercial entity, then it is clear that there is no privacy in the use of WhatsApp which claims to use “End to End Encryption”. It is clear that WhatsApp reads every message and an AI algorithm flags any marketing opportunity and reports it to the back end system which perhaps provides a subscription based advertising service either through Google Ads or FaceBook Ads and informs the ad information subscribers to push their marketing efforts.

We can therefore conclude that use of “WhatsApp Messaging” for business transactions is a risk to the business information. If a company is using WhatsApp for communicating with its sales force and a sales person reports, “I just met a prospective client who is interested in our product. We can pursue this lead….” , next moment a competitor may be at the doors of your prospective client to deliver a similar product and steal your lead.

Similarly in a hospital communication, if one doctor is sharing some diagnostic discussion with another doctor on a patient’s condition, it is possible that an insurance company may be lifting the information to alter the insurance terms or deny a claim.

While Privacy activists may try to tackle this data breach in a different way, one technology company in Bangalore has been working on a secure messaging system for organizations where data is secured through encryption “From creation to Consumption” instead of only from “device exit to device entrance”.

In a discussion with Mr Vinaykrishna, the owner of this Dubai based company with a development center in Bangalore, he indicated that this product is specially meant to replace the use of WhatsApp for business applications where sensitive personal data is transmitted. He indicated that no data is safe with WhatsApp type of messaging services where the data is permitted to be used for commercial purpose and the “End to End Encryption is only a myth. His contention is that his solution permits the server to be in house and the encryption control entirely within the admin of the enterprise.

It would be interesting to explore such solutions which appear to come from niche companies but take on established global brands like Meta.

A full video interview of Mr Vinay Krishna would be made available shortly on this website.

Naavi

On 20th May 2023, Naavi addressed a group of professionals at the Anna Centenary Library auditorium in Chennai and explained the Section 65B of Indian Evidence Act which is troubling lot of people. This 23 year old provision is now gaining traction because judges in trial courts are now asking lawyers producing electronic evidence to produce Section 65B Certificate for every electronic evidence presented. Some of the lawyers are so frustrated that they want this section to be removed.

It is therefore essential for the community to listen to the views presented here which represents “Jurisprudence”. Some people believe that “Jurisprudence” is what a Judgement presents and hence has to come from the Courts only. But I believe that “Jurisprudence” can come from “Experts” and in the case of technology related issues, it is more appropriate if interpretations come for techno legal experts. Courts will add these views in their judgements when the counsels include it in their arguments and the Judge takes them into consideration.

Naavi has been speaking about Section 65B since 17th October 2000 when ITA 2000 became a law. Naavi produced the first evidence with Section 65B certificate in the SuhasKatti case in 2004. Ever since that date Courts are struggling to come to terms with the section and it was in 2014 with P V Anvar Vs P K Basheer case that Supreme Court finally presented a an acceptable view on the use of the section. Whoever explained the section to the Bench at that time must be congratulated for their work and Judges complimented for bringing out the correct perspective.

However the community of advocates and judiciary continue to question Section 65B particularly the mandatory nature of the section and in this context, the following speech of Naavi given at the Cysi seminar tries to provide clarification.

Any questions based on this may be sent to Naavi and I would be glad to explain it further.

Naavi

Honourable Minister of State for IT, Sri Rajeev Chandrashekar has announced that the first draft of Digital India Act would be available for public debate by June 7.

Already, the Minister has conducted several public consultations on the general framework to be adopted by DIA. Naavi.org has also discussed the contours of the emerging Act in the following articles

1. The New Digital India Act in the making-1 : Cyber Crimes under IPC?
2. New Digital India Act in the making-2: Integrity of ChatGPT like models
3. New Digital India Act-3 : Should the negative list be continued?
4. Digital India Act-4 :Is there only one type of Intermediary in ITA 2000?
5. Digital India Act-5: Adjudication
6. Digital India Act-6: Fighting the Information Warfare
7. Digital India Act-7: Data Monetization
8. Digital India Act 8: Regulatory Oversight on PlayStore/AppleStore
9. Digital India Act-9 : Digital Media Disclaimer

As we all are aware, the Digital India Act (DIA) is meant to replace the current comprehensive law namely the “Information Technology Act 2000” which has been amended substantially in 2008. The new DPDPB 2022 is an off shoot of Section 43A introduced in the 2008 amendment. There have been several CERT In guidelines and Intermediary guidelines that have also been released from time to time. A reasonable number of Cyber Crime cases have been investigated by the Police and several court decisions have also developed Cyber Crime jurisprudence.

If the new law in the form of DIA is introduced, there will be a substantial disruption to the understanding of Cyber Laws in India. We the professionals need to unlearn and re-learn several concepts.

In order to prepare the Cyber Law Professionals for the upcoming law, Cyber Law College of Naavi is starting a new Course on “Certificate in Cyber Laws ” . This course will have two parts. The first part will cover the current laws. The second part will cover the proposed DIA in whatever form will be available in the month of June. If the Government provides a copy of a draft Bill, the Course will cover a discussion of the Bill section by section so that professionals will be able to participate in further discussions and understand the emergence of the law with a close observation of the debates that would take place later.

If the new Bill is not introduced, we will discuss the draft as is present now and covered over several articles indicated earlier.

The motto of Naavi/Cyber Law College is to enable Cyber Law Professionals to be Ready before others so that you can keep up the Knowledge leadership.

The full details of the Course for Part I is available below:

Part I of the program consists of 14 hours of online sessions available at present. This will be supplemented with the Bridging Session the duration of which will be decided based on the requirement.

The recorded programs can be completed in about 1 month. Once the new Bill is available, the schedule of live sessions for DIA would be announced. Since Naavi has also scheduled a course on “Certified Data Protection Professional” starting from June 17 as a week-end program, the DIA course will be scheduled during the week days at about one hour per day for which a schedule would be announced later. If the Government does not present the draft Bill, the Bridging session may be a short session.

Registration for this course is now open. The fees is a moderate Rs 6000/- (inclusive of GST). Participants can complete the course and obtain a participation certificate. They will also be provided an option to take an online proctored examination and if successful they would be provided with a Certificate as “Certified Cyber Law Professional (DIA)”.

Since this program is now under the umbrella of FDPPI certification, details are also available here. Kindly register only in one place.

Register here

Naavi