On June 28, 2024, there was a major Information Security Summit at Bengaluru lead by BSIDES Bengaluru.
Amongst the several things discussed during the conference was also a panel discussion on “Tactics for Combating Privacy Threats” in which the undersigned also particiapted.
During the panel discussion, Naavi highlighted that apart from the threats arising out of new technology being misused by Criminals which get reflected as “Information Security threats”, it is necessary to recognize the new genre of threats arising to an organization due to the emergence of Privacy and Data Protection laws.
One of the special features of this new genre of “Regulatory Non Compliance Risk” is that it may materialize even when there is no “Data Breach” and hence the risk management strategies need to be addressed differently from the exisitng practices.
Further, Naavi highlighted that it is necessary to recognize that management of “Privacy Threats” include management of a the limitations of the laws of pricacy and its conflict with security practices. An example was cited regarding a common response of organizations who refuse the identity of the sender of a message to a recipient when the message itself is an object of an offence such as a phishing email or a message.
Naavi also highlighted that there are limitations to the use of technology in automating compliance through technology artifacts which need to be recognized since “Legal Compliance” is not a “Binary Solution” and involves human interpretations.
Naavi believes that with the advent of DPDPA the obligations of organizations have taken a new dimension and it is necessary for them to identify new frameworks such as DGPSI to remain compliant.
The interaction with the audience was very engaging.
FDPPI took the opporutunity to congratulate the organizers and more particularly Ms Sujatha Yakasiri, the founder of BSIDES Bengaluru for the successful orgaization of the event.
Naavi
