C&L_December 2017 (1)

More documents

Recommendations

Info

Cover Story+ Towards an Indian Data Protection Regime Extracts from the issues raised for discussion by the expert committee appointed to create a draft data protection bill for India By CIO&Leader On 24 August 2017, in a historic judgment, a ninejudge bench of the Supreme Court ruled that right to privacy is a fundamental right, while hearing a case on the legality of Aadhaar. “We are in an information age. With the growth and development of technology, more information is now easily available. The information explosion has manifold advantages but also some disadvantages. The access to information, which an individual may not want to give, needs the protection of privacy. The right to privacy is claimed qua the State and non-State actors. Recognition and enforcement of claims qua non-state actors may require legislative intervention by the State,” Justice Sanjay Kishan Kaul, one of the judges, said in his judgment. “There is an unprecedented need for regulation regarding the extent to which such information can be stored, processed and used by non-State actors. There is also a need for protection of such information from the State,” he noted. “We commend to the Union Government the need to examine and put into place a robust regime for data protection. The creation of such a regime requires a careful and sensitive balance between individual interests and legitimate concerns of the state,” noted Justice DY Chandrachud’s judgment, delivered on behalf of four judges including then then CJI Jagdish Singh Khehar. Towards a Data Protection Regime By that time, the government had already appointed a committee to look into the issues regarding enacting such a legislation, under the chairmanship of Justice B N Srikrishna, former Judge of the Supreme Court. Their brief was to identify key data protection issues and recommend methods for addressing them and ultimately come out with a draft data protection bill. The other members of the committee are Ajay Bhushan, CEO, Unique Identification Authority of India; Ajay Kumar, Additional Secretary, MeitY; Arghya Sengupta, Research Director, Vidhi Center for Legal Policy; Aruna Sundararajan, Secretary, Department of Telecom; Gulshan Rai, National Cyber Security Coordinator; Rajat Moona, Director, lIT, Raipur; Rama Vedashree, CEO, Data Security Council of India; and Rishikesha T Krishnan, Director, IIM, Indore. Four months after it was formed, on 27 November, the committee released a detailed whitepaper outlining all the issues that they found to be relevant, seeking responses from the public on these questions. The document goes into various issues, discusses how other such legislation such as EU’s GDPR have handled it and has listed its views on those issues while raising explicit questions. The last date for submission for the responses is 31 December, unless it is extended. 14 CIO&LEADER | December 2017
Cover Story+ When enacted, it is the businesses—data controllers and data processors as they are called—will have to comply with them. And it is a no-brainer that it is the CISOs and CIOs who will have a major role to play in that compliance; in most companies, they will lead the roll out The whitepaper starts by noting that a data protection framework in India must be based on the following seven principles: 1. Technology agnosticism - The law must be technology agnostic. It must be flexible to take into account changing technologies and standards of compliance. 2. Holistic application - The law must apply to both private sector entities and government. Differential obligations may be carved out in the law for certain legitimate state aims. 3. Informed consent - Consent is an expression of human autonomy. For such expression to be genuine, it must be informed and meaningful. The law must ensure that consent meets the aforementioned criteria. 4. Data minimization - Data that is processed ought to be minimal and necessary for the purposes for which such data is sought and other compatible purposes beneficial for the data subject. 5. Controller accountability - The data controller shall be held accountable for any processing of data, whether by itself or entities with which it may have shared the data for processing. 6. Structured enforcement - Enforcement of the data protection framework must be by a high-powered statutory authority with sufficient capacity. This must coexist with appropriately decentralised enforcement mechanisms. 7. Deterrent penalties - Penalties on wrongful processing must be adequate to ensure deterrence. When enacted, it is the businesses—data controllers and data processors as they are called—will have to comply with them. And it is a no-brainer that it is the CISOs and CIOs who will have a major role to play in that compliance; in most companies, they will lead the roll out. For their benefit, we have gone into the 233-page document and have extracted the most relevant questions that have a direct bearing on compliance, though it is recommended that they read the entire document, which is available at http://www.cioandleader.com/ dataprotectionwp We have selected only close-ended questions, that are most relevant. Questions about nuanced of legal approach too are avoided. To help you directly go to questions that interest you and the corresponding discussion that precedes them, we have provided the chapter no, chapter name, question number and the page number along with each question. Here are the selected questions. December 2017 | CIO&LEADER 15
Page 1: Insight: Wither Supercomputing? Pg
Page 4 and 5: Insight: Opinion Feature Volume 06
Page 6 and 7: INTERVIEW "Hybrid cloud serves as a
Page 8 and 9: Interview Nitin Mishra, Netmagic co
Page 10 and 11: GDPR: The Countdown to New Regime W
Page 12 and 13: Cover Story “In India, however, 7
Page 14 and 15: Cover Story tination,” - accordin
Page 18 and 19: Cover Story+ Whitepaper on Data Pro
Page 20: Cover Story+ Should there be strict
Page 23 and 24: Insight Measuring the Speed of Spee
Page 25 and 26: Insight AAutomation and intelligenc
Page 27 and 28: Insight AAs many as 96% of senior e
Page 29 and 30: Insight Worldwide IT Services Reven
Page 31 and 32: Insight mechanical systems. When da
Page 33 and 34: Insight D Don’t Fear AI Machine l
Page 35 and 36: Insight AAccording to 2018 Gartner
Page 37 and 38: Opinion WWe live in a time where te
Page 39 and 40: Opinion TTesla has already changed
Page 41 and 42: Feature IIn 1978, Transformational
Page 43: 100 Finance decision-makers of Indi

C&amp;L_December 2017 (1)

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

C&L_December 2017 (1)