Message from the CEO

Digital age creates worries for an individual as to  how much personal information is being collected, where it is being stored, and who is using it and for what purpose. This is because in his various online interactions, for leisure and for work, he is asked to register with personal details, or is monitored on his habits through cookies and other tools. Through numerous ‘I accept’ clicks while surfing, he is giving rights over his personal information to these sites. The concept of ‘Privacy’, which traditionally meant intrusion in one’s physical space, has become much larger in the cyberspace. Data Privacy is evolving as a basic right of consumers. In certain countries, it is recognized as a fundamental right, guaranteed by the constitution and supporting legal framework.

“Data Privacy Day” on the 28th January, is an international celebration of the dignity of the individual expressed through personal information. This day is being organized across the globe to promote  dialogue among all of the stakeholders – businesses, individuals, government agencies, non-profit groups, academics, teachers and students – to look more thoroughly at how advanced technologies affect our daily lives. This initiative has the support of private organizations like Google, Intel, Microsoft and many more.  It was adopted by the 31st Privacy Commissioners Conference in Madrid in November, 2009.

I would like to use this opportunity, on the first Data Privacy Day to highlight some of the privacy specific initiatives in our country.

1. Government of India, enforced the IT (Amendment) Act, 2008 on the 27th October, 2009. Through this it has signaled a stronger data protection regime - clause 43 A mandates “Body Corporates” to implement ‘Reasonable Security Practices’ for the protection of ‘Sensitive Personal Information’
2. Reserve Bank of India issued a master circular in 2007 mandating Banks and Non-Banking Financial Companies (NBFCs) to adhere to privacy principles
3. DSCI has undertaken many initiatives to highlight, and contribute to creating more awareness on data privacy issues in the country.

A brief summary of major initiatives is as follows:

• Special awareness sessions on Privacy Protection in Delhi and other cities
• Awareness Seminars on IT (Amendment) Act among professionals; preparation of consultation paper on  definition of ‘Sensitive Personal Information’ and ‘Reasonable Security Practices’, and consultation with industry for submission to the government; consultation paper on Encryption Policy – encryption being an important Privacy Enhancing Technology – and its submission to the government
• Establish DSCI Privacy Framework (DPF) with its nine best practices, and twelve privacy principles based on major international principles
• Submitted a position paper in ‘Privacy commissioners’ Conference’ held in Nov 2009 at Spain
• Organized an international conference on ‘Biometrics and Data Protection’, under the RISE project, which is funded by EU
• Prepared a position paper highlighting security and privacy challenges in the UID Project of the Unique Identification Authority of India (UIDAI)
• A presentation on ” Privacy vis-a-vis Security India” in HIDE (Homeland Security, Biometric Identification & Personal Detection Ethics) Conference at Singapore held in July 2009
• Submission to European Union, through RISE Consortia, a paper on “Privacy Issues and the EU Data Protection Directives”
• A presentation on “India: building a new Ecosystem for Cyber Security and Data Protection” in 1st  International Conference of Project RISE (Rising Pan‐European and International Awareness of Biometrics and Security Ethics) at Hong Kong held in Jan 2010
• Meeting with Privacy Commissioner of Hong Kong to understand Hong Kong Data Protection Regulation and functioning of Privacy Office

DSCI believes that this cause deserves much more action on many fronts -  creating awareness, creating conducive policy environment, promoting of privacy enabling technologies and promoting adoption of  global practices. More importantly, we need to provide assurance to our clients in different geographies, and to the end customer (data subjects) about our commitment to privacy protection in trans-border data flows.

Next year onwards, DSCI will  join the international community in formally celebrating the ‘Privacy Day’. We will organize events throughout the country, and launch focused initiatives. As always, your support will be a key to the successful demonstration of India’s commitment to the cause of ‘Data Privacy’.

Kamlesh Bajaj
January 28, 2009