Privacy Principles based Assessment: (DAF-P)

DSCI pioneered the DSCI Privacy Framework (DPF©) which promotes best privacy practices in nine areas. DSCI has been encouraging its adoption by the Indian industry since the publication of DPF© in 2010. The framework has received good response from the industry and it has been adopted by some large enterprises to establish their privacy programs. As part of DPF©, DSCI has also developed DSCI Privacy Principles which are based on the study and analysis of global privacy principles including those of FIPPs, OECD, EU, APEC, etc. DSCI Assessment Framework for Privacy (DAF-P)© is the logical progression of DPF© and can be used as the much required instrument to provide privacy assurance to external and internal stakeholders.

The privacy principles represent the core of privacy protection, and privacy concerns, till date, have more or less been addressed through use of privacy principles. There exist a lot of commonalities
in existing data protection regimes, in how they use privacy principles as a tool to address privacy concerns. DSCI has identified nine fundamental Privacy Principles which are derived from globally accepted principles of privacy. These nine principles form a superset of privacy principles. Concepts such as data minimization, privacy by design, privacy enhancing technologies, individual control etc. can be subsumed under these privacy principles. These principles are intended to provide the baseline level of privacy protection to all individual data subjects and end users. These principles
reflect the need for an assurance level that an organization should create in its transactions with the consumers and in its practices to keep intact privacy requirements.

The questionnaire has been divided into ten areas, corresponding to nine principles, with consent & choice having separate set of questions. Questions in each of these areas have been designed in a manner that ensures that the objective of each principle is met in implementation. In designing the questions, lot of emphasis was put on identifying all the possible perspectives / aspects related to the implementation of each privacy principle. These principles were mapped to different scenarios and the different levels (process or organizational) at which they can be implemented, in order to give more meaning and practicality to the assessment questions. To keep the assessment questionnaire contemporary, evolving issues, trends, approaches and practices were also taken into consideration by referring to latest discussions, new privacy approaches and principles, proposed revisions of privacy regulations and issues in the implementation of privacy principles. This approach, based on global privacy principles, is relevant for organizations having global operations. The assessment questionnaire is primarily intended to be used as a self-assessment tool. We have also designed an assessment questionnaire for helping organizations assess compliance against the privacy principles prescribed under section 43A of the IT (Amendment) Act, 2008 that can be used by the companies having operations in India.

For further details on this framework, please write to assessment@dsci.in