11th DSCI-NASSCOM Annual Information Security Summit 2016
Udbhav Tiwari participated as a panelist in the 11th DSCI-NASSSCOM Annual Information Security Summit 2016 in New Delhi on December 14, 2016. The event was organized by DSCI and NASSCOM.
The Panel was on "Designing Privacy in Data Centric Business Architectures - Designing Privacy in Product, Services & Operations". Udbhav's co-panelists were: Gowree Gokhle, Partner, Nishith Desai Associates - Moderator; Sachin Lodha, Principal Scientist, TCS Innovation Labs; and Ankur Jain, Director IT & CISO, PayU.
The discussion primarily focused on:
- Core Principles - Privacy should not solely be governed by laws, regulations and industry codes but should instead be guided by a core set of principles that companies choose to follow uniformly across their international presence. In fact, laws and regulations should form a basic, minimum standard of requirements and actual practice should attempt to follow these principles to ensure true compliance to the ideals of privacy. These core, minimal principles are: Notice, Transparency, Accountability, Security and Use Limitation.
- Privacy as an Incentive - Privacy should be looked at not as a isolated right or legal compliance but an inclusive outlook which can be economically beneficial to both consumer and enterprise facing companies. Customers are increasingly starting to value privacy and providing it in an transparent manner (along with ensuring sufficient modern technical infrastructure) to ensure reliable protection can distinguish business in an increasingly crowded marketplace.
- Sound Technological Bedrock - Privacy as a notion in data (and now big data) centric architectures can only be enforced with modern, secure and open technological processes that ensure policy compliance and provide a clear audit trail for any breaches. Measures such as Homomorphic encryption, Multi-party computation, K-anonymity and Identity Management systems must be explored, tested and implemented according to need and requirements of businesses to ensure adequate privacy protection.
- Need for a clear Indian legal framework - India's current legal framework with regard to privacy ranges from scattered to non existent, so there is a strong need for their to be a strong, clear and uniform legal framework to govern privacy for both Indian citizens as well as interactions with data from other jurisdictions. This will ensure that organisations will have a clear standard to follow, will have an easier time implementing privacy policies avoid sectoral clashes and can be held accountable for any breaches of legal standards. A large part of the work required for this has been done by the Justice AP Shah Committee on Privacy as well.
For more info see this page