Centre for Internet and Society

Cybersecurity Compilation

elonnai — 2017-06-18T13:15:49Z

For more details visit https://cis-india.org/internet-governance/files/cyber-security-compilation.pdf

Big Data and Positive Social Change in the Developing World

praskrishna — 2014-10-01T03:49:58Z

For more details visit https://cis-india.org/internet-governance/blog/big-data-and-positive-social-change.pdf

NCAER Parallel Imports Report

praskrishna — 2014-04-01T10:39:46Z

For more details visit https://cis-india.org/a2k/blogs/ncaer-parallel-imports-report.pdf

MLAT Report

Admin — 2018-09-27T15:53:24Z

For more details visit https://cis-india.org/internet-governance/files/mlat-report

DP Compendium

Admin — 2018-05-31T16:00:24Z

For more details visit https://cis-india.org/internet-governance/files/dp-compendium

Internet Shutdown Stories

Ambika Tandon — 2018-05-17T10:45:20Z

A collection of stories of the impact of internet shutdowns on the lives of Indian citizens.

For more details visit https://cis-india.org/internet-shutdown-stories

Openness

Subbiah Arunachalam and Anirudh Sridhar — 2014-05-30T07:59:15Z

The philosophy of openness is one that concerns itself with shifting power from centralized authorities of knowledge like owners to the community with its varied components like users, producers or contributors.

Many people think of openness as being merely about the digitization of pre-existing knowledge or content but it is far more than that. Often, as Nishant Shah puts it in his article “Big Data, People's Lives, and the Importance of Openness”[1] “it (openness) is about claiming access to knowledge and information hidden behind paywalls and gateways that are often produced using public resources.” Openness is important for the same reasons that access to knowledge is important, but it takes many different forms. We will be discussing Open Content, Open Access, Open (Government) Data, Free and Open Source Software and Open Standards.

After a quick narration of what we mean by commons and contents, we move on to open access to science and scholarship. We distinguish openness of knowledge as it prevails today from the public libraries of the print era and then move on to developments that led to the open access movement. We then discuss the status of open access in India and end with the bright future awaiting open access.

The notion of the ‘commons’ (meaning open to all) has been in existence for a very long time. For example, as early as the 4^th Century B C, Aristotle commented “What is common to the greatest number gets the least care!” [1] Ecologist Garret Hardin developed this notion into the ‘tragedy of the commons’ for explaining the numerous environmental crises and ecological dilemmas we face today [2]

Commons is defined as "resources accessible to all members of a society“. A good example of the commons is the village greens in Great Britain around which people reside and have their church and school. Then there are grazing lands for their cattle, and water bodies, which no one owns but everyone can use. The moment someone has a title deed for a piece of land he ‘encloses’ it with a fence. Even here, if that piece of land has been used for long by people to cross to the other side, the owner keeps open a narrow footpath.

It is only three or four decades ago the commons became an object of serious study. The idea of the ‘knowledge commons’ draws upon the work of people like Elinor Orstom on ‘common pool resources,’ ‘natural resource commons’ and ‘public good’ such as forests, water systems, fisheries, grazing fields and the global atmosphere all of which are common-pool resources of immense importance for the survival of humans on this earth [3-5].Ostrom and her colleague Charlotte Hess also contributed to knowledge commons and in particular to our understanding of scholarly communication and cultural resources as commons. Their work brought out the essential role of collective action and self-governance in making commons work [6].

Definitions
Before talking about knowledge commons let us define these terms:

Knowledge includes all useful ideas, information and data in whatever form in which it is expressed or obtained, and useful knowledge can be indigenous, scientific, scholarly, or non-academic. It also includes music and the visual and theatrical arts – humanity’s literary, artistic and cultural heritage.
Ostrom and Hess define a commons as a resource shared by a group of people that is subject to social dilemmas.
Social dilemma in the context of knowledge includes enclosure by intellectual property (IP) regulations, loss due to inadequate preservation or simple neglect, and different laws being applied to print and digital forms.
Open Knowledge Definition defines openness in relation to content and data thus: A piece of content or data is open if anyone is free to use, reuse, and redistribute it without technical or legal restrictions, subject only, at most, to the requirement to attribute and/ or share-alike [http://opendefinition.org]. And ‘digital commons’ is defined as "information and knowledge resources that are collectively created and owned or shared between or among a community and that is (generally freely) available to third parties. Thus, they are oriented to favour use and reuse, rather than to exchange as a commodity."

Free and Open Software

Definition
Free and open-source software (FOSS) is software that is both free and open source. Free software is software for which the source code is released when it is distributed. The users are free to adapt study and distribute the software.[2]Most commercially available software is proprietary software so the free software is mostly developed cooperatively. The free software movement was launched in 1983 which was a social movement for the attaining these freedoms for software users. It basically draws upon the 1970’s hacker culture but the founder of the movement Richard Stallman started the GNU Project in 1983.[3] Open source software (OSS) is released with its source code and the license is one where the copyright holder extends the right for users to study, change and distribute the software to anyone and for any purpose. OSS is also often developed collaboratively in a public endeavor. Free software licenses and open-source licenses are often used by many software packages instead of proprietary software licenses which have restrictive copyrights. Usually all software and bug fixes under this are also made available under the same free and open licenses which creates a kind of living software. These types of software are essential for society moving forward because they help reduce costs, increases productivity, enhance security, and improve compliance standards. FOSS presents the lowest risk among software systems because they have the best long term investment protection.

UNESCO has recognized the importance of FOSS as a practical tool in development and in achieving the Millennium Development Goals (MDG).[4]

It recognizes that:

Software plays a crucial role in access to information and knowledge;
Different software models, including proprietary, open-source and free software, have many possibilities to increase competition, access by users, diversity of choice and to enable all users to develop solutions which best meet their requirements;
The development and use of open, interoperable, non-discriminatory standards for information handling and access are important elements in the development of effective infostructures;
The community approaches to software development has great potential to contribute to operationalize the concept of Knowledge Societies;
The Free and Open Source Software (FOSS) model provides interesting tools and processes with which people can create, exchange, share and exploit software and knowledge efficiently and effectively;
FOSS can play an important role as a practical instrument for development as its free and open aspirations make it a natural component of development efforts in the context of the Millennium Development Goals (MDGs);
Consistent support plays an important role in the success and sustainability of FOSS solutions;
All software choices should be based upon the solution's ability to achieve the best overall return on technology investments.[5]

Organizations[6]
There is no rule that excludes anyone who wants to support FOSS from doing so. Usually, however, the trend shows that non-profit organizations (NPO), academic institutions, developers and support/service businesses invest their time and resources in these projects. Here are some of the important organizations that have supported FOSS:

FLOSS Manuals -- FLOSS Manuals is a community that creates free manuals for free and open source software.
FOSS Learning Centre – They are an international NPO that is a center for information and training about FOSS.
GOSLING - "Getting Open Source Logic Into Governments" is a knowledge sharing community assist with the introduction and use of free/libre software solutions in the Canadian Federal and other government operations.
International Open Source Network -- "The vision is that developing countries in the Asia-Pacific Region can achieve rapid and sustained economic and social development by using effective FOSS ICT solutions to bridge the digital divide."
Open Source for America – This is a combination of NGO’s, academic institutions, associations, technology industry leaders that advocates and helps raise the awareness of FOSS in the US Government.
Open Source Initiative – This was the organization that first gave mass market appeal to the term “open source. They are the recognized certification authority for whether or not a given software license is FOSS.
Open Source Software Institute – This is another NPO that consists of government, academic and corporate representation and they encourage open-source solutions in U.S. government agencies and academic entities.
OSS Watch – This is a public institution in the UK which provides advice on the development and licensing of FOSS.
SchoolForge – They offer references to references to open texts and lessons, open curricula, and free open source software in education.

Types of Licenses[7]
Source Code: This is a code that is readable by humans. It has statements like:*Simple Hello Button () method.

When a computer is running, a source code is translated into binary code which is not readable or modifiable by humans. It reads something like:01011001101.

The licenses that will illuminate where FOSS licenses stand relatively are GPL licenses (that are the most restrictive) and BSD licenses (which are almost public domain). The primary distinction between these two is the way in which source code is treated as opposed to binary code.

The GPL license differed from prior ones because they stipulated that the source code has to be provided along with the binary code which meant that the licensees could use and change the source code. This requirement was an important part of the domino effect in driving innovation since old industrial standards did not apply to software. However, though this freedom with binaries produced exists, there are no requirements to make the source available. The prime difference between the two being that legally, the release of the BSD source is completely at the discretion of the releasing entity.

The following table compares different kinds of FOSS licenses. In order to be considered as such, the bare minimum is for the licenses to pass the first four tests in the table.[8]

	Source must be free	Must retain copyright notice	Can sell executable without restriction	Modifications covered under license	Prevented from use for software or data locking	Linked code covered under license	New updates to license will apply	Patent retaliation, loss of use if suit brought	Can sell source code
GPL V3	Y	Y	Y	Y	Y	N	Y	?	N
Mozilla (V1.1)	Y	Y	Y	Y	N	N	Y	Y	N
BSD	Y	Y	Y	Y	N	N	N	N	Y

Differences[9]
The most salient distinction between the two types of software comes from the principles behind them. For the “open source” movement, the idea that software should be open source is a practical one and isn’t concerned with the ethical dimensions behind the question. For the free software movement, the problem behind software licenses is a social one for which free software is the solution.


Openness poster depicting the 4 freedoms of Free and Open Source Software. By 2016 approximately 86% of all video content will be internet video.

FOSS in India

Many support groups like the Free Software Movement of India and various NGO’s have spawned in order to campaign for FOSS in India.[10]

The National Resource Centre for Free and Open Source Software (NRCFOSS) was an initiative by the DIT in 2005 in order to be the central point for all FOSS related activities in India. Through awareness campaigns, training programs and workshops a large collection of FOSS trained teacher and student communities have been formed across India.[11] In many curricula in technical institutes, FOSS is even offered as an elective. The Department of Electronics and Information Technology (DEITY) boasts of “BOSS – Bharat Operating System Solutions External website that opens in a new windowis a GNU/Linux based localized Operating System distribution that supports 18 Indian languages - Assamese, Bengali, Bodo, Gujarati, Hindi, Kannada, Kashmiri, Konkani, Maithili, Malayalam, Manipuri, Marathi, Oriya, Punjabi, Sanskrit, Tamil, Telegu and Urdu.”[12]

Case Study: Curoverse[13]
Open source software is a mainstream enterprise that can be both beneficial to society, academia and companies. This was the underlying assumption when $1.5 million was invested in an open source genomics tool project at Curoverse, Boston. The Personal Genome Project (PGP) endeavors to sequence 100,000 human genomes in the U.S. The storage of these massive amounts of data is facilitated by Arvados, which is an open source computational platform. Curoverse, which is a product of the PGP is planning to release its commercial products next year and in anticipation, Boston Global Ventures and Common Angels have invested $1.5 M. The PGP, according to George Church (the creator), the database needed to hold almost one Exabyte of data for the researchers to efficiently analyze the data. Some of the functions necessary were the ability to share the data between research centers and to make sure that complex analyses could be reproduced. In order to satisfy these requirements, the software had to open source. Although similar to the new age cloud computing the software Arvados was programmed to hold extremely high amounts of genetic data. It can run on both public and private cloud services, so it’ll be available both on Amazon and other cloud platforms. Although this software was developed in 2006, the project hadn’t officially taken off but this investment in open source software coming from high impact technology companies like Boston Global Ventures.

Case Study: Open-Sorcerers[14]
Many magical tricks can be protected by copyright. For example, Teller from Penn and teller fame is suing a Dutch magician for allegedly stealing his “shadow” illusion. Litigating on these matters is proving to be extremely difficult so magicians, like programmers are taking the route of open-source licenses. This doesn’t mean that they would just share magical secrets in violation of the Alliance of Magicians on a forum like YouTube. This is more congruous with what open source technology activists advocate which is the idea of collaboration. If magicians work with more technologists, artists, programmers, scientists and other magicians, there could be better illusions and a general cross-pollination of magical ideas among various disciplines. For this, the technology behind these illusions needs to be freely available and the licenses have to open up for open sorcerers. Techno-illusionist Marco Tempest and Kieron Kirlkland from a digital creativity development studio in Bristol are the main proponents of open source in magic. Tempest has stated that famous magicians in the status quo contract illusion engineers, technologists or other magicians to design new effects for their acts and make them all sign secrecy agreements and the creators have no ownership of what they have created. This has been detrimental to innovation and perfection of techniques as they are not allowed to refine their work over time. If the ownership is instead shared and freely available to the co-creators and developers, then it would lead to better illusions and speed up the process faster.

Open Standards

Definition
Interoperability has many social, technical and economic benefits and interoperability on the internet magnifies these benefits many fold. Interoperability, unlike a lot of other economically beneficial changes, was not a result of the adapting markets. It came about in what modest existence it has, through a concerted effort from processes and practices by the IETF, the W3C and the Interop conferences among others.[15]

Open standards are applicable to any application programming interface, a hardware interface, a file format, a communication protocol, a specification of user interactions, or any other form of data interchange and program control.[16]

The billions of dollars of capital investment in the past few years since the internet’s advent into the mainstream has come from an understanding of very basic laws of the market. Metcalfe’s law says the value of interoperability increases geometrically with the number of compatible participants. Reed’s law states that a network’s utility exponentially increases as the number of subgroups increase.The problem with having standards for this interoperability is that the open standard either needs to be most open or most inclusive and unlike in many other cases we have discussed, here it can’t be both. If it wants to be inclusive, it should have standards that permit any license that is free, closed or open. It should have standards that have any type of implementation under any implementor.[17] On the other hand, if it to support the idea of openness, the best practices will exclude certain practices in the market like proprietary standards. Though traditionally meant to incentivize compliance by claiming a set of standards to be best practices, under this, some try to be unique in the market by adding on additional properties that are not a part of the open standards but claim that they implement “open standards” for strategic advantage. Others even defy the logic of having standards by claiming that their new additions embody open standards better.

As we have seen, due to the various conceptions of the good in open standards, there isn’t a universally accepted definition of open standards. The FOSS community largely accepts the following definition with contention from the industry.

[S]ubject to full public assessment and use without constraints [royalty-free] in a manner equally available to all parties; without any components or extensions that have dependencies on formats or protocols that do not meet the definition of an open standard themselves; free from legal or technical clauses that limit its utilization by any party or in any business model; managed and further developed independently of any single vendor in a process open to the equal participation of competitors and third parties; available in multiple complete implementations by competing vendors, or as a complete implementation equally available to all parties.[18]

A standard can be considered open if it does the job of achieving the following goals. It has to increase the market for a particular technology by facilitating investment in that technology by both consumers and suppliers. It has to do this by making sure these investors don’t have to pay monopoly rent or deal with trade secret, copyright, patent or trademark problems. In retrospect, we have learned that the only standards that have achieved these goals are ones that encourage an open-source philosophy.

Proprietary software manufacturers, vendors and their lobbyists often provide a definition of open standards that is not in line with the above definitions on two counts (Nah, 2006).

One, they do not think it is necessary for an open standard to be available on a royalty-free basis as long as it is available under a “reasonable and non-discriminatory” (RAND) licence. This means that there are some patents associated with the standard and the owners of the patents have agreed to license them under reasonable and non-discriminatory terms (W3C, 2002). One example is the audio format MP3, an ISO/IEC [International Organisation for Standardisation/International Electrotechnical Commission] standard where the associated patents are owned by Thomson Consumer Electronics and the Fraunhofer Society of Germany. A developer of a game with MP3 support would have to pay USD 2,500 as royalty for using the standard. While this may be reasonable in the United States (US), it is unthinkable for an entrepreneur from Bangladesh. Additionally, RAND licences are incompatible with most FOSS licensing requirements. Simon Phipps of Sun Microsystems says that FOSS “serves as the canary in the coalmine for the word ‘open’. Standards are truly open when they can be implemented without fear as free software in an open source community” (Phipps, 2007). RAND licences also retard the growth of FOSS, since they are patented in a few countries. Despite the fact that software is not patentable in most parts of the world, the makers of various distributions of GNU/Linux do not include reverse-engineered drivers, codecs, etc., in the official builds for fear of being sued. Only the large corporation-backed distributions of GNU/Linux can afford to pay the royalties needed to include patented software in the official builds (in this way enabling an enhanced out-of-the-box experience). This has the effect of slowing the adoption of GNU/Linux, as less experienced users using community-backed distributions do not have access to the wide variety of drivers and codecs that users of other operating systems do (Disposable, 2004). This vicious circle effectively ensures negligible market presence of smaller community-driven projects by artificial reduction of competition.

Two, proprietary software promoters do not believe that open standards should be “managed and further developed independently of any single vendor,” as the following examples will demonstrate. This is equally applicable to both new and existing standards.

Microsoft’s Office Open XML (OOXML) is a relatively new standard which the FOSS community sees as a redundant alternative to the existing Open Document Format (ODF). During the OOXML process, delegates were unhappy with the fact that many components were specific to Microsoft technology, amongst other issues. By the end of a fast-track process at the ISO, Microsoft stands accused of committee stuffing: that is, using its corporate social responsibility wing to coax non-governmental organisations to send form letters to national standards committees, and haranguing those who opposed OOXML. Of the twelve new national board members that joined ISO after the OOXML process started, ten voted “yes” in the first ballot (Weir, 2007). The European Commission, which has already fined Microsoft USD 2.57 billion for anti-competitive behaviour, is currently investigating the allegations of committee stuffing (Calore, 2007). Microsoft was able to use its financial muscle and monopoly to fast-track the standard and get it approved. In this way it has managed to subvert the participatory nature of a standards-setting organisation. So even though Microsoft is ostensibly giving up control of its primary file format to the ISO, it still exerts enormous influence over the future of the standard.

HTML, on the other hand, is a relatively old standard which was initially promoted by the Internet Engineering Task Force (IETF), an international community of techies. However, in 2002, seven years after the birth of HTML 2.0, the US Department of Justice alleged that Microsoft used the strategy of “embrace, extend, and extinguish” (US DoJ, 1999) in an attempt to create a monopoly among web browsers. It said that Microsoft used its dominance in the desktop operating system market to achieve dominance in the web-authoring tool and browser market by introducing proprietary extensions to the HTML standard (Festa, 2002). In other words, financial and market muscle have been employed by proprietary software companies – in these instances, Microsoft – to hijack open standards.

The Importance
There are many technical, social and ethical reasons for the adoption and use of open standards. Some of the reasons that should concern governments and other organisations utilising public money – such as multilaterals, bilaterals, civil society organisations, research organisations and educational institutions – are listed below.

Innovation/competitiveness: Open standards are the bases of most technological innovations, the best example of which would be the internet itself (Raymond, 2000). The building blocks of the internet and associated services like the world wide web are based on open standards such as TCP/IP, HTTP, HTML, CSS, XML, POP3 and SMTP. Open standards create a level playing field that ensures greater competition between large and small, local and foreign, and new and old companies, resulting in innovative products and services. Instant messaging, voice over internet protocol (VoIP), wikis, blogging, file-sharing and many other applications with large-scale global adoption were invented by individuals and small and medium enterprises, and not by multinational corporations.

Greater interoperability: Open standards ensure the ubiquity of the internet experience by allowing different devices to interoperate seamlessly. It is only due to open standards that consumers are able to use products and services from competing vendors interchangeably and simultaneously in a seamless fashion, without having to learn additional skills or acquire converters. For instance, the mail standard IMAP can be used from a variety of operating systems (Mac, Linux and Windows), mail clients (Evolution, Thunderbird, Outlook Express) and web-based mail clients. Email would be a completely different experience if we were not able to use our friends’ computers, our mobile phones, or a cybercafé to check our mail.

Customer autonomy: Open standards also empower consumers and transform them into co-creators or “prosumers” (Toffler, 1980). Open standards prevent vendor lock-in by ensuring that the customer is able to shift easily from one product or service provider to another without significant efforts or costs resulting from migration.

Reduced cost: Open standards eliminate patent rents, resulting in a reduction of total cost of ownership. This helps civil society develop products and services for the poor.

Reduced obsolescence: Software companies can leverage their clients’ dependence on proprietary standards to engineer obsolescence into their products and force their clients to keep upgrading to newer versions of software. Open standards ensure that civil society, governments and others can continue to use old hardware and software, which can be quite handy for sectors that are strapped for financial resources.

Accessibility: Operating system-level accessibility infrastructure such as magnifiers, screen readers and text-to-voice engines require compliance to open standards. Open standards therefore ensure greater access by people with disabilities, the elderly, and neo-literate and illiterate users. Examples include the US government’s Section 508 standards, and the World Wide Web Consortium’s (W3C) WAI-AA standards.

Free access to the state: Open standards enable access without forcing citizens to purchase or pirate software in order to interact with the state. This is critical given the right to information and the freedom of information legislations being enacted and implemented in many countries these days.

Privacy/security: Open standards enable the citizen to examine communications between personal and state-controlled devices and networks. For example, open standards allow users to see whether data from their media player and browser history are being transmitted along to government servers when they file their tax returns. Open standards also help prevent corporate surveillance.

Data longevity and archiving: Open standards ensure that the expiry of software licences does not prevent the state from accessing its own information and data. They also ensure that knowledge that has been passed on to our generation, and the knowledge generated by our generation, is safely transmitted to all generations to come.

Media monitoring: Open standards ensure that the voluntary sector, media monitoring services and public archives can keep track of the ever-increasing supply of text, audio, video and multimedia generated by the global news, entertainment and gaming industries. In democracies, watchdogs should be permitted to reverse-engineer proprietary standards and archive critical ephemeral media in open standards.

Principles[19]

Availability:Open Standards should be available for everyone to access.
Maximize End-User Choice:Open Standards should lead to a competitive and fair market and shouldn’t restrict consumer choices.
No Royalty:Open Standards should be free of cost for any entity to implement while there maybe some fee for certification of compliance.
No Discrimination:Open Standards should not show preference to one implementer over another as previously discussed except for the tautological reason of the compliance with the standard. The authorities that are certifying these implementers should offer a low or zero-cost implementation scheme.
Extension or Subset:Open Standards may be allowed in a subset or can allow for extensions form but certifying authorities can decline from certifying subset implementations and have specific conditions for extensions.


HTTP, HTML, TCP/IP, SSL, etc., are all royalty free open standards and are building blocks on the Internet.

OSI Criteria[20]
In addition, to make sure that the Open Standards also promote an open source philosophy, the Open Source Initiative (OSI), which is the steward of the open source definition, has a set of criteria for open standards.

“No Intentional Secrets: The standard MUST NOT withhold any detail necessary for interoperable implementation. As flaws are inevitable, the standard MUST define a process for fixing flaws identified during implementation and interoperability testing and to incorporate said changes into a revised version or superseding version of the standard to be released under terms that do not violate the OSR.
Availability: The standard MUST be freely and publicly available (e.g., from a stable web site) under royalty-free terms at reasonable and non-discriminatory cost.
Patents: All patents essential to implementation of the standard must:
- be licensed under royalty-free terms for unrestricted use, or
- be covered by a promise of non-assertion when practiced by open source software
No Agreements: There must not be any requirement for execution of a license agreement, NDA, grant, click-through, or any other form of paperwork to deploy conforming implementations of the standard.
No OSR-Incompatible Dependencies: Implementation of the standard must not require any other technology that fails to meet the criteria of this Requirement.”

W3C Criteria[21]
The W3C also has a list of criteria in order to be called “Open Standards”.

Transparency (due process is public, and all technical discussions, meeting minutes, are archived and referencable in decision making)
Relevance (new standardization is started upon due analysis of the market needs, including requirements phase, e.g. accessibility, multi-linguism)
Openness (anybody can participate, and everybody does: industry, individual, public, government bodies, academia, on a worldwide scale)
Impartiality and consensus (guaranteed fairness by the process and the neutral hosting of the W3C organization, with equal weight for each participant)
Availability (free access to the standard text, both during development and at final stage, translations, and clear IPR rules for implementation, allowing open source development in the case of Internet/Web technologies)
Maintenance (ongoing process for testing, errata, revision, permanent access)”

Case Study: Digital Colonialism
Imagine back to a world in which a foreign power leases out a piece of land and you grow crops on it. You have produced crops there for many seasons and used the sales to buy a nice windmill. One day, the lease expires and the foreign power come and seizes not only your crops but also your windmill. Now if we apply the same story in a proprietary standards regime, imagine you were to license a copy of Microsoft Office for 28 days. You have stored documents in .doc, .xls and .ppt format. On the day that the license expires, you will not only lose your ability to use Word, Excel and PowerPoint, you will in fact lose all your documents in .doc, .xls and .ppt formats!

Additional Readings

Internet Engineering Task Force, OpenStandards.net,http://www.openstandards.net/viewOSnet2C.jsp?showModuleName=Organizations&mode=1&acronym=IETF
Standards, W3C, http://www.w3.org/standards/
Open Standards, http://www.open-std.org/
Pranesh Prakash, “Report on Open Standards for GISW 2008”, Centre for Internet and Society, 2008, http://cis-india.org/publications-automated/cis/sunil/Open-Standards-GISW-2008.pdf/at_download/file
Sunil Abraham, “Response to the Draft National Policy on Open Standards for e-Governance”, Centre for Internet and Society, 2008, http://cis-india.org/openness/publications/standards/the-response
Pranesh Prakash, “Second Response to Draft National Policy on Open Standards for e-Governance”, Centre for Internet and Society, 2008,http://cis-india.org/openness/publications/standards/second-response
Definition of “Open Standards”, International Telecommunication Union, http://www.itu.int/en/ITU-T/ipr/Pages/open.aspx

Open Content

Definition
The premise of an Open Content license is that, unlike most copyright licenses, which impose stringent conditions on the usage of the work, the Open Content licenses enable users to have certain freedoms by granting them rights. Some of these rights are usually common to all Open Content licenses, such as the right to copy the work and the right to distribute the work. Depending on the particular license, the user may also have the right to modify the work, create derivative works, perform the work, display the work and distribute the derivative works.

When choosing a license, the first thing that you will have to decide is the extent to which you are willing to grant someone rights over your work. For instance, let us suppose you have created a font. If you do not have a problem if people create other versions of it, then you can choose a license that grants the user all rights. If, on the other hand, you are willing to allow people to copy the font and distribute it, but you do not want them to change the typeface or create versions of it, then you can choose a more restrictive license that only grants them the first two rights.

Most open content licenses share a few common features that distinguish them from traditional copyright licenses.

These can be understood in the following ways:

Basis of the license/ validity of the license. (Discussed above)
Rights granted. (Discussed above)
Derivative works.d. Commercial/ non-commercial usage.e. Procedural requirements imposed.
Appropriate credits.
They do not effect fair use rights.
Absence of warranty.
Standard legal clauses

Derivate Works
Any work that is based on an original work created by you is a derivative work. The key difference between different kinds of Open Content licenses is the method that they adopt to deal with the question of derivative works. This issue is an inheritance from the licensing issues in the Free Software environment. The GNU GPL, for instance, makes it mandatory that any derivative work created from a work licensed under the GNU GPL must also be licensed under the GNU GPL. This is a means of ensuring that no one can create a derivative work from a free work which can then be licensed with restrictive terms and conditions. In other words, it ensures that a work that has been made available in the public domain cannot be taken outside of the public domain.

On the other hand, you may have a license like the Berkeley Software Distribution (BSD) software license that may allow a person who creates a derivative work to license that derivative work under a proprietary or closed source license. This ability to control a derivative work through a license is perhaps the most important aspect of the Open Content licenses. They ensure, in a sense, a self perpetuity. Since a person cannot make a derivative work without your permission, your permission is granted on the condition that s/he also allows others to use the derivative work freely. In Open Content licenses, the right to create a derivative work normally includes the right to create it in all media. Thus, if I license a story under an Open Content license, I also grant the user the right to create an audio rendition of it. The obligation to ensure that the derivative work is also licensed under the terms and conditions of the Open Content license is not applicable, however, in cases where the work is merely aggregated into a collection / anthology / compilation. For instance, suppose that I have drawn and written a comic called X, which is being included in a general anthology. In such a case, the other comics in the anthology may be licensed under different terms, and the Open Content license is not applicable to them and will only be applicable to my comic X in the anthology.

Commercial / Non-Commercial Usage
Another important aspect of Open Content licenses is the question of commercial / non-commercial usages. For instance, I may license a piece of video that I have made, but only as long as the user is using it for non-commercial purposes. On the other hand, a very liberal license may grant the person all rights, including the right to commercially exploit the work.

Procedural Requirements Imposed
Most Open Content licenses require a very strict adherence to procedures that have to be followed by the end user if s/he wants to distribute the work, and this holds true even for derivative works. The licenses normally demand that a copy of the license accompanies the work, or the inclusion of some sign or symbol which indicates the nature of the license that the work is being distributed under, for instance, and information about where this license may be obtained. This procedure is critical to ensure that all the rights granted and all the obligations imposed under the license are also passed onto third parties who acquire the work.

Appropriate Credits
The next procedural requirement that has to be strictly followed is that there should be appropriate credits given to the author of the work. This procedure applies in two scenarios. In the first scenario, when the end user distributes the work to a third party, then s/he should ensure that the original author is duly acknowledged and credited. The procedure also applies when the end user wants to modify the work or create a derivative work. Then, the derivative work should clearly mention the author of the original and also mention where the original can be found.

The importance of this clause arises from the fact that, while Open Content licenses seek to create an alternative ethos of sharing and collaboration, it also understands the importance of crediting the author. Very often, in the absence of monetary incentive, other motivating factors such as recognition, reputation and honour become very important. Open Content licenses, far from ignoring the rights of the author, insist on strict procedures so that these authorial rights are respected. You may copy and distribute the Document in any medium, either commercially or non-commercially, provided that this License, the copyright notices, and the license notice saying this license applies to the document are reproduced in all copies, and that you add no other conditions whatsover to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute.

Open content licenses do not effect fair use rights
Under copyright law, there is an exception to infringement and this is known as the fair use exception. Fair use exceptions generally include using portions for critique or review, and certain non-commercial or educational academic uses etc. Open content licenses make it clear that 48 49the terms and conditions of the license do not affect your fair use rights. Thus even if someone is in disagreement with the terms and conditions, and refuses to enter into the open content license, s/he may still have the freedom to use the work to the extent that is allowed by the principles of his/her fair use rights.

Absence of warranty
Since more often than not the work is being made available at no financial cost and also gives the user certain freedoms, most open content licenses have a standard clause which states that the work is being provided without any warranty or on an ‘as is’ basis. The licensor cannot be in a position to provide any warranty on the work. A few licenses however provide the end-user the option of providing a warranty on services, or a warranty on the derivative work so long as that warranty is one between the licensee and the third party.

Standard legal clauses
A few other clauses that appear at the end of most open content licenses are the standard legal clauses that are included in most legal agreements, and you don’t have to worry too much about them while choosing a license.

These generally include:

Severability: This means that even if one portion of the license is held to be invalid the other portions will still continue to have effect.
Limitation on liability: The licenses normally state that the licensor will not be liable for anything arising from the use of the work. Thus, for instance, an end-user cannot claim that he suffered mental trauma as a result of the work.
The licenses do not allow you to modify any portion of the license while redistributing works, etc.
Termination: Most licenses state that the rights granted to the licensee are automatically terminated the moment s/he violates any obligation under the license.

Libraries as Content Providers and the Role of Technology
Content is for people’s use. First it was the library which facilitated access to knowledge for the use by the lay public. The first among the five laws enunciated by the famous Indian librarian Ranganathan [7] emphasizes this point: “Books are for use.” And it was technology which enabled large scale production of content in the form of books and subsequently facilitated ease of access.

Let us take text as content first. Before Gutenberg invented printing using movable types (c. 1436-1440) scribes used to write on vellum by hand. It was a painfully slow process and the reach was very limited. Gutenberg brought about probably the greatest game changing technology which within a very few years revolutionized many aspects of human life and history like never before. Peter Drucker has captured this revolution beautifully in an article in The Atlantic [8]

The public library became the content commons in the print era. Of course, long before Gutenberg there were some great libraries, e.g., Royal Library of Alexandria (Egypt), Taxila University Library, Nalanda University Library (Bihar, India), Bayt Al Hiqma (Baghdad, Iraq) and the Imperial Library of Library of Constantinople (in the capital of the Byzantine Empire). None of these could survive the ravages of time. Thanks to printing, the numbers increased rapidly and the library movement spread to far corners of the globe.

The major public libraries of today are performing a great job with huge collections. The US Library of Congress in Washington DC has 155 million items occupying 838 miles of shelf space, of which 35 million are print material, 68 million are manuscripts, and 5.4 million are maps. Besides these, LoC has 6.5 million pieces of sheet music, 13.6 million photographs and 3.4 million recordings.

The British Library in London has more than 150 million items with 3 million being added annually. If one reads 5 items a day, it will take 80,000 years to complete the current collection. The National Library of Russia stocks more than 36.4 million items. The Russian State Library, the legendary 'Leninka,' comprises a unique collection of Russian and foreign documents in 247 languages, stocking over 43 million items.

Now every major library emphasizes improved access. Here are some excerpts from Mission statements of some large institutions around the world.

British Library: “Enable access to everyone who wants to do research.”
National Library of the Netherlands: “Our core values are accessibility, sustainability, innovation and cooperation.”
German Federal Archives: “legal responsibility of permanently preserving the federal archival documents and making them available for use.”
Danish National Gallery: “Through accessibility, education, and exhibition.”
Victoria & Albert Museum: “To provide diverse audience with the best quality experience and optimum access to our collections, physically and digitally.”

I have included in this sample of galleries, archives, and museums as well as all of them deal with cultural content. Indeed the Open Knowledge Foundation has a major project called OpenGLAM.

In India the first network of public libraries covering a whole state was set up more than a hundred years ago by the Maharaja of Baroda (Sayaji Rao Gaekwad III), a truly benevolent king [9]. In the US though, the public library movement was essentially the gift of a ruthless industrialist who was believed to have been unfair to the workers in his steel mills. But the more than 2,000 libraries Andrew Carnegie helped set up are truly a democratizing force.

Today the Bill and Melinda Gates Foundation promotes libraries in the developing and emerging economies and through their Access to Knowledge award they leverage the use of ICT in libraries.

While public libraries opened up a vast treasure of knowledge to a large number of people many of whom could not have had an opportunity to read even a few of the books in their collections, they had not provided ‘open access.’ That has to wait a little longer.

The Internet era not only helped traditional libraries to introduce new services but also gave birth to many free and open libraries such as Internet Archive and Project Gutenberg. The Internet Archive aims to provide ‘universal access to all knowledge’ and includes texts, audio, moving images, and software as well as archived web pages, and provides specialized services for adaptive reading and information access for the blind and other persons with disabilities. Project Gutenberg encourages the creation of ebooks.

The best known examples of more recent initiatives are Europeana and the Digital Public Library of America (DPLA) both of which take full advantage of the possibilities offered by the Internet. Europeana provides access to 22.6 million objects (from over 2,000 institutions). These include 14.6 million images – paintings, photographs, etc. and 8.4 million books, magazines, newspapers, diaries, etc. DPLA is not even a year old but it already provides access to more than 5.4 million items from a number of libraries, archives and museums.

In India there are efforts to digitize print material, paintings, images, music, films, etc. The Digital Library of India (DLI) and the Indira Gandhi National Centre for Arts (IGCNA) are two examples. Currently, the Ministry of Culture is toying with the idea of a setting up a National Virtual Library.

Apart from libraries which provide electronic access to millions, a very large number of newspapers and magazines and websites also are freely accessible on the net.

Perhaps one of the most important development in Open Content that has affected people’s access to knowledge worldwide has been Wikipedia. Alexa rans it 6th among all websites globally and approximately 365 million users worldwide read Wikipedia content.

The Creative Commons System
Critiquing a system is merely one side of the coin. Offering viable alternatives or solutions to the lacunae identified in the status quo significantly buttresses critical claims. Alternatives have moved to the internet and understood the logic of its read-write culture. New media such as YouTube and platforms like WordPress have made each one of us not mere consumers of information but potential authors, film makers. Any viable alternative must contemplate this transformation of the read-only culture of the internet to the read-write culture.

Creative Commons (CC) is a non-profit organization that functions across the world to provide licensing tools to authors of creative works. The key distinguishing feature of this system is that the authors have the right to decide under what license they want to make their work available. The system was conceptualized by a number of individuals at the helm of the copyleft movement, of whom the most prominent was Professor Lawrence Lessig.

The creative commons system stands for ‘Some Rights Reserved’, a deviation from the ‘all rights reserved’ model of strict copyright law. The rights to be reserved are left to the discretion of the author.

Types of Licenses
1.    Attribution License – CC BY
2.    Attribution-ShareAlike : CC BY-SA
3.    Attribution-NoDerivatives License : CC BY-ND
4.    Attribution-NonCommercial License : CC BY-NC
5.    Attribution-NonCommercial-ShareAlike : CC BY-NC-SA
6.    Attribution-NonCommercial-NoDerivs- CC BY-NC-ND LICENSE

Exceptions to Open Content
There are two kinds of critiques that have been made about the limitations of Open Content initiatives. The first is a policy - level critique which argues that the voluntary nature of Open Content projects diverts from the larger issue of the need for urgent structural transformations in the global copyright regime. It is argued, for instance, that by relying on copyright, even in a creative variation of it, it still ends up strengthening the copyright system. The larger problem of access to knowledge and culture can only be solved through a long-term intervention in the global copyright regime from the Berne Convention to the TRIPS agreement.

Open Content has also been criticized on the grounds that it privileges the traditional idea of the author at the center of knowledge / culture at the costs of focusing on users. By giving authors the right to participate in a flexible licensing policy, Open Content initiatives end up privileging the notion of the desirability of creating property rights in expressions; cultural and literary products are considered as commodities, albeit ones that the creator can decide to make accessible (or not0, much like a person can decide whether or not to invite someone into his / her house.

A second-level critique asks the question of the relevance of Open Content projects, with their heavy reliance on the Internet. According to the Copysouth group:
It is unlikely that more than a tiny percentage of the works created on a global basis in any year will be available under Creative Commons (CC) licenses. Will the percentage be even less within the Southern Hemisphere? This seems likely. Hence, CC licenses will be of limited value in meeting the expansive access needs of the South in the near future. Nor do CC licenses provide access to already published works or music that are still restricted by copyright laws; these form the overwhelming majority of current material. Focusing on CC licenses may potentially sideline or detour people from analyzing how existing copyright laws block access and how policy changes on a societal level, rather than the actions of individual "good guys", are the key to improving access and the related problems of copyright laws and ideology which are discussed elsewhere in this draft dossier. Nor does it confront the fact that many creators (e.g. most musicians, most academic authors) may be required, because of unequal bargaining power, to assign copyright in their own work to a record company or publisher as a condition of getting their work produced or published.

Finally, a number of Open Content initiatives have an uncomfortable take on other modes through which most people in developing nations have access to knowledge and cultural commodities, namely, piracy, and its critical relation to infrastructure. The emphasis of Open Content on the creation of new content of course raises the question of who uses the new content, and what is the relationship between such content and the question of democratization of infrastructure?

In most cases, the reason for the fall in price of electronic goods, computers, great access to material, increase in photocopiers (the infrastructure of information flows), etc. is not caused in any manner through any radical revolution such as Free Software or Open Content, but really through the easier availability of standard mainstream commodities like Microsoft software and Hollywood. Open Content is unable to provide a solution to the problem of content that is locked up within current copyright regimes. As much as one would like to promote new artists, new books, etc., the fact remains that a bulk of the people do want the latest Hollywood / Bollywood films for a cheaper cost; they do want the latest proprietary software at a cheaper cost; and they do want to read Harry Potter without paying a ransom.

We can either take the moral higher ground and speak of their real information needs or provide crude theories of how they are trapped by false consciousness. Or, we can move away from these judgmental perspectives, and look at other aspects of the debate, such as the impact that the expansion of the grey market for these goods has on their general pricing, the spread of computer/IT culture, the fall in price of consumables such as blank CDs, DVDs, the growing popularity of CD-writing equipment, etc.

There is no point in having a preachy and messianic approach that lectures people on the kind of access that should be given. While in an ideal world, we would also use Free Software and Open Content, this cannot be linked in a sacrosanct manner to the question of spreading access.

Wikipedia

History of Wikipedia
January 15^th is known as Wikipedia Day to Wikipedians. On this day 13 years back in 2001, Jimmy Wales and Larry Sanger launched a wiki-based project after experimenting with another project called Nupedia. Nupedia was also a web-based project whose content was written by experts to have high quality articles comparable to that of professional encyclopedia. Nupedia approved only 21 articles in its first year, compared to Wikipedia posting 200 articles in the first month, and 18,000 in the first year.

In concept, Wikipedia was intended to compliment Nupedia by providing additional high quality articles. In practice, Wikipedia overtook Nupedia, becoming a global project providing free information in multiple languages.

As of January 2014, Wikipedia includes over 30.5mn articles written by 44 million registered users and numerous anonyms volunteers in 287 languages; including over 20 Indian languages.[1] Wikipedia is the world's sixth-most-popular internet property with about 450 mn unique visitors every month, according to Alexa Internet.[2]

Wikipedia in Indian Language
With one of the globe’s largest populations, world’s largest democracies, dozens of languages and hundreds of dialects, rich heritage, culture, religion, architecture, art, literature and music; India presents a remarkable opportunity for Wikipedia. For the Wikimedia movement, India represents a largely untapped opportunity to dramatically expand its impact and move toward the vision of a world where everyone can freely share in – and contribute to – the sum of human knowledge.

Although the Indian population makes up about 20% of humanity, Indians account for only 4.7% of global Internet users, and India represents only 2.0% of global pageviews and 1.6% of global page edits on Wikimedia's sites. Wikipedia projects in 20 Indic languages, will become increasingly important as the next 100 million Indians come onto the Internet, given that they are likely to be increasingly using the Internet in languages other than English. Demographically, Indic languages represent a good growth opportunity since estimates suggest only about 150 million of the total Indian population of 1.2 billion have working fluency in English.

To drive the growth of Indian language Wikipedias, WMF initiated Access to Knowledge Programme (A2K) with Centre for Internet & Society in 2012.

Challenges Faced by Indian Language Wikipedias
The current challenges of Indian language Wikipedias can be summarized as below:

1.    Indian language Wikipedia’s are under-represented in reader, editor & article counts.
2.    Editor base is relatively low.Further, growth in editors and articles is still relatively low, even on a small base.
3.    Technical barriers exist for use of Indian language Wikipedias, especially for editing.
4.    Internet penetration low (~150mn) – though growing rapidly, and projected to double by 2015. [3]
Hari Prasad Nadig; a Wikipedian since 2004, an active Kannada Wikipedian, sysop on both Kannada Wikipedia and Sanskrit Wikipedia, talks about challenges and opportunities of Indian Language Wikipedias in a video.[22]

Development of Indian Language Wikipedias
Between 2002-04, about 18 Indian language Wikipedias had started. As of Jan 2014, Hindi Wikipedia is the largest project with over 1-lakh articles and Malayalam Wikipedia has the best quality articles amongst all Indian language Wikipedia projects.

In India there are two main organisational bodies that are:

First is Wikimedia India Chapter which is an independent and not-for-profit organization that supports, promotes and educate the general Indian public about the availability and use of free and open educational content, which includes the ability to access, develop and contribute to encyclopaedias, dictionaries, books, images, etc.The chapter helps coordinate various Indian language Wikipedias & other Wikimedia projects and spread the word in India. Chapter's latest updates can be accessed from its official portal wiki.wikimedia.in.

Second is Access to Knowledge Programme at Centre for Internet & Society (CIS-A2K) that provides support to the Indian Wikimedia community on various community-led activities, including outreach events across the country, meetups, contests, conferences, and connections to GLAMs and other institutions. CIS-A2K's latest updates can be accessed from its official portal Wiki.[23]

Some ideas for development of India language Wikipedias (also adopted by India Chapter and CIS-A2K) are:

Content addition/donation in Indian languages
Particular emphasis is placed on generating and improving content in Indic languages. The Indian language Wikipedias can be strengthened by finding content that is relevant and useful to the Wikimedia movement that is (a) already in the public domain and (b) contributed to the movement under an acceptable copyright license. Such content will include, but not be limited to, dictionaries, thesauruses, encyclopedias and any other encyclopedia-like compilations.

A precedent for content addition/donation exists in the gift of an encyclopedia to the Wikimedia movement by Kerala government in 2008 and Goa government in 2013.

Institutional Partnerships
To partner with higher education institutions in developing thematic projects and create a network of academicians that will actively use Indian language Wikipedias as part of their pedagogy. Conduct outreach workshops mainly with an intention to spread awareness and to arrive at possibilities for long-term partnerships.

An example of this would be 1600 students of Christ University undergraduate courses who study a second language as part of the course are enrolled in a program where they are building content on Hindi, Kannada, Tamil, Sanskrit and Urdu Wikipedias.

Strengthening existing community
Facilitate more qualitative interactions amongst current contributors, with an aim to a) foster creation of new project ideas; b) periodic review and mitigation of troublesome issues; c) foster a culture of collective review of the expansion of Indian language Wikipedias.

This is currently been done by capacity building meet-up or advanced user trainings organized for existing Wikimedia volunteers from different language communities.

Tapping into User Interest Groups
Setting up smaller special interest groups by tapping into existing virtual (Facebook pages/groups, bloggers communities, other open source groups/mailing lists), and physical communities and supporting key Wikipedians to bring new Wikipedians on board.

Building ties with DiscoverBhubaneshwar in Odisa [4] and Goa.me in Goa [5], which are photographer’s communities. Useful pictures from different states can feed into Wikipedia articles there by enriching the content. Collaboration with Media lab at Jadhavpur University, Kolkota has helped create articles on Indian cinema and media, Indian film history etc.

Creating awareness
Creation of short online editing videos tutorials and editing guides to be published on Wikimedia commons, YouTube, Facebook and similar websites that could help us reach out to larger audiences. Production of videos in local language will avoid existing issues with global videos such as low comprehensions because of accents and relevance.

Hindi Wikipedia tutorial videos were produced in collaboration with the Christ University students, faculty and staff, as part of the Wikipedia-in-the-UG-Language-Classroom program. A total of 10 videos are thoughtfully produced to teach anyone how to edit Hindi Wikipedia.[24] Video tutorials on Kannada Wikipedia are currently in pipeline.

Technical support
Liaising between language communities and WMF & Language Committee in finding effective solutions for any script issue, input method issue, rendering issues or any bugs.

Case Study: Wikipedians Speak
Netha Hussain is a 21-year-old medical student from Kerala, India. She first began editing Wikipedia in May 2010, contributing to English Wikipedia and Malayalam Wikipedia along with uploading photos to Wikimedia Commons. She said “I started editing Wikipedia every day. In school, we studied subjects like microbiology, pathology, pharmacology and forensic medicine. After class, I'd go straight to Wikipedia. I'd review the information related to the day's lecture, and add a few more facts and sources. It was a lot of work, and I always went to bed tired, but it was worth it. Everybody reads Wikipedia. If they want to learn something, they turn to Wikipedia first. I know I’ve helped a little — maybe even a lot. And that’s the greatest feeling I know.”[25] Image Attribution:Netha Hussain by Adam Novak, under CC-BY-SA 3.0 Unported, from Wikimedia Commons. Poongothai Balasubramanian is a retired Math teacher from Tamil Nadu, India. She began editing Wikipedia in 2010. Since then, she's created 250 articles and recorded pronunciations for 6,000 words. She has created several articles on quadratic functions, probability, charts, graphs and more on Tamil Wikipedia. She has over 7,000 Wikipedia edits. She said, “As a teacher and a mother, I was always busy. But now that I'm retired and my children are grown, my time is my own — all 24 hours of it! And I spend every day on Wikipedia. I'm a volunteer. No one pays me. But helping edit Wikipedia has become my life's work. Even though I'm not in the classroom, I'm still doing what I care about most: helping a newgeneration of students learn, in the language I love.”[26] Image Attribution: Balasubramanian Poongothai by Adam Novak, under CC-BY-SA 3.0 Unported, from Wikimedia Commons.

Case Study: Wikipedians Speak

Netha Hussain is a 21-year-old medical student from Kerala, India. She first began editing Wikipedia in May 2010, contributing to English Wikipedia and Malayalam Wikipedia along with uploading photos to Wikimedia Commons. She said “I started editing Wikipedia every day. In school, we studied subjects like microbiology, pathology, pharmacology and forensic medicine. After class, I'd go straight to Wikipedia. I'd review the information related to the day's lecture, and add a few more facts and sources. It was a lot of work, and I always went to bed tired, but it was worth it. Everybody reads Wikipedia. If they want to learn something, they turn to Wikipedia first. I know I’ve helped a little — maybe even a lot. And that’s the greatest feeling I know.”[25]

Image Attribution:Netha Hussain by Adam Novak, under CC-BY-SA 3.0 Unported, from Wikimedia Commons.

Poongothai Balasubramanian is a retired Math teacher from Tamil Nadu, India. She began editing Wikipedia in 2010. Since then, she's created 250 articles and recorded pronunciations for 6,000 words. She has created several articles on quadratic functions, probability, charts, graphs and more on Tamil Wikipedia. She has over 7,000 Wikipedia edits. She said, “As a teacher and a mother, I was always busy. But now that I'm retired and my children are grown, my time is my own — all 24 hours of it! And I spend every day on Wikipedia. I'm a volunteer. No one pays me. But helping edit Wikipedia has become my life's work. Even though I'm not in the classroom, I'm still doing what I care about most: helping a newgeneration of students learn, in the language I love.”[26]

Image Attribution: Balasubramanian Poongothai by Adam Novak, under CC-BY-SA 3.0 Unported, from Wikimedia Commons.

Additional Reading

Geert Lovink and Nathaniel Tkacz (eds.), “Critical Point of View: A Wikipedia Reader”, Centre for Internet and Society and the Institute of Network Cultures, http://www.networkcultures.org/_uploads/%237reader_Wikipedia.pdf.
Links to 2 videos
Yochai Benkler

Open Access

Definition
Open-access (OA) literature is digital, online, free of charge, and free of most copyright and licensing restrictions.

OA removes price barriers (subscriptions, licensing fees, pay-per-view fees) and permission barriers (most copyright and licensing restrictions). The PLoS shorthand definition —"free availability and unrestricted use"— succinctly captures both elements.

There is some flexibility about which permission barriers to remove. For example, some OA providers permit commercial re-use and some do not. Some permit derivative works and some do not. But all of the major public definitions of OA agree that merely removing price barriers, or limiting permissible uses to "fair use" ("fair dealing" in the UK), is not enough.

Here's how the Budapest Open Access Initiative put it: "There are many degrees and kinds of wider and easier access to this literature. By 'open access' to this literature, we mean its free availability on the public internet, permitting any users to read, download, copy, distribute, print, search, or link to the full texts of these articles, crawl them for indexing, pass them as data to software, or use them for any other lawful purpose, without financial, legal, or technical barriers other than those inseparable from gaining access to the internet itself. The only constraint on reproduction and distribution, and the only role for copyright in this domain, should be to give authors control over the integrity of their work and the right to be properly acknowledged and cited."

Here's how the Bethesda and Berlin statements put it: For a work to be OA, the copyright holder must consent in advance to let users "copy, use, distribute, transmit and display the work publicly and to make and distribute derivative works, in any digital medium for any responsible purpose, subject to proper attribution of authorship...."

The Budapest (February 2002), Bethesda (June 2003), and Berlin (October 2003) definitions of "open access" are the most central and influential for the OA movement. Sometimes I refer to them collectively, or to their common ground, as the BBB definition.

When we need to refer unambiguously to sub-species of OA, we can borrow terminology from the kindred movement for free and open-source software. Gratis OA removes price barriers alone, andlibre OA removes price barriers and at least some permission barriers as well. Gratis OA is free of charge, but not free of copyright of licensing restrictions. Users must either limit themselves to fair use or seek permission to exceed it. Libre OA is free of charge and expressly permits uses beyond fair use. To adapt Richard Stallman's famous formulation (originally applied to software), gratis OA is free as in 'free beer', while libre OA is also free as in 'free speech'.

In addition to removing access barriers, OA should be immediate, rather than delayed, and should apply to full texts, not just abstracts or summaries.

It is true that many libraries and other content providing organizations provide free access to vast quantities of textual (and other kinds of) information. Today a variety of contents is thrown open by the creators and these include hundreds of educational courses, open government data, open monographs, open images and so on.

But when we talk of ‘open access’ the term is restricted to science and scholarship and especially to research publications and in particular journal articles. Unlike most newspaper publishers, not all publishers of professional journals are ready to allow free use of the material they publish. Indeed, they levy hefty subscription prices and some journals cost in the range of US $ 20-30 thousand per year. Large publishing houses earn a profit of upwards of 35%. ”Elsevier's reported margins are 37%, but financial analysts estimate them at 40–50% for the STM publishing division before tax” [10].

Publishers protect their ‘rights’ with copyright and are ever vigilant in protecting those rights.

Case Study: Aaron Swartz
Let us begin with an extreme example – the case of Aaron Swartz, the hacker-activist, who was forced to end his life early this year after being pursued by the US Department of Justice. What did Aaron do? He downloaded a very large number of full text papers from JSTOR, a database of scholarly journal articles, from an MIT server. Why should anyone think downloading scholarly research articles was a crime in the first place? “Why, twenty years after the birth of the modern Internet, is it a felony to download works that academics chose to share with the world?” asks Michael Eisen, a renowned biologist at UC Berekeley and cofounder of the Public Library of Science [11]. The most important component of the Internet, the World Wide Web, was invented by CERN researchers essentially to help scientists communicate and share their research. Today we can view thousands of videos on Indian weddings and pruning roses. But we are barred from downloading or reading research papers without paying a large sum! These are papers written by scientists, reviewed by scientists, their research often paid for by government agencies. And the knowledge therein is of relevance not only to other scientists but to the lay public as well. Especially, health related research. And yet, JSTOR, a not-for-profit organization founded with support from Andrew Mellon Foundation, and MIT were keen to go to court, and the prosecutor was keen to argue for the severest punishment.

Case Study: Rover Research
Recently, Michael Eisen placed in his website four research papers resulting from the Rover exploration of Mars published in the AAAS journal Science. This is something no one has done before. His logic: the research was funded by NASA, a US government agency, and most of the authors were working in government institutions, and therefore the citizens have the right to access. While everyone was expecting AAAS and the authors to drag Eisen to court for violating copyright, the authors also made the papers freely available on their institutions’ websites! But I wonder if Eisen could have got away so easily had he placed papers published in a journal published by Elsevier or Springer. Possibly not. Recently Elsevier had sent thousands of take down notices to Academia.edu for placing papers published in Elsevier journals (in the final PDF version) in their site. Elsevier had also sent similar missives to many individual scientists and universities including Harvard for a similar ‘offence’ [12].

Scientists do research and communicate results to other scientists. They build on what is already known, on what others have done – the ‘shoulders of giants’ as Newton said. Getting to know the work and results of others’ research is essential for the progress of knowledge. Any barrier, including cost barrier, will hurt science or for that matter production of knowledge in any field.

When it comes to information (and knowledge) scientists everywhere face two problems, viz. Access and Visibility. These problems are acutely felt by scientists in poorer countries.

They are unable to access what other scientists have done, because of the high costs of access. With the nation’s an annual per capita GDP of about US $3,500 (ppp) or even less, libraries in most developing countries cannot afford to subscribe to key journals needed by their users. Most scientists are forced to work in a situation of information poverty. Thanks to spiraling costs many libraries are forced to cancel subscription to several journals making the situation even worse.
Scientists elsewhere are unable to access what developing country researchers are publishing, leading to low visibility and low use of their work. Take for example India. As Indian scientists publish their own research in thousands of journals, small and big, from around the world, their work is often not noticed by other scientists. even within India, working in the same and related areas. Thus Indian work is hardly cited.

Both these handicaps can be overcome to a considerable extent if open access is adopted widely both within and outside the country.

Berlin Declaration on Open Access to Knowledge in the Sciences and Humanities[27]
Due to the changes that have come about in the production and distribution of scientific and cutlural knowledge in the age of the internet, there needed to be an agreement to move towards a global and interactive representation of human knowledge with worldwide access guarunteed. The Berlin Declaration of 2003 was an attempt at just that and it was in accordance with the spirit of the Declaration of the Budapest Open Access Initiative, the ECHO Charter and the Bethesda Statement on Open Access Publishing. The declaration lays down the measures that need to be adopted by research institutions, funding agencies, libraries, archives and museums among others in order to utilize the internet for open access to knowledge. There are more than 450 signatories including various government, funding agencies, academic and other knowledge based institutions. According to the Declaration, open access contributions have to include:

"Original scientific research results, raw data and metadata, source materials, digital representations of pictorial and graphical materials and scholarly multimedia material.

Open access contributions must satisfy two conditions:The author(s) and right holder(s) of such contributions grant(s) to all users a free, irrevocable, worldwide, right of access to, and a license to copy, use, distribute, transmit and display the work publicly and to make and distribute derivative works, in any digital medium for any responsible purpose, subject to proper attribution of authorship (community standards, will continue to provide the mechanism for enforcement of proper attribution and responsible use of the published work, as they do now), as well as the right to make small numbers of printed copies for their personal use.
A complete version of the work and all supplemental materials, including a copy of the permission as stated above, in an appropriate standard electronic format is deposited (and thus published) in at least one online repository using suitable technical standards (such as the Open Archive definitions) that is supported and maintained by an academic institution, scholarly society, government agency, or other well-established organization that seeks to enable open access, unrestricted distribution, inter operability, and long-term archiving."

Open Access – Green and Gold
With the Internet and the Web becoming ubiquitous, we need not suffer these problems. If science is about sharing, then the Net has the potential to liberate the world of science and scholarship and make it a level playing field.

Till a few decades ago scholarly communication was a quite affair. Scientists and professors did research in their laboratories and sent the papers they wrote to editors of refereed journals. These journals were often published by professional societies, academies and in some countries government departments devoted to science. Many societies gave the responsibility to bring out the journals to commercial publishing houses. These publishers found in journal publishing a great business opportunity and started raising subscription prices. Initially no one seemed to notice or bother. But from around 1980, the rise in the cost of journals outstripped the general inflation by a factor of 3 or 4. Members of the Association of Research Libraries felt the pinch; many academic libraries had to cut down on their purchase of books and monographs so as to be able to subscribe to as many journals as possible. Then they had to cut down on the number of journals. Their levels of service to their academic clients fell badly. The ‘serials crisis’ forced them to protest. By then web technologies and online sharing of information had sufficiently advanced. Together these two developments led to the open access movement.

There are two ways research papers published in journals can be made open access: Open access journals and open access repositories.

Open Access Journals - The journal can allow free downloading of papers by anyone, anywhere without paying for it. Such journals are called open access journals. Making papers open by this method is referred to as the Gold route to open access. Traditionally, journals used to charge a subscription fee from libraries (or individuals who may choose to take personal subscriptions) and not charge authors submitting papers for publication. Occasionally, some journals may request authors to pay a small fee to cover colour printing of illustrations. Many open access journals do charge a fee from the authors, which is often paid by the author’s institution. The APC collected by different journals varies from a few hundred dollars to a few thousands.

But not all OA journals levy an article publishing charge, e.g., journals published by the Indian Academy of Sciences, Council of Scientific and Industrial Research (CSIR-NISCAIR), Indian Council of Medical Research, and the Indian Council of Agricultural Research do not charge authors or their institutions.As of today, there are more than 9,800 OA journals published from 124 countries and these are listed in the Directory of Open Access Journals, [www.doaj.org], an authoritative database maintained at Lund University. On average four new journal titles are added to DOAJ every day.

Open Access Repositories - Authors of research papers may make them available to the rest of the world by placing them in archives or repositories. This is the ‘Green route’ to open access. There are two kinds of repositories: Central and distributed or institutional. arXiv is a good example of a central repository. Any researcher working in a relevant field can place his paper in arXiv and it can be seen almost instantaneously by other researchers worldwide. Developed in 1991 as a means of circulating scientific papers prior to publication, arXiv initially focused on e-Prints in High Energy Physics (HEP). In time, focus broadened to related disciplines. All content in arXiv is freely available to all users. Currently, it provides access to more than 900,000 “e-prints in Physics, Mathematics, Computer Science, Quantitative Biology, Quantitative Finance and Statistics.” There are other central repositories such as SSRN (Social Science Research Network;[28] abstracts on over 521,000 scholarly working papers and forthcoming papers and an Electronic Paper Collection of over 426,600 downloadable full text documents ), Research Papers in Economics[29] (and ideas.RePEc.org; 1.4 million items of which 1.3 million are downloadable full texts), and CiteSeerX (for computerand information science).[30]

Then there are institutional repositories. Registry of Open Access repositories[31] lists more than 2,900 repositories from around the world. The Directory of Open Access Repositories[32] lists more than 2,550 repositories, linking to more than 50 million items, growing at the rate of 21 thousand items per day, which can be searched through the Bielefeld Academic Search Engine search options. A database called SHERPA-RoMEO lists open access and self-archiving policies of journals.

These repositories are different from the usual websites that individual scientists may maintain. They have to use one of many standard software such as EPrints, DSpace, Fedora, or Greenstone. And they are all interoperable and ‘OAI-compliant’ which means that anyone searching for information need not know about a particular paper and the repository in which it is deposited; a mere keyword search will find the paper if it is relevant.

The Prophets of Open Access
The Net and the Web have not merely replaced print by speeding up things but have inherently changed the way we can do science (e.g. eScience and Grid computing), we can collaborate, we can datamine, and deal with datasets of unimaginable size. But the potential is not fully realized, largely because most of us are conditioned by our past experience and are inherently resistant to change. Our thinking and actions are conditioned by the print-on-paper era. Added to that is the apathy of science administrators.

Three individuals have made seminal contributions to realizing the potential of the Net in scholarly communication and may be considered pioneers in ushering in an era of open access. Tony Hey calls them ‘prophets of open access.’

Paul Ginsparg, creator of arXiv, an open access repository for preprints of much of the physics and astronomy literature.
Lipmann, Director of the NCBI, known for his leadership in making biomedical data and health information publicly and easily available to all, including scientists, medical professionals, patients, and students.By organizing and integrating genomic data for developing diagnostic and clinical applications, NCBI serves as a bridge from research to the medical community. Each day, more than 3 million users access NCBI's 40 interlinked genomic and bibliographic databases and download more than 30 terabytes of data. NCBI is home to PubMed Central and PubChem, two essential databases for biomedical researchers. PMC is a full text (ePrints) database of published research papers and PubChem is a database of about 31 million biologically important chemical compounds and their bioassays.
Stevan Harnad, author of the subversive proposal, founder of Cogprints and tireless evangelist for Green Open Access [13]. Harnad has been writing frequently on all aspects of scholarly communication and open access in his blog ‘Open Access Archivangelism,’ addressing conferences and answering questions sent to him. There are also some institutions which have contributed substantially and these include the Open Society Institute (OSI), now rechristened Open Society Foundations, which facilitated the formulation of Budapest Open Access Initiative and the Budapest Declaration, and Association of Research Libraries.Surprisingly, Microsoft, not a great admirer of open source software, is promoting eScience through its External Research Division, especially formed for this purpose under the leadership of Prof. Tony Hey, former dean of Southampton University.

Open Access in India
The situation with accessing overseas journals has improved considerably thanks to many consortia which facilitate access to large groups of scientists in India (especially those in CSIR laboratories, Indian Institutes of Technology and Indian Institute of Science). Many universities have benefited through INFLIBNET. ICMR labs and selected medical institutions have formed ERMED, their own consortium. Rajiv Gandhi Health Sciences University, Bangalaore, provides access to literature through HELINET Consortia to a number of medical colleges in the South.

But the increased availability has not been taken full advantage by our researchers. A study of IISc in 2008 showed that the faculty and students have not used not even half the journals subscribed in their work – either for publishing their research or for quoting papers published in them. We seem to be paying for journals we do not use. Many of these journals are published by commercial publishers and they make huge profits. Publishers force consortia to buy journals as packages (bundling).

On the open course ware front the NPTEL programme under which top notch IIT and IISc professors produce both web-based and video lessons in many subjects, which are available on YouTube as well, has a huge worldwide following.

Many physicists in the better-known institutions use arXiv, which has a mirror site in India, both for placing their preprints and postprints and for reading preprints of others. But many others are not aware of it. What we need is advocacy and more advocacy.

Open access is gaining traction in India. For example, professors at National Institute of Technology, Rourkela, the first Indian institution to mandate open access for all faculty (and student) research publications, have received invitations to attend international conferences and for collaboration after their papers were made available through the institutional repository. Indian journals which embraced open access model started recording higher impact factors, e.g. Indian Journal of Medical Research and Journal of Postgraduate Medicine. MedKnow, publisher of JPGM, and Bioline International, have plenty of data to show the advantages of going open access.

And yet many researchers are reluctant to embrace OA. They fear that the journal publishers may sue them if they deposit their published papers in IRs. They have concerns about copyright violation.

Organizations such as the Open Society Foundations, ARL, SPARC and JISC (UK) and the seven research councils of UK are championing open access. Unfortunately some professional societies, notably ACS, are trying to stall the march of open access.

The best way to promote open access in India is to encourage self-archiving.

As Alma Swan says, we can do that by highlighting the increased visibility and impact, requiringauthors to self-archive and requiring them to self-archive in an institutional repository [14].

Why an institutionalrepository? Because it fulfils an institution’s mission to engender, encourage and disseminate scholarly work; an institution can mandate self-archiving across all subject areas. It enables an institution to compile a complete record of its intellectual effort; it forms a permanent record of all digital output from an institution. It enables standardised online CVs for all researchers. It can be used as a marketing’ tool for institutions [14].

An institutional repository provides researchers with secure storage (for completed work and for work-in-progress). It provides a location for supporting data yet to be published. It facilitates one-input-many outputs (CVs, publications) [14].

First, we must help institutions build an archive and teach researchers including students how to deposit (do it for them in the beginning if necessary) [14].

Eventually, in fact pretty soon, OA will be accepted by the vast majority of scientists and institutions. For only with OA scientific literature and data can be fully used. OA, making scientific literature and data free, is the only way to liberate the immense energy of distributed production. The moral, economic and philosophical imperatives for open access are indeed strong.

Even pharmaceutical companies like Glaxo SmithKline, Novartis and Novo Nordisk have started sharing their hard earned data in the area of drug development.

The openness movement in science and scholarship does not end with OA journals and OA repositories – both central and distributed. It includes the open data initiatives, escience and open science.

To learn more about open access please visit the Open Access Tracking Project led by Peter Suber, EOS [www.openscholarship.org/] and OASIS <openoasis.org> and join the GOAL discussion group moderated by Richard Poynder.

To know more about open science, read the articles by Paul David and Tony Hey.

What is Already There?
Thanks to the initiatives taken by Prof. M S Valiathan, former President of the Indian National Science Academy, the journals published by INSA were made OA a few years ago.

The Academy also signed the Berlin declaration. The Indian Academy of Sciences converted all its eleven journals into OA. The Indian Medlars Centre at the National Informatics Centre brings out the OA version of about 40 biomedical journals published mostly by professional societies.

All journals published by CSIR- NISCAIR (17), ICAR (2), ICMR and AIIMS are OA journals. No one needs to pay either to publish or read papers in these journals.

A Bombay-based private company called MedKnow brings out more than 300 journals, most of them OA, on behalf of their publishers, mostly professional societies. This company was acquired by Wolter Kluwers and they have decided to keep the journals OA.

Current Science and Pramana, the physics journal of the Indian Academy of Sciences, were the first to go open access among Indian journals. In all, the number of Indian OA journals is about 650.

The Indian Institute of Science, Bangalore, was the first to set up an institutional repository in India. They use the GNU EPrints software. Today the repository has about 33,000 papers, not all of them full text. IISc also leads the Million Books Digital Library project's India efforts under the leadership of Pro f. N Balakrishnan.

Today there are about 60 repositories in India (as seen from ROAR and OpenDOAR) including those at National Institute of Oceanography, and the National Aerospace Laboratories, Central Marine Fisheries Research Institute, Central Food Technology Research Institute, CECRI and the Raman Research Institute. The National Institute of Technology, Rourkela, was the first Indian institution to have mandated OA for all faculty publications.

Both ICRISAT and NIO have also mandated OA.

A small team at the University of Mysore is digitizing doctoral dissertations from select Indian universities under a programme called Vidyanidhi.

Problems and the Future
Despite concerted advocacy and many individual letters addressed to policy makers, the heads of government's departments of science and research councils do not seem to have applied their minds to opening up access to research papers. The examples of the research councils in the UK, the Wellcome Trust, the Howard Hughes Medical Institute and NIH have had virtually no impact. Many senior scientists and directors of research laboratories and vice chancellors of universities do not have a clear appreciation of open access and its advantages and implications.

Among those who understand the issues, many would rather like to publish in high impact journals, as far as possible, and would not take the trouble to set up institutional archives.

Most Indian researchers have not bothered to look up the several addenda (to the copyright agreement forms) that are now available. Many scientists I spoke to are worried that a publisher may not publish their papers if they attach an addendum! Publishing firms work in subtle ways to persuade senior librarians to keep away from OA initiatives. There have been no equivalents of FreeCulture.org among Indian student bodies and no equivalent of Taxpayers‘ Alliance to influence policy at the political level.

Both the National Knowledge Commission and the Indian National Science Academy have recommended OA. IASc has set up a repository for publications by all its Fellows and it has more than 90,000 papers (many of them only metadata + abstracts). The Centre for Internet and Society has brought out a status report on OA in India. The Director General of CSIR has instructed all CSIR labs to set up and populate institutional repositories as soon as possible. Director general of ICAR has come up with an OA policy. Dr Francis Jayakanth of IISc is the recipient of the EPT Award for Advancing Open Access in the Developing World in its inaugural year. That should encourage many librarians to take to promoting OA.

The government should mandate by legislation self-archiving of all research output immediately upon acceptance for publication by peer-reviewed journals. The self-archiving should preferably be in the researcher's own institution's Institutional Repository.

The mandate should be by both institutions and funders.

Science journal publishers in the government and academic sectors should be mandated to make their journals OA (This can be achieved through adopting Open Journal Systems software developed at the University of British Columbia and Simon Fraser University and already in use by more than 10,000 journals. Expertise is available in India, or some journals can join Bioline International).

We should organize a massive training programme (in partnership with IISc, ISI-DRTC, NIC, etc.) on setting up OA repositories.

Authors should have the freedom to publish in journals of their choice; but they should be required to make their papers available through institutional repositories. In addition, they should use addenda suggested by SPARC, Science Commons, etc. while signing copyright agreements with journal publishers and not surrender copyright to (commercial) publishers. Some OA journals charge for publication. The Indian government or funders or institutions should definitely not offer to pay for journal publication charges.

Again, OA for all India's research output is covered by simply mandating OA self-archiving of all articles.

Brazil and the rest of Latin America have made great strides in open access. The excellent developments in Brazil, especially the government support (particularly in the state of Sao Paulo) and of the work of SciELO (for OA journals) and IBICT in supporting OA repository network are worthy of emulation in India and other developing countries.

Argentina has enacted a law that mandates OA to all research publications. India can follow their example.

Office of Science and Technology Policy Director John Holdren has issued a memorandum to make all research funded by major government funding agencies in the US insist on open access to government-funded research in USA. Indian funding agencies can do the same.

While our focus should be on digitizing and throwing open the current research papers and data, we may also make available our earlier work.

In particular, we may create an OA portal for the papers of great Indian scientists of the past: Ramanujan, J C Bose, S N Bose, M N Saha, K S Krishnan, Y Subba Rao, Sambhu Nath De, Mahalanobis, Maheshwari. C V Raman’s papers are already available on open access.

We may proactively advance OA in international forums such as IAP, IAC, ICSU and UNESCO. Two things can hasten the adoption of OA in India:

If the political left is convinced that research paid for by the government is not readily available to the people freely and what is worse the copyright to the research papers are gifted away to commercial publishers from the advanced countries, then they may act. The same way, the political right will come forward to support open access if we impress upon them that copyright to much of the knowledge generated in our motherland is gifted away to publishing houses in the West.
If the students are attracted to the idea that fighting for open access is the in thing to do, then they will form Free Culture like pressure groups and fight for the adoption of open access.

References

Aristotle, “Politics”, Book2, Part 3,Oxford: Clarendon Press, 1946, 1261b.
G. Hardin,“The Tragedy of the Commons”, Science, Dec 13, 1968.
Vincent Ostrom and Elinor Ostrom, “Public Goods and Public Choices,” in E. S. Savas (ed.), Alternatives for Delivering Public Services: Toward Improved Performance, Boulder, Co: Westview Press, 1977, p. 7–49.
Elinor Ostrom, “Governing the Commons: The Evolution of Institutions for Collective Action”, Cambridge University Press, 1990.
E. Ostrom, “The Rudiments of a Theory of the Origins, Survival, and Performance of Common Property Institutions”, in D W Bromley (ed.),Making the Commons work: Theory, practice and policy, San Francisco, ICS Press, 1992.
Charlotte Hess and Elinor Ostrom (eds.), “Understanding Knowledge as a Commons: From Theory to Practice”, MIT Press, 2006, http://mitpress.mit.edu/authors/charlotte-hessandhttp://mitpress.mit.edu/authors/elinor-ostrom.
S.R. Ranganathan, “Five Laws of Library Science”,Sarada Ranganathan Endowment for Library Science, Bangalore,1966.
Peter F. Drucker, “Beyond the Information Revolution”, The Atlantic, October 1, 1999.
M.L.Nagar “Shri Sayajirao Gaikwad, Maharaja of Baroda: The Prime Promoter of Public Libraries”, 1917.
Richard Van Noorden, “Open Access: The True Cost of Science Publishing”, Nature, 495 (issue 7442), 27 March 2013
Michael Eisen, “The Past, Present and Future of Scholarly Publishing”, It Is Not Junk, March 28, 2013, http://www.michaeleisen.org/blog/?p=1346
Kim-Mai Cutler, “Elsevier’s Research Takedown Notices Fan Out To Startups, Harvard, Individual Academics”,TechCrunch,December 19, 2013, http://techcrunch.com/author/kim-mai-cutler/, http://techcrunch.com/2013/12/19/elsevier/
S. Harnad, “A Subversive Proposal” in Ann Okerson and James O'Donnell (Eds.) Scholarly Journals at the Crossroads; A Subversive Proposal for Electronic Publishing,Association of Research Libraries, June 1995.
http://www.ecs.soton.ac.uk/~harnad/subvert.html
A. Swan, “Policy Guidelines for the Development and Promotion of Open Access”, UNESCO, Paris, 1995.
Glover Wright, Pranesh Prakash, Sunil Abraham and Nishant Shah, “Open Government Data Study”, Centre for Internet and Society and Transparency and Accountability Initiative, 2011, http://cis-india.org/openness/blog/publications/open-government.pdf

Open (Government) Data

Definition
“Open data is data that can be freely used, reused and redistributed by anyone – subject only, at most, to the requirement to attribute and share alike.”[33] This has become an increasingly important issue in the age of the internet when governments can gather unprecedented amount of data about citizens and store various kinds of data which can actually be made available to people in an easier fashion.

Types of Government Data

[34]

This does not necessarily mean that all the government’s data should open according to the definition laid out above. There have been many arguments articulated against this.

Since the government is responsible for the efficient use of tax payers money, data that is commissioned and useful only for a small subsection (eg: corporations) of society should be paid for by that subsection.
There may be privacy concerns that limit the use of data to particular users or sub-sets of data.
Often times, the data may not be usable without further processing and analysis that requires more investment from other sources. Groups that would usually commission such projects lose their incentive to do so because everyone has access to the information. Eg: Biological, medical and environmental data.

However, this kind of utilitarian calculus is not possible while deciding which data should be open and which ones should not. Some theorists make the argument that government data should be open.[35]

An open democratic society requires that its citizens should know what the government is doing and that there is a high level of transparency. Free access is essential for this and in order for that information to be intelligible; the data should be reusable as well so it can be analyzed further.
In the information age, commercial and even social activity requires data and having government data open can be a way to fuel economic and social activity within the society.
If public tax payer money was used to fund the government data, then the public should have access to it.

The open data handbook lays out the steps required in order to start making government data more open.[36] The summarized gist of it is to:

1.    Chose the data sets that need to be made open.
2.    Apply an open license:
a.    Find out what kind of intellectual property rights exist on that data.
b.    Select an appropriate open license that would incorporate all of the criteria (usability, reusability etc) discussed above.
3.    Make the data available either in bulk or in Application Programming Interface (API) formats.
4.    Make this open data discoverable by posting on the web or adding it to a list.
Application Programming Interface (API) vs. Bulk Data[37]

Bulk is the only way to ensure that the data is accessible to everyone.
Bulk access is a lot cheaper than providing API access. (API specifies how some software components should interact with each other) Therefore, it is acceptable for the provider to charge for API access as long as the data is also provided in bulk.
An API is not a guarantee of open access but it is good if it’s provided.

Open Government Data in India
At an annual summit in London recently where an open government data report was produced, India ranked 34th among 77 countries.

[38]

In India, open government data is currently about closing the loopholes and gaps in the Right to Information Act (RTI) and its promise of transparency as envisioned by the Knowledge Commission. In its 10th 5 year plan (2002-2007) the Indian Government announced its plan to become SMART (Simple, Moral, Accountable, Responsible and Transparent).[39]

In 2012, India launched an Open Government Platform, which is a software platform that attempted to enhance the public’s access to government data. This was jointly developed by India and the US as a part of their Open Government Initiative.[40] Data.gov.in is a platform under this which provides a single-point access to datasets and apps published by the government’s ministries, departments and organizations and it was in compliance with the National Data Sharing and Accessibility Policy (NDSAP).[41]

The Right to Information Act, 2005[42]
Around 82 countries around the world currently have laws in place that force the government to disclose information to its citizenry but this has been a rather recent phenomenon. In India, the RTI was passed in 2005 after a prolonged struggle from civil society. This act effectively replaces and overrides many state level RTI acts, the Freedom of Information Act (2002) and the Official Secrets Act, 1923. We have come to learn based on the responses of RTI requests that the government is not obliged to provide access to some pieces of information such as the minutes to a cabinet meeting.

The RTI Act defines information as:

‘Any material in any form, including records, documents, memos, e-mails, opinions, advices, press releases, circulars, orders, logbooks, contracts, reports, papers, samples, models, data material held in any electronic form and information relating to any private body which can be accessed by a public authority under any other law for the time being in force.’

This capacious vision of the Act indicated a shift in the government’s philosophy from secrecy to transparency. According to the Global Integrity report, in the category ‘public access to government information’ India went from 78 points to 90 points from 2006-2011. During the same time frame, the United States has only gone from 78 points to 79 points. However, according to a study conducted by PricewaterhouseCoopers, 75% of the respondents said they were dissatisfied with the information provided by the public authorities.

Government Copyright
The government owns the copyright to any work that is produced by the government or government employees in India as well any material produced by an Indian legislative or judicial body. This provision is laid down in the Copyright Act, 1957[43](section 17(d) read with 2(k)) which gives a lifespan of 60 years for the copyright (section 28). The exceptions to the copyright are small and laid down in section 52(1)(q):

‘52(1) The following acts shall not constitute an infringement of copyright, namely: (q) the reproduction or publication of — (i) any matter which has been published in any Official Gazette except an Act of a Legislature; (ii) any Act of a Legislature subject to the condition that such Act is reproduced or published together with any commentary thereon or any other original matter; (iii) the report of any committee, commission, council, board or other like body appointed by the Government if such report has been laid on the Table of the Legislature, unless the reproduction or publication of such report is prohibited by the Government; (iv) any judgement or order of a court, tribunal or other judicial authority, unless the reproduction or publication of such judgment or order is prohibited by the court, the tribunal or other judicial authority, as the case may be.’

Although this exception is small, in practice the government has rarely the government has rarely prosecuted to enforce copyright when data is requested by an individual or group even when the reason for request is commercial in nature.

IP Protection for the Government

Most of data compiled by or commissioned for by the government is raw data in the form of figures and statistics. Generally, non-original literary works are not protected by copyright law and this issue was decided upon in a landmark Supreme Court case in 2007. The standard of originality was changed from the labor expended on compiling the information (also known as the ‘sweat of the brow’ doctrine)[44] to the creativity, skill and judgment required in the process. This meant that most of the government’s data would not qualify as creative enough to hold a copyright.

Case Study: The Department of Agriculture, Maharashtra
The Department of Agriculture (DoA) in Pune started using ICTs in 1986 itself when it used a computerized system to process census data. The DoA currently uses ICT for internal administrative word and also for processing and disseminating data to farmers across Maharashtra both online and through SMSs. The website is bilingual in both Marathi (the local language of the State) and English. Some of the information available includes[45] The participation of Maharashtra farmers in the National Agriculture Insurance Scheme Annual growth rates of agriculture and animal husbandry Rainfall recording and analysis Soil and crop, horticultural, soil/water conservation, agricultural inputs, statistical and district-wise fertility maps. Farmers can sign up for SMS’s that give information specific to the crop requested. Even though information in 2010 was available on 43 different crops which was sent to 40,000 farmers, people don’t have the technology to access all this information. Usually this is because of a lack of reliable electricity, internet and mobile phone access. The question is whether the open data responsibility ends as long as the data is made available by the government. Sometimes, the government has to make a discretionary decision to not make certain data available to the common man in the interest of public order. An example is if there is a crop that is infested with a disease or a pest, then it could cause a mass panic not only among farmers but also among the general consumers.

Case Study: Indian Water Portal
The Indian Water Portal[46] in Bangalore claims that it is an open, inclusive, webbased platform for sharing water management knowledge amongst practitioners and the general public. It aims to draw on the rich experience of watersector experts, package their knowledge and add value to it through technology and then disseminate it to a larger audience through the Internet."[47] Based the recommendations of the National Knowledge Commission (NKC), the IWP has established the best practices. It has been running on the open source software Drupal Software since 2007, and it is available in Hindi, Kannada and English. This portal also has an educational aspect to it as it provides reading material to students who wish to learn about water issues. Although this website was set up with the support of the national government, it hasn’t gotten much support from ministries and departments which is problematic as they produce the most amount of information on water and sanitation. This is, however, a great example of a partnership between private and public that has led to accessible open government data. The only problem here is that it is only accessible to people with access to the web but that may be a problem better solved by increasing access to the web.

[2]. For more see GNU Operating System, “The Free Software Definition”, available at http://www.gnu.org/philosophy/free-sw.html, last accessed on January 26, 2014.

[4]. For more see Millennium Development Goals, United Nations, available at http://www.un.org/millenniumgoals/bkgd.shtml, last accessed on January 26, 2014.

[5]. For more see “Free and Open Source Software”, Communication and Information, UNESCO, available at http://www.unesco.org/new/en/communication-and-information/access-to-knowledge/free-and-open-source-software-foss/, last accessed on January 26, 2014.

[8]. See citation 6 above.

[9]. For more see GNU Operating System, Why “Free Software” is better than “Open Source” https://www.gnu.org/philosophy/free-software-for-freedom.html, last accessed on January 26, 2014.

[10]. For more see Free Software Movement of India, available at http://www.fsmi.in/, last accessed on January 26, 2014.

[11]. See the Department of Electronics and Information Technology, Ministry of Communications & Information Technology, Government of India, Free and Open Source Software available at http://deity.gov.in/content/free-and-open-source-software, last accessed on January 26, 2014.

[12]. See citation above.

[13]. For more see Curoverse Gets $1.5M to Develop Open Source Genomics Tool, available at http://www.xconomy.com/boston/2013/12/18/curoverse-gets-1-5m-develop-open-source-genomics-tool/2/, last accessed on January 26, 2014.

[14]. For more see The Open-Sorcerers, available at http://slate.me/18NNx4x, last accessed on January 24, 2014.

[15]. For more see “Open Standards Requirements for Software – Rationale”, Open Source Initiative, available at http://opensource.org/osr-rationale, last accessed on January 26, 2014.

[16]. See citation above.

[17]. Ibid.

[18]. For more see “An emerging understanding of Open Standards”, available at http://blogs.fsfe.org/greve/?p=160, last accessed on January 26, 2014.

[19]. http://perens.com/OpenStandards/Definition.html

[20]. For more see Open Standards Requirements for Software – Rationale, available at http://opensource.org/osr, last accessed on January 26, 2014.

[21]. See “Definition of Open Standards”, available at http://www.w3.org/2005/09/dd-osd.html, last accessed on January 27, 2014.

[22]. Hari Prasad Nadig talking about Wikipedia Community building at Train the Trainer Program organised by CIS, November 29, 2013, available at http://www.youtube.com/watch?v=scEZewFJXUU, last accessed on February 1, 2014.

[23]. India Access to Knowledge meta page available at http://meta.wikimedia.org/wiki/India_Access_To_Knowledge , last accessed on February 1, 2014.

[24]. What is Hindi Wikipedia?, CIS-A2K, available at http://www.youtube.com/watch?v=96Lzxglp5W4&list=PLe81zhzU9tTTuGZg41mXLXve6AMboaxzD, last accessed on February 1, 2014.

[25]. Interview with Netha Hussain at WikiWomenCamp in Buenos Aires 2012, available at http://commons.wikimedia.org/wiki/File:WWC-Netha-Hussain.ogv , last accessed on February 2, 2014.

[26]. See interview of Poongothai Balasubramanian at http://wikimediafoundation.org/wiki/Thank_You/Poongothai_Balasubramanian, last accessed on February 1, 2014.

[27]. For more see Berlin Declaration on Open Access to Knowledge in the Sciences and Humanities, available at http://openaccess.mpg.de/286432/Berlin-Declaration, last accessed on February 1, 2014.

[28]. See Social Science Research Network, available at http://www.ssrn.com/, last accessed on January 27, 2014.

[29]. RePEc, available at http://www.repec.org/, last accessed on January 26, 2014.

[30]. Cite Seer X, available at http://citeseerx.ist.psu.edu/, last accessed on January 26, 2014.

[31]. Registry of Open Access Repositories, available at http://roar.eprints.org/, last accessed on January 26, 2014.

[32]. The Directory of Open Access Repositories, available at http://www.opendoar.org/, last accessed on January 26, 2014.

[33]. For more see Why Open Data, available at http://okfn.org/opendata/, last accessed on January 26, 2014.

[34]. Image obtained from http://okfn.org/opendata/

[35]. For more see Glover Wright, Pranesh Prakash, Sunil Abraham, Nishant Shah and Nisha Thompson, “Report on Open Government Data in India, Version 2 Draft”, Centre for Internet and Society, available at http://cis-india.org/openness/publications/ogd-draft-v2/, last accessed on January 25, 2014.

[36]. For more see Open Data Handbook, available at http://opendatahandbook.org/en/ , last accessed on January 29, 2014.

[37]. For more see Janet Wagner, “Government Data: Web APIs vs. Bulk Data Files”, programmable web, available at http://blog.programmableweb.com/2012/03/28/government-data-web-apis-vs-bulk-data-files/, last accessed on January 31, 2014.

[39]. For more see Glover Wright, Pranesh Prakash, Sunil Abraham and Nishant Shah, “Open Government Data Study: India”, Centre for Internet and Society, available at http://cis-india.org/openness/publications/open-government.pdf, last accessed on January 26, 2014.

[41]. Read the guidelines at http://data.gov.in/sites/default/files/NDSAP_Implementation_Guidelines-2.1.pdf

[42]. See the Right to Information Act, 2005, available at http://rti.gov.in/rti-act.pdf, last accessed on January 25, 2014.

[43]. See the Copyright Act, 1957, available at http://www.indiaip.com/india/copyrights/acts/act1957/act1957.htm, last accessed on January 25, 2014.

[44]. See note above.

[45]. See note above.

[46]. For more see Glover Wright, Pranesh Prakash, Sunil Abraham and Nishant Shah, “Open Government Data Study: India”, Centre for Internet and Society, available at http://cis-india.org/openness/publications/open-government.pdf, last accessed on January 26, 2014.

[47]. For more see India Water Portal, available at http://www.indiawaterportal.org/, last accessed on January 26, 2014.

For more details visit https://cis-india.org/telecom/knowledge-repository-on-internet-access/openness

AI in Banking and Finance

Saman Goudarzi, Elonnai Hickok and Amber Sinha — 2018-06-19T11:38:06Z

For more details visit https://cis-india.org/internet-governance/files/ai-in-banking-and-finance

Draft Annual Report (2010-11)

praskrishna — 2014-10-21T23:55:55Z

This is the draft of the 2010-11 Annual Report.

For more details visit https://cis-india.org/about/reports/annual-report-2010-2011.pdf

3rd Canadian Science Policy Conference

praskrishna — 2011-11-23T15:57:58Z

The Canadian Science Policy Conference (CSPC) organised the 2011 conference at the Ottawa Convention Centre from 16 to 18 November 2011. Sunil Abraham spoke in the session on Global Implications of Open and Inclusive Innovation.

Conference Objectives

The Canadian Science Policy Conference fills a critical gap in the Canadian science policy environment by providing a permanent national forum for discussing science policy issues. The main objectives of the conference were to:

to provide an inclusive forum at the national level to identify, discuss and provide insights into the current Canadian science, technology and innovation policy issues;
to forge stronger linkages and create networking opportunities among science policy stakeholders;
to provide a venue for a new generation of scientists, entrepreneurs and policy makers to interact, innovate and shape the future of Canadian science policy landscape which is required for a knowledge-driven economy;
to provide a supportive environment for innovative ideas and projects in science policy, and encourage further collaborations across sectors;
to lay the foundation for a centre dedicated to science, technology and innovation policy.

Agenda

Wednesday, November 16, 2011

8:00 am - 6:00 pm
Registration Opens
9:00 am - 3:00 pm

Optional Workshop - Science Policy 101 (additional charges apply)
Part I: Understanding the Nuts and Bolts…
This workshop will provide a general overview of science policy, both in terms of “policy for science” and “science for policy.” The introductory session assumes participants have no prior knowledge of science policy and is intended for researchers, policy analysts, journalists/communicators, students and others interested in gaining a basic understanding of science policy definitions, concepts, governance, key players, key issues, funding, science advisory mechanisms, etc. Led by experts in science policy, the workshop will underscore the importance of scientists’ understanding the impacts of science in the policy-making process and the impacts of policy-making on the research enterprise.

Part II: Career Development Workshop: So You Want to do Science Policy...
Potentially interested in science policy but not sure where to turn? Join us to explore career opportunities and job-seeking strategies at the intersection of science and policy. You'll hear from and interact with a variety of science policy professionals at various stages of their careers and who have walked quite different paths to get to where they are. The workshop will explore skills needed to succeed in science policy and describe several avenues for learning more about science policy. Whether your background is in the sciences, engineering, public policy or whatever, if you have an interest in working in science policy this is an excellent opportunity to expand your professional network. The workshop will also be your opportunity to suggest how the Canadian Science Policy Centre can best support your career development needs and aspirations in science policy.

Jeff Kinder, Ph.D
Manager, S&T Strategy - Innovation and Energy Technology Sector
Natural Resources Canada
Jeff Kinder has over twenty years of experience in government science and in science and technology (S&T) policy in the U.S. and Canada. His experience in the U.S. includes work at the National Science Foundation, the National Academies' Committee on Science, Engineering and Public Policy, and research in applied ocean acoustics at the Naval Research Laboratory. In Canada, Jeff has worked as Senior Policy Advisor in Science and Innovation at Industry Canada and in support of the Council of Science and Technology Advisors (CSTA), the external board that advised Cabinet on the management of federal S&T from 1998-2007. He is currently Manager, S&T Strategy, at Natural Resources Canada. Jeff’s research and teaching focuses on S&T policy, government laboratories, innovation systems and science advisory mechanisms. He is the co-author with Bruce Doern of Strategic Science in the Public Interest: Canada's Government Laboratories and Science-Based Agencies (University of Toronto Press, 2007) and is working on a history of the Science Council of Canada. He holds a PhD in Public Policy, an M.A. in Science, Technology and Public Policy and a B.S. in Physics.

Jason Blackstock, Ph.D
Senior Fellow CIGI & Research Scholar
IIASA Austria
With a unique background in physics, technology and international affairs, Dr Jason J Blackstock is a leading international policy adviser and scholar on both emerging geoengineering technologies, and the interface between science and global governance institutions. A physicist by training (PhD) and trade (PPhys), as well as a graduate of the Harvard Kennedy School (MPA), Jason is the Senior Fellow for Energy and the Environment at CIGI (the Centre for International Governance Innovation, Canada) and a Research Scholar at IIASA (the International Institute for Applied Systems Analysis, Austria), where he leads several international research projects evaluating the scientific, political and global governance implications of climate change, energy transitions, and emerging geoengineering technologies. Jason has also been elected Associate Fellow of the World Academy of Arts and Science, and is an adjunct member of faculty at the University of Waterloo’s Institute for Sustainable Energy (WISE).

1:00 pm - 3:00 pm
CSPC Supporter’s Caf (by invitation only, open to supporters and community partners)

3:30 pm - 5:15 pm
Science and Humanitarian Efforts - POSTPONED TILL 2012

Challenges for Young Researchers: Insights from the 2011 PAGSE Symposium
Fuelling Science Policy – new leaders speak out. Young scientists and engineers comprise a critically important, mobile pool of talent that stands to change the geography of knowledge in fundamental ways. Join a discussion with outstanding early career researchers from across Canada, as they present provocative views on the challenges and opportunities they face in driving the science agenda in this country over the next 25 years.
Your panelists for this session will come from the top-tier of young Canadian researchers. Prior to the conference this select group will be working together to develop the specific challenges that will be discussed. Members of this group will be identified during the session.

Moderator
Rees Kassen, Ph.D.
University Research Chair in Experimental Evolution
University of Ottawa
Despite being less than a decade into his career, Dr. Rees Kassen has quickly developed an international reputation. To the astonishment of more established colleagues, he has already published an impressive four papers in the field’s most prestigious journal, Nature. During his time at the University of Ottawa he has developed a strong independent research program and attracted more than $500,000 in research funding. In the process he has proved his strengths in designing and executing microbial experiments to test theory in ecology and evolution. Dr. Kassen manages to serve on a number of committees both at the university and in the community. His work has also attracted considerable media attention, and has been highlighted in the popular press such as CBC-Radio, the Toronto Star, Danish daily newspapers a podcast for the American Society of Microbiologists.

Arctic and Northern Science Policy and International Diplomacy
Canada’s share of the Earth’s arctic region is perhaps the largest in the world, but given the shared nature of arctic sovereignty, environmental stewardship and scientific research in this region must proceed within a spirit of international collaboration. Following on the heels of the third International Polar Year (2007-2009), this panel invites commentary from various international arctic stakeholders on the way that science and diplomacy interact and support one another in the process of researching Earth’s northern regions.

Moderator
Anita Dey Nuttall, Ph.D
Associate Director ( Research Advancement)
Canadian Circumpolar Institute, University of Alberta
Dey Nuttall's research focuses on the interface between science and politics in the Polar Regions, and in particular how a nation’s science policy and strategic interests influence and determine the development of its national Antarctic programs. She is currently developing new research on Canada’s strategy for polar science and development of the Canadian Antarctic Research Program.

David Hik, Ph.D
Professor - University of Alberta
President - International Arctic Science Committee
David Hik, Professor and Canada Research Chair in Northern Ecology in the Department of Biological Sciences at the University of Alberta, and President of the International Arctic Science Committee (IASC). From 2004-2009 he was also Executive Director of the Canadian International Polar Year (IPY) Secretariat.

His research program is focused on experimental and long-term studies of plant-herbivore dynamics and interactions in Arctic and alpine environments. For the past 20 years, most of this work has been conducted in the mountains of the southwest Yukon.

Stephanie Meakin
Science Advisor
Inuit Circumpolar Council Canada
Stephanie Meakin has a background in biology with more than 20 years experience as a policy and science advisor to various government and non-governmental organizations, including Inuit organizations at the national and international levels. She is currently the Science Advisor for the Inuit Circumpolar Council Canada and has spent eight years as lead researcher with ArcticNet on various research programs and projects.

Russel Shearer
Chair - Arctic Monitoring and Assessment Program (AMAP)
& Director - Northern Science and Contaminants Research Directorate
Aboringal Affairs and Northern Development Canada
Russel Shearer is the Director of the Northern Science and Contaminants Research Directorate within Aboriginal Affairs and Northern Development Canada (formerly Indian and Northern Affairs Canada). Mr. Shearer is also the Chair of the Arctic Monitoring and Assessment Program (AMAP) working group, which is one of six working groups that carry out the work of the Arctic Council. Additionally, Mr. Shearer serves as the Chair of the Research Management Committee for ArcticNet, which is a network of Centres of Excellence, focussed on studying the impacts of climate change within the costal Canadian Arctic. Mr. Shearer has published a number of papers on the presence and impact of contaminants within the North and works primarily under the auspices of the Northern Contaminants Program (NCP).

Roberta Burns
US Arctic Officer
US State Department
Jenkins R&D Review Panel Report Recommendations - Implications for Canadian Business
The Jenkins Report on the effectiveness of $6.5 Billion spent annually in federal programs to support business R&D and innovation, calls for a “rebalancing” away from R&D tax credits - in favour of the increased use if “direct” funding for business. It also recommends a centralization of program delivery, a dismantling and transition of key NRC Institutes and programs such as IRAP, and enhanced roles for the Business Development Bank of Canada and government procurement in supporting Canadian SMEs. Would these recommendations assist Canadian business to conduct more research and innovation activity? The panel will explore these issues.

Moderator
David B. Watters
President
Global Advantage Consulting Group Inc.
David Watters worked for 30 years in the federal government as a senior executive and Assistant Deputy Minister in a variety of Economic Ministries including Industry Canada, Treasury Board and Finance Canada. He was the Assistant Deputy Minister in Finance Canada for Economic Development and Corporate Finance, where he helped to shape the economic and innovation investments in five federal Budgets. David then established the Global Advantage Consulting Group Inc. (Ottawa) and is the President of this strategic management consulting firm. The firm provides advice to corporate, association, and government clients in Canada and abroad about strategy development, innovative business models, the design and management of commercial networks, and enhanced decision-making, particularly in the areas of new technology investments, innovation/commercialization, trade, and energy/climate change projects, programs and policy.

David holds an Economics degree from Queen’s University as well as a Law degree in corporate, commercial and tax law from Queen’s Law School. He was also an adjunct Professor at the University of Ottawa Management School for seven years teaching International Negotiation to MBA students.

Celine Bak
Partner
Russel Mitchel Group
Céline Bak is an internationally recognized author, speaker and consultant on clean technology and on innovation and commercialization. She published and authored a ground-breaking national report on clean technology and on commercialization – the 2010 SDTC Cleantech Growth & Go-to-Market Report. Also published by her firm, the 2011 Canadian Clean Technology Industry Report builds on the 2010 baseline data set for Canada’s multibillion dollar clean technology industry that Analytica Advisors projects has the potential to attain $60 billion in annual revenues by 2020.

She is the co-founder of the Canadian Clean Technology Coalition that was struck to create the conditions required to make Canada’s clean technology industry an driver of Canada’s economic and energy productivity as well as an enabler for Canada’s green house gas reduction targets. Céline sits on the Clean Tech Advisory Board for the Department of Foreign Affairs and is a technical advisor to the National Round Table on the Environment and the Economy for Climate Prosperity. She was the co-chair of the 2011 Canadian Cleantech Summit and sits on the nominations committee for the Canada Clean50. She is the chair of the Canada-Brazil Working Group for Clean Technology and Green Energy. She resides in Ottawa with her husband and three daughters.

Michael Turner
Vice President, System Strategies
Wesley Clover International
Wesley Clover International, based in Ottawa, Canada, is an investment & management firm with interests in leading edge information technology & communications companies, digital media, real estate and resort properties. As a member of the executive team Michael Turner provides strategic advice and support on technology issues and government innovation policy. In addition to his work with Wesley Clover, Michael also provides consulting services in these domains as well as in the use of Information & Communications Technologies within government, in Canada and internationally. Prior to joining Wesley Clover, Michael spent much of his career with the Canadian Federal Government, most recently as a senior official accountable for executive leadership and management of ICT operations for the Canadian Federal Government’s common services agency, Public Works and Government Services (PWGSC). He also served for a time as the Departmental CIO. During this period, Mr. Turner was a key member of the team responsible for Canada’s success in implementing Internet based e-Government services for its citizens and businesses.

Mr. Turner spent 25 years with the Canadian Coast Guard prior to his responsibilities at PWGSC. While with the Coast Guard. Michael served in a series of engineering and management positions of increasing responsibility. This included representing Canada for several years on various technical committees and then the Governing Council of the U.N.’s International Maritime Organization, based in London. For several years, Mr. Turner was the Deputy Commissioner - Canadian Coast Guard. Since leaving the public service, his consulting and advisory work has included projects, workshops and presentations in Australia, S.E. Asia, Africa, Europe, India and Ottawa. He has also participated in the development and delivery of an ICT and e-Government management training program for developing country governments. In 2008, Mr. Turner was a member of the City of Ottawa’s ‘Mayor’s Task Force on e-Government’, the recommendations from which are currently being implemented.

Dan Clow, Ph.D
Director Policy, Advocacy and Alliances Development
GlaxoSmithKline (GSK)
Dr. Dan Clow leads the internal Policy Team at GSK focusing on health, industrial, pharmaceutical and biologics policy at the National level and through cross-functional efforts at the Federal, Provincial and Territorial levels. He also oversees a national field-based team serving as GSK’s point of contact for patient advocacy groups and professional organizations (including medical associations and societies). Dan completed his undergraduate and graduate degrees at Queen’s University, graduating with his Ph.D. in Pharmacology and Toxicology in 1988. His neuroscience research interests led him to subsequently complete a post-doctoral fellowship in the Department of Anatomy at the University of Hawai’i at Manoa. Upon returning to Canada in 1990 he joined the pharmaceutical industry in a medical affairs capacity. Dan joined Glaxo Wellcome (now GSK) in 1996 and spent 10 years in the Government Affairs and Private Payer arena. In 2006, he joined the Medical Division where he managed the respiratory business serving as a strategic scientific partner to the marketing division and managing the respiratory collaborative research trials with Canadian scientists and clinicians. In late 2008, he returned to the Public Affairs Division to take on the policy assignment. In 2011 his role and team was expanded to include the mandate for managing relationships with patient advocacy groups and professional organizations.

Dan is a founding member and past chair of the Group Insurance Pharmaceutical Collaborative (GIPC) and recipient of the Rogers Who’s Who in Healthcare for his work in private sector and employer-based health management. He is currently a member of both the Policy and Stakeholder Relations Committees at Rx&D.

6:00 pm - 6:30 pm
Opening Ceremonies
6:30 pm - 7:30 pm
Keynote Panel - Big Picture Perspective on Science & Innovation Policy
With continuing uncertainty about the global economy and with persistent public policy challenges that respect no borders, science and innovation policy is of increasing importance for governments and organizations across Canada and around the world. How do leaders from various perspectives view the "big picture"? What are the key challenges and opportunities in the decade ahead and how can science, technology and innovation help to address them? How can states improve the performance of their science, technology and innovation systems to ensure better health outcomes, a safe and secure environment, and sustainable prosperity for their citizens? How are macro-decisions on the state of science and innovation policy being made, and what foundations can support efficient national innovation systems.

Introductions
Dr. Suzanne Fortier
President
Natural Sciences and Engineering Research Council of Canada
Dr. Suzanne Fortier has served as President of the Natural Sciences and Engineering Research Council of Canada (NSERC) since January 2006. She was re-appointed to this position in November 2010. During her first five years, Dr. Fortier brought a renewed focus on excellence to the agency. Changes to NSERC’s funding structure ensure that the best researchers receive the funding they need to conduct world-class research. NSERC now engages more closely with industries to initiate research and development projects with academic partners. Dr. Fortier has also forged stronger relationships with other federal granting agencies and organizations to increase the number and scope of joint initiatives available to researchers. For example, a collaboration between National Research Council Canada, Business Development Bank of Canada and NSERC resulted in an ambitious new national initiative in nanotechnology.

Before her appointment to this position, Dr. Fortier held a number of senior research and administrative positions at Queen’s University. She joined Queen's University as an Assistant Professor in the Department of Chemistry in 1982 after holding research positions at the Medical Foundation of Buffalo and National Research Council Canada. She then served as Dean of the School of Graduate Studies, Acting Vice-Principal (Research), and Associate Dean in the School of Graduate Studies and Research before being appointed Vice-Principal (Research) in 1995. Most recently (2000-05), she was Vice-Principal (Academic).

Moderator
Véronique Morin
Science Journalist
Tele-Quebec
Véronique Morin is a journalist in both print and television with over 20 years experience who believes strongly that Science should have an important place in daily newscasts. She is currently working as science journalist for the science magazine program « Le Code Chastenay » on the public network Tele-Quebec, writing freelance magazine articles, as well as developing a documentary project. Recently (idea and research) her documentary “Time Bombs”, about Canadian veterans who have participated in atomic bomb tests, received the awards of « Best documentary” from the New York International Independent Film and Video festival, « Best Documentary » from the Canadian Association of Broadcasters, and Veronique was nominated for “Best research” at the Gemeaux awards 2008. Veronique Morin was president of the Canadian Science Writers' Association (CSWA) from 2001-2005.

She was elected the first president of the World Federation of Science Journalists (WFSJ) from 2002-2004. She also serves as a judge on numerous awards recognizing excellence in journalism.

Rémi Quirion, OC, Ph.D., CQ, FRSC
Chief Scientist & Chariman of the Board
Fonds de recherche du Québec
On September 1, 2011, Rémi Quirion, OC, PhD, CQ, FRSC, became Québec's first chief scientist. As such, he chairs the boards of directors of the three Fonds de recherche du Québec and advises the Minister of Economic Development, Innovation and Export Trade on research and scientific development issues. Until his appointment as chief scientist, Rémi Quirion was the vice-dean for science and strategic initiatives in the faculty of medicine at McGill University and senior university advisor on health sciences research. He was the scientific director of the Douglas Mental Health University Institute Research Centre, a full professor in the department of psychiatry at McGill University and the executive director of the International Collaborative Research Strategy for Alzheimer's Disease of the Canadian Institutes of Health Research. Professor Quirion was the first scientific director of the Institute of Neurosciences, Mental Health and Addiction (INMHA), one of Canada's 13 health research institutes.

His work helped to elucidate the roles of the cholinergic system in Alzheimer's disease, of neuropeptide Y in depression and memory and of the calcitonin gene-related peptide (CGRP) in pain and opiate tolerance. Rémi Quirion earned his PhD in pharmacology from Université de Sherbrooke in 1980 and carried out his postdoctoral training at the National Institute of Mental Health in the United States in 1983. He has over 650 publications in prominent scientific journals and is one of the most extensively cited neuroscientists in the world. He has received several awards and honours, including the Ordre national du Québec (Chevalier du Québec, CQ) in 2003, the Prix Wilder-Penfield (Prix du Québec) in 2004 and the Order of Canada (OC) in 2007. Mr. Quirion is also a member of the Royal Society of Canada.

Ian Chubb
Chief Scientist
Australian Government
Professor Ian Chubb was appointed to the position of Chief Scientist on 19 April 2011 and commenced the role on 23 May 2011. Prior to his appointment as Chief Scientist Professor Ian Chubb was Vice-Chancellor of the Australian National University from January 2001 to February 2011. He was Vice-Chancellor of Flinders University of South Australia for six years and the Senior Deputy Vice-Chancellor of Monash University for two years while simultaneously the Foundation Dean of the Faculty of Business and Economics for 16 months.

In 1999 Professor Chubb was made an Officer of the Order of Australia (AO) for “service to the development of higher education policy and its implementation at state, national and international levels, as an administrator in the tertiary education sector, and to research particularly in the field of neuroscience”. In 2006 he was made a Companion (AC) in the order for “service to higher education, including research and development policy in the pursuit of advancing the national interest socially, economically, culturally and environmentally, and to the facilitation of a knowledge-based global economy”. In 2000, Professor Chubb was awarded a Doctor of Science (Honoris Causa) from Flinders University. He was made the ACT’s Australian of the Year in 2011 for his contribution to higher education.

R. Peter MacKinnon
President, University of Saskatchewan
& member of the STIC State of the Nation Working Group
Originally from Prince Edward Island, Peter MacKinnon has lived in Saskatoon since 1975. He previously served the University of Saskatchewan as Dean of Law and Acting Vice-President (Academic) and was appointed President of the University in July, 1999. Educated at the University of Saskatchewan, Queen's and Dalhousie, Mr. MacKinnon articled in Kingston and was admitted to the Ontario Bar in 1975 and to the Law Society of Saskatchewan in 1979. He was appointed Queen's Counsel in 1990. He is currently a member of the Prime Minister’s Advisory Committee on the Public Service; a member of the Science, Technology and Innovation Council of Canada; a member of the Board of the Saskatoon Airport Authority; a former Chair of the Association of Universities and Colleges of Canada and has been a Chair or member of several public service boards, councils and committees since his appointment as president.

Recent awards include honorary degrees from the Memorial University of Newfoundland and the University of Regina and the Canadian Bar Association’s Distinguished Service Award in Saskatchewan (2005). Peter MacKinnon is currently serving his third term as President and Vice-Chancellor of the University of Saskatchewan.

7:30 pm - 9:00 pm
Mingling Politics and Science Reception
9:00 pm - 10:00 pm
DUST

Thursday, November 17, 2011

7:30 am - 8:30 am
Registration & Continental Breakfast
8:30 am - 8:40 am
Welcome Address
Jim Roche
President & Chief Executive Officer
CANARIE Inc.
Jim was appointed President and CEO of CANARIE in February 2010. He is a successful entrepreneur with over twenty-five years of leadership experience, having been a founding member and General Manager at Newbridge Networks Corporation (now Alcatel-Lucent), a co-founder and CEO of Tundra Semiconductor (now IDT), the CEO of CMC Microsystems and the founder and CEO of Stratford Managers, a company he continues to lead. In addition to his corporate duties, he also serves on numerous boards and committees including the ICT Advisory Board for DFAIT, the Committee of Research Partnerships for NSERC, the Expert Panel on Business Innovation for CCA and others. He is also an Executive-in-Residence at the Telfer School of Management at the University of Ottawa and is frequently called on to speak about entrepreneurship, commercialization of innovation, and strategy development.

Jim holds a Bachelor of Science in Electrical Engineering from Queen’s University, where he graduated at the top of his class and won multiple scholarships. He has added to his management skills through intensive programs at Stanford, Ivey, Queen’s and elsewhere.

8:40 am - 10:10 am
Building Stronger Communities Through Innovation
How do we build innovative communities? This is a central challenge for Canada in the 21st century since innovative communities form the foundation of a prosperous country. As more than a decade of research on industry clusters has shown, a robust innovation system can have a profoundly positive impact on local communities when it translates into high quality jobs, industrial growth, new enterprises, improved public infrastructure and services and a cleaner, healthier environment. But building innovation into our communities takes the involvement of individuals and institutions across the spectrum of society. Universities, colleges, research hospitals, private companies, governments and non-profit agencies, along with the talented, creative people that work in these organizations, must be free to work together and share their knowledge and ideas. Yet fostering collaboration and knowledge exchange between different organizations, with different interests and capacities can be challenging. Successful collaboration requires time, resources, communication, shared goals, commitment and risk-taking.

A panel of leading Canadian thinkers in inter-sectoral and inter-organizational collaboration will discuss how university and college researchers can work with local businesses to translate new knowledge into new creative products and beneficial services. They will look at the role of research hospitals in contributing to both the health and wealth of local communities. And they will discuss best practices in overcoming the institutional and cultural barriers to collaboration.

Chair
Gilles G. Patry, Ph.D
President and CEO
Canada Foundation for Innovation
On August 1, 2010, Dr. Gilles G. Patry became the fourth President and CEO of the Canada Foundation for Innovation (CFI). Following a long and distinguished career as a consultant, a researcher, and a university administrator, Dr. Patry brings to the CFI a wealth of experience from both the private and academic sector .

Dr. Patry holds a B.A.Sc. and M.A.Sc. in civil engineering from the University of Ottawa, and a Ph.D. from the University of California, Davis in environmental engineering. He was an environmental engineering consultant (1971-78) before becoming professor of civil engineering at École Polytechnique de Montréal (1978-83) and then at McMaster University in Hamilton, Ont. (1983-93). Dr. Patry’s research program at McMaster led him to develop an innovative modelling concept for the simulation of wastewater treatment plant dynamics, and ultimately, to launch a Hamilton-based consulting company, Hydromantis, Inc. His research focuses on modelling, simulation and control of environmental systems.

Chair
Marie Carter, FEC, P.Eng
Chief Operating Officer
Engineers Canada
Marie is the chief operating officer of Engineers Canada. For seven years, she was the organization’s director of professional and international affairs and secretary to its Canadian Engineering Qualifications Board and International Committee. Her work includes ensuring the implementation of Engineers Canada’s Strategic Plan, which includes activities related to the development and maintenance of national qualification standards for admission to, and the practice of, professional engineering in Canada international activities to enhance the mobility of Canadian engineers. Marie also ensures proper management of resources, distribution of products and services to Engineers Canada’s members and that business operations run smoothly. Marie has also been responsible for projects to increase the recognition of foreign credentials for internationally-educated engineering graduates.

Prior to joining Engineers Canada in April 2001, Marie worked for 13 years in transportation engineering consulting and carried out various environmental assessment studies. Marie graduated with a bachelor’s degree in civil engineering from Carleton University in Ottawa in 1989.

Respondent and Facilitator
Chad Gaffield, Ph.D
President
Social Sciences and Humanities Research Council
Chad Gaffield, one of Canada’s foremost historians, was appointed president of the Social Sciences and Humanities Research Council of Canada (SSHRC) on September 18, 2006. Gaffield came to SSHRC from the University of Ottawa, where he held a University Research Chair and was the founding director of the Institute of Canadian Studies. During his 20-year University of Ottawa career, he also served as vice-dean of graduate studies and on the executive committee of the board of governors. He is a former president of the Canadian Historical Association and the Canadian Federation for the Humanities and Social Sciences.

Dr. Kevin Smith
President and CEO
St. Joseph's Healthcare Hamilton
& St Joseph's Lifecare Centre Brantford
Dr. Smith is President and CEO of St. Joseph's Healthcare Hamilton and St Joseph's Lifecare Centre Brantford since 2009; and CEO of St Mary's General Hospital Kitchener-all members of the St Joseph's Health System. He is also Associate Professor in the Department of Medicine - Faculty of Health Sciences of McMaster University. Dr. Smith's experience also includes work and training in the areas of medical curricula development, management training for academic health professionals, performance and incentives models for enhanced creativity and productivity and numerous roles in both University and Teaching Hospitals. Dr. Smith is currently co-leading the Government's Emergency Department and Alternate Level of Care initiative, and is also playing a leadership role in the Premier's delegations to China. Dr. Smith also contributes as chair or member of various Provincial and National bodies as well as various private and philanthropic Boards.

Fred Morley
Executive VP & Chief Economist
Greater Halifax Partnership
Fred Morley is Executive Vice-President and Chief Economist of the Greater Halifax Partnership since 2002, an organization focused on retaining and expanding existing business and bringing new investment to Halifax. A former professor at Saint Mary’s University, Fred Morley has also served as senior economic advisor to the Government of Nova Scotia, senior policy analyst at the Atlantic Provinces Economic Council, and as senior manager at Nova Scotia Business Inc. He serves as a member of the Social Sciences and Humanities Research Council, the boards of the International Economic Development Council in Washington DC, the Acadia Centre for Small Business and Entrepreneurship, and Saint Mary’s Business Development Centre. He holds undergraduate degrees in chemistry and economics from Dalhousie University and did graduate work at Dalhousie and Saint Mary’s University.

Fassi Kafyeke
Director, Strategic Technology
Bombardier Aerospace
Fassi Kafyeke joined Bombardier Aerospace in 1982. In 1996, he became Manager of Advanced Aerodynamics. As Chief Aerodynamicist, he was responsible for aerodynamic design and development wind tunnel testing for all Bombardier Jets (Global Express, CRJ-700, 900 and 1000, Challenger 300, C-Series. In 2007, he became Director of Strategic Technology, in charge of all engineering research and development activities of the company. He has several publications in peer-reviewed journals and conference proceedings and is the author of a book on Computational Fluid Dynamics. In 2001, he was the recipient of the Grand Prix d’Excellence of the Order of Engineers of Québec. In 1980, Dr. Kafyeke graduated from the University of Liege (Belgium) with a degree in Aerospace Engineering. The following year he completed his Master’s degree in Air Transport Engineering at the Cranfield Institute of Technology (England) and in 1994, he received his Doctorate in Mechanical Engineering (Aerodynamics) from École Polytechnique de Montréal.

Hon. Mike Harcourt
Lawyer, Community Activist, and former BC Premier
Mike Harcourt is a former Premier of British Columbia, Mayor of Vancouver and City Councillor. He is a passionate believer in the power of cities and communities to improve the human condition. As such, as a speaker, author and advisor internationally on sustainable cities, he was appointed to serve on numerous committees, namely as Chair of the Prime Minister’s Advisory Committee for Cities and Communities, Co-chair the National Advisory Committee on the UN-HABITAT World Urban Forum, and as a member of the National Round Table on the Environment and Economy. Mr. Harcourt’s exemplary career as Lawyer, Community Activist, and Politician has been honoured, with the Woodrow Wilson Award for Public Service, the Canadian Urban Institute’s Jane Jacobs Lifetime Achievement Award and the UBC Alumni Achievement Award of Distinction for contributions to British Columbia, Canada and the global community.

10:10 am - 10:30 am
Coffee Break
10:30 am - 12:00 pm
The Role of K* in Strengthening Science-Policy Integration
This fast-paced and interactive session will begin with short (~3-minute) presentations by each panelist, followed by two sets of round-table discussions among participants and each of the six panelists, and a short wrap-up segment. Knowledge translation and brokering (KT-KB) are part of an increasingly-recognized spectrum of knowledge transfer approaches that can significantly contribute to strengthened science-policy integration. The “K*” concept was first discussed at Canadian Science Policy Conference (CSPC) 2010 in Montreal and encapsulates the variety of terms used by practitioners in this field, including Knowledge Translation, Brokering, Management, Mobilization, Transfer, Adoption etc. These K* approaches recognize the need for active engagement across the science-policy spectrum, and for careful consideration of users’ information needs, preferred format, time frame and communication mechanisms. K* approaches are increasingly being adopted in a variety of fields, including health, environmental sustainability, education, agriculture and international development. Building on the successful one-day KT-KB workshop held during CSPC 2010, this year’s panel will engage the broader CSPC community and:

Provide insight into this active, emerging field;
Showcase practical and tangible examples of the value and power of KT-KB and other K* approaches in Canada and internationally;
Develop the theme of demonstrating the impacts of Knowledge Mobilization activities;
Be a waypoint for the first international K* Summit in 2012, and subsequent development of a multi-sectoral forum and White Paper for K* issues nationally and internationally.

Convenor
Alex T. Bielak, Ph.D
Senior Fellow and Knowledge Broker
United Nations University
Dr. Alex Bielak is a member of the faculty at the United Nations University and also serves as Senior Advisor to the Chair of UN-Water. As Senior Research Fellow and Knowledge Broker in the freshwater programme at the UNU’s Institute for Water, Environment and Health (UNU-INWEH, the U.N. Think Tank on Water) Alex also leads a new Knowledge Management and Mobilization (K*) initiative for the Institute. Previously Alex was Environment Canada’s first-ever Director, Science and Technology Liaison with a mission of communicating science knowledge to targeted audiences and linking science with policy development. Before that he spent over a year as A/Director General, S&T Strategies Directorate, where he set up the Directorate and led the team developing EC's new Science Plan. A NATO Scholar, he has also held senior positions with Canada’s National Water Research Institute, NGOs, and other federal and provincial government departments.

Alex holds a PhD degree in Freshwater Biology from the University of Waterloo and has served on numerous National and International Boards and Committees. Recently appointed as an Adjunct Professor in the Department of Communication Studies and Multi-Media at McMaster University, recognition of his professional and volunteer activities includes a UW Science Faculty “Distinguished Alumni Award” on the occasion of UW’s 50th Anniversary and appointment as the first Honorary Member of the Canadian Rivers Institute in 2011.

Convenor
Shannon deGraaf
Senior Science Policy Analyst, S&T Liaison
Environment Canada
Shannon joined Environment Canada’s S&T Liaison team as a Science-Policy Analyst in January 2009. Shannon’s work with S&T Liaison has focused on communicating science activities and results to various decision-making audiences including senior management, practitioners and policy communities; contributing to best practices in science-policy linkages through the development of the Strengthening Science-Policy Linkages Study Series; and highlighting the role of knowledge translation and brokering tools in federal science-based departments and agencies through the development of an Interdepartmental Compendium of KT-KB Tools. Prior to joining S&T Liaison Shannon has had more than ten years of experience in Environment Canada’s Great Lakes Program with a focus on outreach. Shannon has a degree in Environmental Studies from Brock University.

Amanda Cooper
KNAER Program Manager, Research & Knowledge Mobilization
and RSPE Research & Program Coordinator
Amanda Cooper specializes in research-practice-policy relationships. Her interests professionally and academically revolve around improving research use in public services. Currently, she is managing the Knowledge Network for Applied Education Research (KNAER), www.knaer-recrae.ca, an ambitious effort to improve knowledge mobilization in education across Ontario. Amanda has also been the coordinator for the Research Supporting Practice in Education program at OISE, www.oise.utoronto.ca/rspe, since its inception in 2007. There is growing awareness that research mediation by intermediary organizations is integral to knowledge mobilization. Amanda’s doctoral research analyzes efforts made by 44 knowledge mobilization intermediaries (third party, research brokering organizations) that facilitate linkages between research producing contexts and research using contexts to increase research use and its impact in education across Canada. She provides talks, workshops and consulting on knowledge mobilization for researchers, practitioners, policymakers, intermediaries and other organizations across sectors.

Katrina Hitchman, Ph.D
Manager of Strategic Programs
Canadian Water Network
After finishing her Honours Bachelor of Arts degree at Mount Allison University, Katrina completed her master’s and PhD degrees in Industrial and Organizational Psychology at the University of Waterloo. Katrina joined the Canadian Water Network in February 2009 to assist in the development and management of CWN partnership-based programs, particularly the evolving research consortia. Katrina conducted a comparative organizational analysis examining the organizational structure and functions of Canadian and international organizations that share CWN’s mandate of using research to inform practice and policy. As CWN continues to explore consortia-based models for putting its research to work, she will focus on the development of knowledge translation tools for researchers and research users, evaluating the success of CWN programs, and pursing opportunities to enhance CWN’s profile as a leading knowledge translation and brokering organization.

David Phipps, Ph.D
Director, Research Services & Knowledge Exchange
York University/ResearchImpact
ResearchImpact

David is responsible for the management and support of research services (research grants and contracts, research ethics, technology and knowledge transfer); participates in strategic planning; negotiates research contracts and grants, manages research data and develops research performance measurements; ensures compliance with government policies and the University mandate.

Louise Shaxson
Senior Research Fellow, RAPID
Overseas Development Institute (UK)
& Associate, Delta Partnership
Louise is a senior research fellow at the Overseas Development Institute, UK’s leading think tank on international development; and an associate of Delta Partnership, an international management consultancy company based in London. Her particular area of interest is evidence-based policymaking and the links between knowledge and policy. She has authored and provided guidance on the provision of expert scientific advice to senior policy officials, what constitutes robust evidence for policy making, advised on horizon scanning projects and has published several journal articles and book chapters relating to evidence-based policy making. She has co-authored a forthcoming book on Knowledge, policy and power in international development: a practical guide which will be published by The Policy Press/University of Chicago Press in 2012.

Over the past few years, Louise became acquainted with a group of Canadians who shared her interested in evidence-based policy and, in particular, knowledge translation and brokering. Most recently, she was involved with CSPC where she gave a presentation on the distribution of responsibility in policy delivery and relating issues at the Canadian Science Policy Conference in Montreal last October.

Global Implications of Open and Inclusive Innovation
The context of innovation is being transformed by the growing ubiquity of affordable technologies, such as mobiles, even in the most remote parts of the world. In a June 4 2011 New York Times article, Thomas Friedman indicated that “Carlson’s Law” was an important consequence of these changes: “In a world where so many people now have access to education and cheap tools of innovation, innovation that happens from the bottom up tends to be chaotic but smart. Innovation that happens from the top down tends to be orderly but dumb,” observes Curtis Carlson, the CEO of SRI International. As a result, he says, the sweet spot for innovation today is “moving down,” closer to the people, not up, because all the people together are smarter than anyone alone and all the people now have the tools to invent and collaborate.” In emerging economies, new business models and innovative forms of entrepreneurship are flourishing, particularly in the informal sectors. What can Canada learn from these innovations? How should science policies respond? This panel will attempt to inform debates about the relationship between science policy, intellectual property regimes, changing technological platforms and private sector innovation. To do so, the International Development Research Centre (IDRC), the organizer of this panel will bring together experts from Canada, Brazil, South Africa and India to discuss emerging evidence on these issues, as well as recommendations for decision-makers.
Moderator

Matthew Smith
Program Officer
International Development Research Centre, Canada
Matthew Smith oversees research on the use of information and communication technologies (ICTs) to foster sustainable development and socio- economic equity at the International Development Research Centre (IDRC), a Canadian crown corporation. Before joining IDRC, Smith did postgraduate research on the interaction between technology and society, in particular the impact of e-government systems on citizens’ trust in the government of Chile. He has published on this subject and others, including the concept of openness to broaden access and inclusion. Smith holds a PhD in information systems and an MSc in development studies from the London School of Economics and Political Science (England), as well as an MSc in artificial intelligence from the University of Edinburgh (Scotland).

Sunil Abraham
Executive Director
Centre for Internet and Society (CIS), India
Sunil Abraham is the Executive Director of the Centre for Internet and Society in Bangalore India. He founded Mahiti in 1998 which aims to reduce the cost and complexity of Information and Communication Technology for the Voluntary Sector by using Free Software. Today, Mahiti employs more than 50 engineers and Sunil continues to serve on the board. Between June 2004 and June 2007, Sunil also managed the International Open Source Network a project of United Nations Development Programme's Asia-Pacific Development Information Programme serving 42 countries in the Asia-Pacific region.

Jeremy De Beer
Associate Professor, Faculty of Law
University of Ottawa
Jeremy is an Associate Professor at the University of Ottawa's Faculty of Law. His expertise is in the area of technology and intellectual property law. He has a graduate degree in law from the University of Oxford, and degrees in business and in law from the University of Saskatchewan. His research and recent publications address topics ranging from digital copyrights to biotechnology patents, with particular emphasis on the intersection of technology, intellectual property and international development.

Pria Chetty
Associate Director
Technology and Innovation Law, PricewaterhouseCoopers, South Africa
Pria Chetty is the Associate Director, Technology and Innovation Law at PricewaterhouseCoopers in South Africa. She completed her law degree in 2000 and went on to specialise in Electronic and Intellectual Property Law . She is the founder of Technology and Innovation Law Firm, Chetty Law, in South Africa, which has provided legal and strategic advisory services to a wide range of clients including public sector agencies, NGO’s, local and internationally listed companies and South Africa’s most innovative entrepreneurs. She was identified as one of the Brightest Young Minds in South Africa and later, in 2006, featured in Maverick magazine as one of five young attorneys making their mark in legal practice in South Africa.

Science Culture, Organized and Prioritized: Three National and International Initiatives
Culture is big: annually, some 290 million citizens actively participate in the exhibitions, programs, events and outreach initiatives organized by 2,400 science centres worldwide. Other types of institutions, radio, internet, and film build further on that reach. This session will examine three recent initiatives that seek to organize, define, and take strategic advantage of the work of hundreds of diverse science engagement and knowledge creation organisations nationally and internationally. Increasingly, strategic focus among this diverse set of content and communication partners is bringing new attention to science engagement for the benefit of national and global society.
This session will examine Inspiring Australia, an initiative of the Australian government to create regional networks of diverse engagement organizations and connect them effectively with the science knowledge creators in order to better execute science engagement in that country. We will also examine a initiative to benchmark "science culture" in order to better measure future progress . And finally we will examine a global initiative by science centres to use science engagement in a truly global context.

Moderator
Tracy Ross
Executive Director
Canadian Association of Science Centres (CASC)
Tracy Ross is the Executive Director of the Canadian Association of Science Centres, the national network that serves more than 45 charitable science centres, science museums and similar organisations that inspire 8 million people annually with learning experiences in science. The association is a national platform for collaboration, networking and tackling common issues. In May 2012, the association will be holding its 10th annual conference in Ottawa hosted by the Canada Science and Technology Museums Corporation. Tracy graduated from Queen’s University at Kingston in 1996 with a B.Sc. (Hons.) in Environmental Chemistry, and from the University of Toronto in 2000 with a Master’s degree in the History and Philosophy of Science and Technology. She got her start with science centres as a host at the Ontario Science Centre where she delivered a variety of lively demonstrations, developed a new tabletop experience, and facilitated learning with visitors of all ages. She has served on the Board of Directors of the Science and Technology Awareness Network and the steering committee for National Science and Technology Week. She lives in Ottawa, where, as an avid sailor, she also serves on the Board of Directors of the Nepean Sailing Club.

Lesley Lewis
Chief Executive Officer
Ontario Science Centre
Chief Executive Officer of the Ontario Science Centre since 1998, Lesley Lewis has led a major evolution of the landmark cultural attraction. Under Ms Lewis’ leadership over the past decade, the Science Centre has significantly renewed two thirds of its public spaces focusing on embracing new audiences, engaging visitors of all ages with science, scientists and innovation as well as incorporating current science news into daily offerings. From 2000 to 2006. Ms. Lewis spearheaded the Centre’s $47.5 million Agents of Change transformation.

As CEO, Ms. Lewis has sharpened the organization’s focus on extending its brand, audience reach and relevance. The Science Centre introduced an array of programs designed to ensure accessibility to all members of the community.

She is a respected member of the international science centre community, and has been active in global forums describing the Ontario Science Centre’s evolution into a new model for public engagement with science.

Ms Lewis is an invited member of the American Association for the Advancement of Science’s Committee on Science and Technology Engagement with the Public. She also currently serves on the Board of Directors of Tourism Toronto. From 2007 to 2009, she was President of the global Association of Science Technology Centers based in Washington D.C. She was a member of the China Association for Science and Technology’s international advisory committee for a new science and technology museum in Beijing that opened in 2009 and Chair of the Fifth Science Centre World Congress which was hosted by the Ontario Science Centre in Toronto in 2008. In that capacity she led the development of the Toronto Declaration, the science centre field’s first-ever shared global statement of beliefs and goals.

Prior to joining the Ontario Science Centre, Ms. Lewis was the Executive Director of the Ontario Heritage Foundation for six years and for three years Executive Director of the Ontario Human Rights Commission.

Denise Amyot
President and CEO
Canada Science and Technology Museums Corporation
Denise Amyot is currently, President and CEO of the Canada Science and Technology Museums Corporation whose mandate is to foster scientific and technological literacy throughout the country. The Corporation and its three museums – the Canada Agriculture Museum, the Canada Aviation and Space Museum, and the Canada Science and Technology Museum – tell the stories of Canadian ingenuity and achievement in science and technology.

She has worked both in National Headquarters and in regions in several federal departments including central agencies, Human Resources and Skills Development Canada, National Defense, Natural Resources Canada, and Canadian Heritage. In her former three roles as Assistant Deputy Minister, she was respectively responsible for leading and managing leadership development programs and developing policies for employees and executives throughout the public Service of Canada, the corporate management services, as well as public affairs and ministerial services. She has worked extensively in policy and line operations in the context of programs and service delivery, in social, economic, and cultural areas. She also worked for few years with the Government of the Northwest Territories.

Ms Amyot is the former President of the Institute of Public Administration of Canada, Vice-President of the Head of Federal Agencies Steering Committee, and member of the Board of Governors at the Ottawa University and at the Algonquin College. She is the former President of the Association of Professional Executives of the Public Service of Canada and former President of the Communications Community Office. Ms Amyot has obtained a Master's degree in Education and three Bachelor degrees in Biology, in Arts and in Education.

11:30 am - 1:30 pm
CANARIE Showcase & Exhibitor Tours
12:00 pm - 12:45 pm
Lunch
12:45 pm - 1:15 pm
Special Keynote Address by the Minister of State (Science and Technology)
Join the The Honourable Gary Goodyear, Member of Parliament for Cambridge & North Dumfries, and Minister of State (Science and Technology).

Hon. Gary Goodyear
Minister of State (Science and Technology)
Member of Parliament for Cambridge & North Dumfries
1:20 pm - 2:50 pm
Funding Innovation, Measuring Societal Impacts and Informing Science Policy
A major challenge for Canadian science policy is related to what areas of science to invest in, how best to make budget allocations that will address the needs of society while benefiting the Canadian economy, and then assessing the impact of those investments. As health care costs continue to rise, there are ongoing efforts to improve the effectiveness and efficiency of the health system. Research is recognized as a valuable investment to optimize the delivery and provision of health care, with nearly one quarter of Canada’s R&D spend, but is an incremental and iterative endeavor. The pathway from research to improved health and systems is neither linear nor simple. The complexity is amplified by the multitude of players involved; researchers, industry health care providers, policy makers, and the public. Research funders recognize the need for greater collaboration in providing innovative solutions to understanding how investments in health research make a difference to the health and wellbeing of Canadians. Consequently, this symposium brings together presenters from three Canadian research funding organizations, an academic Institution and one non-profit think tank.
Our panel examines methodologies used to analyze and demonstrate research impact. These methodologies are helping to elucidate and clarify the various pathways through which health research leads to societal wellbeing. The panel moderator will engage participants in the discussion with an aim to advance the science of impact assessment such that it will meet the needs of science policy and justify science spending to the public.

Moderator
Pierre Therrien
Director Market Structure & Framework Policy Analysis
Industry Canada
Pierre Therrien is Director, Market Structure and Framework Policy Analysis at Industry Canada within the Economic Research and Policy Analysis (ERPA) Branch. Prior to join ERPA, Pierre worked for several years in another sector within Industry Canada in the Science and Innovation Sector, where he led several projects related to the measurement science and innovation impact measures. Pierre also spent two years at the Organisation for Economic Co-operation and Development in Paris, France, where he coordinated several projects to develop new policy-relevant indicators related to government public support to R&D.

Laura McAuley
Manager, Impact Assessment Unit
Canadian Institutes for Health Research
Laura McAuley, MSc. is the Manager of the Impact Assessment Unit at the Canadian Institutes of Health Research. She led the initial implementation of the CIHR impact assessment framework and now continues to lead the ongoing refinement and methodological development in this area at CIHR. Laura has worked in the area of health research evaluation for the past seven years building on previous experience working in academic health research spanning the four pillars.

Kathryn E. Graham
Director, Performance Management
Alberta Innovates - Health Solutions
Kathryn E. Graham, Ph.D. is the Director of the Performance Management Department at Alberta Innovates – Health Solutions located in Alberta. Her experience is in the development, implementation and management of evaluation frameworks and conducting evaluations of health and research at the level of the program, organization and at multi-sites. She has a Ph.D. in applied psychology from the University of Cranfield, England with a specialization in occupational psychology, measurement, evaluation and human factors.

Ghislaine Tremblay
Director of Evaluation and Outcome Assessment
Canada Foundation for Innovation
Ghislaine Tremblay is the Director of Evaluation and Outcome Assessment at the Canada Foundation for Innovation. Over more than a decade she has held a variety of leadership roles in managing S&T funding programs and brings this broad expertise to the evaluation team that she leads. In her current role, Ms Tremblay has overseen the development of the Performance, Evaluation, Risk and Audit Framework, the Overall Performance and Value for Money Audit and outcome measurement study methodology and implementation.

Eddy Nason
Director, Toronto Office
IOG
Eddy Nason is the Director of the IOG’s Toronto office and their lead on health and innovation policy work. He specializes in research evaluation, particularly focusing on ROI approaches, and research impact framework and indicator development. He has advised research funders in the UK, Netherlands, Ireland, Australia and Canada on impact evaluation.

Education and Training of Scientists
Over the past 15 years, there has been an enormous shift in the human resources performing scientific research. The training period has lengthened significantly and adjustments must be made to address the growing concerns of young scientists. Many individuals, who do not have permanent positions, share a unique set of experiences and challenges that need to be better addressed in order to avoid wasting the substantial resources invested in their education and training.
This panel aims to address two main themes:
1. Are we producing too many biomedical research trainees?
2. What careers will the large majority of highly specialized PhDs undertake and who should facilitate these transitions?
Presentations and discussion from Alan Bernstein (Founding Director of CIHR), Angela Crawley (Canadian Association of Postdoctoral Scholars), Suzanne Fortier (President of NSERC), and Olga Stachova (COO, MITACS) will be introduced and moderated by David Kent (University of Cambridge and founder of http://scienceadvocacy.org).

Moderator
David Kent , Ph.D
CIHR Postdoctoral Fellow
University of Cambridge
Dr. David Kent is a CIHR postdoctoral fellow at the University of Cambridge, UK. He currently sits on the executive of the Canadian Association of Postdoctoral Scholars and created the website The Black Hole which provides information on and analysis of issues related to science trainees in Canada. Previously, Dr. Kent served as joint coordinator for the UBC branch of the Let’s Talk Science Partnership Program (2004-07), an award winning national science outreach program. Dr. Kent grew up in St. John’s, NL, obtained a B.Sc. in Genetics and English Literature at the University of Western Ontario and completed his Ph.D. in blood stem cell biology at the University of British Columbia. He has been awarded scholarships or fellowships from the CIHR, NSERC, the Canadian Stem Cell Network, the Michael Smith Foundation for Health Research, and the Lady Tata Memorial Trust. His current laboratory research focuses on normal blood stem cells and how changes in their regulation lead to cancers.

Dr. Angela Crawley
Vice-Chair of Operations
Canadian Association of Postdoctoral Scholars
Dr. Angela M. Crawley received a B.Sc. in Microbiology and Immunology at McGill University (’99) and then earned a Ph.D.in the Dept. of Pathobiology at the University of Guelph. Her doctorate addressed the regulation of immune responses in pigs, for the eventual improvement of vaccination strategies. In 2004, Angela moved to Ottawa to work as postdoctoral fellow (PDF) in Dr. Jonathan B. Angel’s laboratory at the Ottawa Hospital Research Institute (OHRI), partnered with the University of Ottawa. Angela is researching anti-viral mechanisms of human immune response in the context of HIV infection. Dr. Crawley held a postdoctoral fellowship award from the Ontario HIV Treatment Network (OHTN). She will begin her appointment as an Assistant Scientist at the OHRI and an Assistant Professor in April 2012 (to be funded by an OHTN Junior Investigator Development Award). While a postdoc, Angela was one of the founders of the uOttawa Faculty of Medicine Postdoc Association (2006, president 2007-09) and she also founded the uOttawa Postdoc Association (2009, president 2009-10). Angela was awarded a Postdoctoral Award of Excellence by uOttawa’s Faculty of Medicine (2007) recognizing scientific achievement and community involvement. Angela is also a member of a National Postdoc Stakeholders Working Group compiling recommended policies for the fair and equitable treatment of postdocs across Canada. She has attended some postdoc-related conferences including the 7th Annual Meeting of the National Postdoctoral Association (Houston, TX, USA, 2009) and, as a former president of the Canadian Association of Postdoctoral Scholars (CAPS), was an invited speaker for at the Annual Canadian Association of Graduate Studies meeting (Toronto, Nov. 2010). Angela is currently the Vice-Chair of Operations for CAPS.

Olga Stachova
Chief Operating Officer
Mitacs
Olga Stachova joined Mitacs in October 2000 and plays a key role in the organization's success. As Chief Operating Officer, her responsibilities include oversight of the overall operations and management, responsibility for delivery strategy for all Mitacs programs, their implementation, ongoing evaluation and monitoring, as well as allocation of Mitacs resources, human resources management and oversight of budgetary expenditures.

Olga has a Master’s Degree in English and Philosophy from the University of Constantine the Philosopher in Nitra, Slovakia. Prior to emigrating to Canada, she was Senior Project Manager at Management Partners, the leading company in the Slovak HR market. She was highly successful in her role of recruiting personnel for international organizations opening subsidiaries in Slovakia.

Olga is the recipient of the 2009 Business in Vancouver Forty under 40 Award.

Dr. Alan Bernstein
Founding President
CIHR 2000-2007
Dr. Alan Bernstein is the former executive director of the Global HIV Vaccine Enterprise, an international alliance of researchers and funders charged with accelerating the search for an HIV vaccine. Previously, he served as the founding president of the Canadian Institutes of Health Research (2000-2007), Canada’s national agency for the support of health research. After receiving his Ph.D. from the University of Toronto, and following postdoctoral work at the ICRF in London, Dr. Bernstein joined the Ontario Cancer Institute (1974-1985). In 1985, he joined the new Samuel Lunenfeld Research Institute in Toronto, was named its Associate Director in 1988 and then its Director of Research (1994-2000). Author of over 200 scientific publications, Dr. Bernstein has made extensive contributions to the study of stem cells, hematopoiesis and cancer. He chairs or is a member of advisory and review boards in Canada, the US, UK, and Australia. Dr. Bernstein has received numerous awards and honourary degrees for his contributions to science, including the 2007 Medaille du merite from the Institut de Recherche Clinique de Montreal, the 2008 Gairdner Wightman Award and the Order of Canada in 2002.

Dr. Suzanne Fortier
President
Natural Sciences and Engineering Research Council of Canada
Dr. Suzanne Fortier has served as President of the Natural Sciences and Engineering Research Council of Canada (NSERC) since January 2006. She was re-appointed to this position in November 2010. During her first five years, Dr. Fortier brought a renewed focus on excellence to the agency. Changes to NSERC’s funding structure ensure that the best researchers receive the funding they need to conduct world-class research. NSERC now engages more closely with industries to initiate research and development projects with academic partners. Dr. Fortier has also forged stronger relationships with other federal granting agencies and organizations to increase the number and scope of joint initiatives available to researchers. For example, a collaboration between National Research Council Canada, Business Development Bank of Canada and NSERC resulted in an ambitious new national initiative in nanotechnology.

Before her appointment to this position, Dr. Fortier held a number of senior research and administrative positions at Queen’s University. She joined Queen's University as an Assistant Professor in the Department of Chemistry in 1982 after holding research positions at the Medical Foundation of Buffalo and National Research Council Canada. She then served as Dean of the School of Graduate Studies, Acting Vice-Principal (Research), and Associate Dean in the School of Graduate Studies and Research before being appointed Vice-Principal (Research) in 1995. Most recently (2000-05), she was Vice-Principal (Academic).

Putting the Social in Canada’s Innovation Policy
The social sciences and human sciences matter. All of the big, "wicked" problems such as poverty, housing, immigration, security, diversity, climate change, at risk kids, Aboriginal issues, social determinants of health, to name a few, embrace issues related to social and human sciences. New solutions that address these issues are social innovations. But what's the role of social and human science research in fostering social innovations? How can the public, private, community and academic sectors collaborate on social innovation to benefit Canadians and Canadian communities?

Moderator
Graham Carr
President
Canadian Foundation of Humanities and Social Sciences
Graham Carr is President of the Canadian Federation for the Humanities and Social Sciences (CFHSS). Representing more than 85,000 faculty and students at 79 Canadian universities and 80 scholarly associations CFHSS is the national voice for university research and training in HSS disciplines. Carr is also Professor of History and Dean of Graduate Studies at Concordia University. He was previously Associate Dean of Research and Graduate Studies in the Faculty of Arts and Science. Trained at Queen's University in Kingston and the University of Maine at Orono, Carr is a specialist in North American cultural and public history. He has published in the fields of literary and music history, popular culture, cultural policy, cultural diplomacy and social memory studies. His current research focuses on Cold War cultural exchanges involving the United States, Canada and the Soviet Union.

A member of the executive of the Northeastern Association of Graduate Schools, Carr also serves on the Advisory Committee on Communications, Marketing and Programming for Canada's National Capital Commission.

Claudia Krywiak, Ph.D
Director, Partnership Development and Corporate Planning
Ontario Centres of Excellence
Claudia Krywiak is Director, Partnership Development and Corporate Planning, for the Ontario Centres of Excellence (OCE). OCE drives economic development by advancing the commercialization of publically-funded research outcomes, building industry-academic collaborations, and fostering the next generation of innovators and entrepreneurs. Claudia brings experience in developing successful partnerships to facilitate innovation and is interested in the development of new strategies that foster a culture of innovation and entrepreneurship and build partnerships between the private and not-for-profit sectors. Prior to joining OCE, Claudia held the position of Vice-President, Business Development (Ontario) at Mitacs, a national organization linking academia, industry and the public sectors to develop new tools to support the growth of Canada’s knowledge economy.

Claudia received her Ph.D. in Chemistry from the University of Toronto in 2003 and worked for Bruker BioSpin, a world leader in Nuclear Magnetic Resonance (NMR) technology, where she supported the customer base in the Canadian market and developed working relationships with industrial and academic researchers in chemistry, biochemistry, pharmaceuticals, and materials science.

Allyson Hewitt
Advisor, Social Innovation & Director, Social Entrepreneurship
Social Innovation Generation
Allyson leads the social innovation programs at MaRS including the Ontario node of the national initiative, Social Innovation Generation (SiG@MaRS). This program supports social entrepreneurs and promotes social innovation under the headings Advise! Convene! Accelerate! SiG@MaRS has also recently announced a groundbreaking Centre for Impact Investing and is working of a series of Innovation Solutions Labs to tackle complex challenges. A life long social innovator, she most recently worked at SickKids where she led Safe Kids Canada and was a passionate advocate for children. She was also the Executive Director of Community Information Toronto where she initiated 211, providing streamlined access to human service information. For this work she received the Head of the Public Service Award and several other prestigious awards for meritorious public service.

Allyson has been leading and volunteering in not-for-profit organizations for over 25 years. Her academic background is in Criminology, Law, Public Affairs, Voluntary Sector Management and Organizational development including Leading Change.

David Phipps, Ph.D
Director, Research Services & Knowledge Exchange
York University/ResearchImpact
ResearchImpact
David is responsible for the management and support of research services (research grants and contracts, research ethics, technology and knowledge transfer); participates in strategic planning; negotiates research contracts and grants, manages research data and develops research performance measurements; ensures compliance with government policies and the University mandate.

2:50 pm - 3:10 pm
Coffee Break
3:10 pm - 4:40 pm

GPS Genome Canada - Genomics and Regulatory Science
This panel is the final event in Genome Canada’s 2011 GPS series: Where Genomics, Public Policy and Society Meet, dedicated to facilitating a dialogue between federal policymakers and researchers exploring issues at the interface of genomics and its ethical, environmental, economic, legal and social aspects (or GE3LS). Under the overarching theme of “Translational Genomics,” ad the range of activities that help “move genomics out of the laboratory and into the market, the clinic, or society at large,” the 2011 series previously considered intellectual property, as well as other means to optimize the impact of genomic research beyond commercialization.

This panel will turn its attention to “regulatory science” and the policy questions that arise at the interface of science and regulations when assessing scientific and technological applications that result from advances in genomics, from a safety, efficacy or quality lens and from the perspective of other relevant considerations. The panel discussion will begin with the presentation of a draft policy brief commissioned by Genome Canada and prepared Drs. Bruce Doern and Peter Phillips, two leading Canadian science policy scholars, followed by invited commentaries from policy-makers and private sector representatives. The audience will be invited to participate in a plenary discussion to help refine the policy brief.

Moderator
Karine Morin
Director, National GE3LS Program
Genome Canada

As Genome Canada’s Director, National GE3LS Program, Karine Morin oversees activities related to the ethical, economic, environmental, legal and social (GE3LS) aspects of genomics research. Prior to joining Genome Canada, Karine was a Senior Ethics Policy Advisor at the Canadian Institutes of Health Research (CIHR). She also conducted research on ethical, legal and social issues related to genomics at the University of Ottawa’s Institute of Science, Society and Policy.

Karine worked in the US for several years as the Director of Ethics Policy at the American Medical Association, and previously as an Ethics and Health Policy Associate at the American College of Physicians. Before leaving Canada, she worked for the Commission of Inquiry on the Blood System in Canada (Krever Commission). Karine holds a Masters in Law (LLM) from the University of Pennsylvania and is a graduate of McGill University School of Law, where she obtained a joint degree in civil (B.C.L.) and common law (LL.B). Over the years, she has published widely in bioethics and law, and has taught as an adjunct at several universities in the US and Canada.

Bruce G. Doern, Ph.D
Professor, Researcher, Author, Consultant
Carleton University, School of Public Policy and Administration (retired)
Dr. Bruce Doern is the author of over 70 books and monographs and numerous other articles and studies on Canadian and comparative public policy and regulatory governance in areas such as food and health, biotechnology, science and innovation policy, government labs; environmental policy; energy policy; and consumer policy. He has recently completed a book (with Prof. Michael Prince) on Three Bio-Realms: Biotechnology and the Governance of Food, Health and Life in Canada (University of Toronto Press, in press). He is presently the co-editor of How Ottawa Spends, the Carleton University School of Public Policy and Administration’s annual review of national priorities and fiscal policy (McGill-Queen’s University Press). He recently served as the CIBC Scholar-in-Residence at the Conference Board of Canada. He also served as Director of the Carleton Research Unit on Innovation, Science and Innovation (CRUISE) at Carleton University.

He is a consultant and advisor to numerous federal and provincial departments and to international bodies such as the OECD on innovation, science, regulatory and other governance issues. He was an advisor to the 2004 federal External Advisory Committee on Smart Regulation. As Emeritus Professor, he teaches global governance in the Politics Department at the University of Exeter in the UK and he is Distinguished Research Professor in the School of Public Policy and Administration at Carleton University.

Peter W.B. Phillips
Professor of Public Policy
Johnson-Shoyama Graduate School
University of Saskatchewan
Dr. Peter Phillips is Professor of Public Policy in the Johnson-Shoyama Graduate School of Public Policy at the University of Saskatchewan, in Saskatoon, Canada. He earned his Ph.D. in International Political Economy at the London School of Economics and practiced for 13 years as a professional economist and senior policy advisor in Canadian industry and government. At the University of Saskatchewan, he has held the Van Vliet Research Chair, created and held an NSERC-SSHRC Chair in Managing Technological Change, was a founding member and director of the virtual College of Biotechnology and was founding director of the graduate school of public policy.

He has had visiting appointments at the LSE, the OECD, the European University Institute and the University of Western Australia, is associate editor of AgBioForum, a leading on-line journal, was a member of the NAFTA Chapter 13 expert panel on GM maize in Mexico and was a founding member of the Canadian Biotechnology Advisory Committee. He has been a member of the Board of Directors of the Canadian Agri-food Policy Institute, the Estey Centre for the Study of Trade, Law and the Economy, and Ag West Bio Inc., which operates a biotech venture fund.

His current research focuses on governing transformative innovation, including regulation and policy, innovation systems, intellectual property management, trade policy and decision systems. He is co-lead and principal investigator of a $5.4 million Genome Canada project entitled Value Addition through Genomics and GE3LS (VALGEN) which runs 2009-13 and has been an applicant and investigator on more than 15 peer reviewed grants worth more than $150 million. He has been author or editor of eight books—his latest, Governing Transformative Technological Innovation: Who’s in charge? was published by Edward Elgar in 2007—and more than 70 journal articles and book chapters.

Dr. Vratislav Hadrava, Ph.D
Director, Regulatory Affairs
Pfizer Canada inc.
Vratislav Hadrava obtained his MD diploma at Charles University, Prague, Czech Republic and PhD degree from Department of Medicine, Division of Experimental Medicine at McGill University, Montreal, Canada. He completed his postgraduate research training at the Neurobiological Psychiatry Unit at Department of Psychiatry, McGill University. He has published articles in peer reviewed journals in the domain of hypertension, vascular smooth cell proliferation, mechanism of action of antidepressants and anxiolytics and clinical psychopharmacology.

Vratislav Hadrava initiated his career in pharmaceutical industry in 1995 at Pfizer Canada and has held positions of increasing responsibilities in areas of Medical Affairs, Clinical Research and Regulatory Affairs.
He is currently Director, Regulatory Affairs at Pfizer Canada.

Vratislav Hadrava collaborated in numerous projects with clinical researchers from academia and Pfizer international, mainly in the area of mental health disorders. He acquired broad experience in clinical development and commercialization of new medicines and has developed a particular interest in the regulatory and pharmacovigilance aspects of pharmaceutical medicine.

Over the last years he has participated in several initiatives such as Health Canada/CIHR sponsored National Placebo Working Committee (2002-2004), Expert Advisory Committee on the Vigilance of Health Products (2007-2009) and Drug Safety and Effectiveness Network Advisory Committee (2009-2010).

Kwasi Nyarko, Ph.D
Regulatory Science Advisor
OFFICE OF POLICY AND INTERNATIONAL COLLABORATION
Health Canada
Kwasi A. Nyarko, Ph.D, is currently Regulatory Science Advisor, Office of Policy and International Collaboration, Biologics and Genetic Therapies Directorate, Health Canada. At Health Canada he has also worked with the Marketed Health Products Directorate with a unit responsible for post-market surveillance for biological products, including blood. Dr. Nyarko obtained his doctorate in Biomedical Sciences from the University of Guelph, Ontario, Canada. Kwasi has extensive experience in the development of science-based policies, guidance documents for industry, as well as development of national standards and regulations related to biologic and genetic therapies for human use. Dr. Nyarko is actively involved in the development of regulatory frameworks for a wide range of biological products regulated by BGTD such as the regulatory frameworks for vaccines, radiopharmaceuticals, pharmacogenomics, and plant molecular farming products. Dr. Nyarko has been involved in projects at the national and international levels and was instrumental in the development of the regulatory framework for subsequent entry biologics (biosimilars).

Erika van Neste
Innovation and Growth Policy Division
Strategic Policy Branch
Agriculture and Agri-Food Canada

The Impact of Investments in Innovation Intermediaries
Governments and businesses around the world invest in innovation intermediaries that help a diverse range of firms of different ages, sizes, and endowments innovate and succeed. Heightened concern for transparency and accountability has meant that these enabling organizations and programs report on a range of metrics, possibly including their impact on client and member firms. In this panel we explore the state of the art of the assessment of innovation intermediary impact from a range of perspectives: Canadian and European, practitioner and academic, ICT and biopharmaceutical industries. Panel members will consider what is proven, possible, desirable, and to be avoided in terms of impact assessment methodologies, and the degree to which different constituencies seek, avoid, are provided with, ignore, and use assessments of intermediary impact. The objective is an improved understanding of an issue that is central to innovation intermediary purpose and the ability of intermediaries to contribute to the innovation systems of which they are a part.

Moderator
Nobina Robinson
CEO
Polytechnics Canada
Nobina Robinson was appointed Chief Executive Officer of Polytechnics Canada in May 2009. Polytechnics Canada is a national alliance of Canada’s leading research-intensive, publicly funded colleges and institutes of technology. Mrs. Robinson held progressive appointments in the federal government and non-profit sectors since 1990. She began her public service career in 1990 when she joined the Treasury Board Secretariat as a management trainee. Two years later, she became a Foreign Service Officer and was posted as a political officer to the Canadian Embassy in Havana from 1994 to 1997. From 1998 to 2002, Mrs. Robinson led FOCAL, a policy institute on Canada’s relations with the Americas. Before joining Polytechnics Canada, Mrs. Robinson was the Ottawa-based Senior Government Relations Advisor for Seneca College, responsible for federal advocacy for one of Canada's largest colleges. Mrs. Robinson has a B.A. from Amherst College, an M.A. from Oxford University (Commonwealth Scholar 1985-1988) and has pursued post-graduate studies at Yale University. In October 2010, Mrs. Robinson was named to the Expert Panel undertaking the Review of Federal Support to Research and Development.

Mario Thomas, Ph.D
Senior Vice President
Ontario Centres of Excellence
Dr. Mario Thomas is an accomplished senior executive with impressive international credentials in the management of innovation. With over 30 years in leadership roles directing corporate development and commercialization, he creates remarkable value for all stakeholders. Mario Thomas brings extensive experience filled with achievements driving successful development collaborations and financial ventures. Dr. Thomas was promoted to Senior Vice-President, Ontario Centres of Excellence in June 2010. Before being appointed Managing Director of the Centre for Commercialization of Research at the Ontario Centres of Excellence in April 2009, Dr. Thomas was Partner in the venture firm T2C2 Capital. His previous experiences include CEO and co-founders of two start-up companies; senior level positions in business development, marketing and scientist. He is the founding chairman of the International Commercialization Alliance. He holds a PhD in chemistry and a BSc from Université Laval in Quebec City, as well as a diploma in business administration from École des Hautes Études Commerciales of Université de Montréal. He is also a Chartered Director with the ASC designation in board governance. Dr. Thomas brings an in-depth background in board level functions both as a board member and in managing board relations as an executive.

Margaret Dalziel
Associate Professor, School of Managment, University of Ottawa
& VP Research of The Evidence Network
Margaret Dalziel is an associate professor of innovation and entrepreneurship at the Telfer School of Management of the University of Ottawa, and VP Research of The Evidence Network. Margaret joined the University of Ottawa in 2001 with 15 years experience in technology development and research management at McGill University and the Canadian Space Agency. Her current research focuses on the assessment of interventions to promote innovation, and on describing the architecture of the economy in terms of inter-industry relations. With generous support from the Social Sciences and Humanities Research Council of Canada, her research has resulted in some 60 articles including publications in academic journals such as Research Policy, the Journal of Engineering and Technology Management, and the British Journal of Management. During 2008-2009 Margaret was a visiting professor at Zhejiang University in Hangzhou, China.

Raine Hermans, Ph.D
Head, Unit for Strategic Intelligence
Tekes (Finland)
Raine Hermans is the Head of Unit for Strategic Intelligence since January 2010. He started with Tekes as a Director of Regional Networks at Tekes in September 2007. The Regional Networks consist of 14 technology development departments all over in Finland. One of his most important future challenges is to coordinate synchronizing the distinctive regional strategies together and with the one of Tekes’. Raine acted as the visiting professor (managerial economics of biotechnology) at the Kellogg School of Management, Northwestern University, Illinois USA, from 2006 to 2007. Raine has also led a group of multidisciplinary corporate and industry analysts for several years with Etlatieto Ltd and ETLA, the Research Institute of the Finnish Economy. Raine has a Ph.D. degree in industrial engineering and management (Helsinki University of Technology) and a master’s degree in economics (University of Helsinki). He has published several articles in international journals and edited academic books. The most recent articles are related to technology management and economic forecasting.

Natalie E. Dakers
CEO
Centre for Drug Research and Development
Natalie E. Dakers is a leading figure in the Canadian biotechnology industry and currently serves as the Chief Executive Officer of the Centre for Drug Research and Development (CDRD), an innovative organization in British Columbia with a mandate to address the commercialization gap between early-stage technologies arising out of university-based research and investment opportunities. Under Ms. Dakers’ leadership, CDRD has signed affiliation agreements with major research institutions in Canada and forged important strategic relationships with Pfizer Canada and Genome British Columbia. With its over 20,000 square feet in specialized lab space and more than $12 million invested in state-of-the-art equipment, CDRD has attracted over 70 employees and 260 investigators. To date, CDRD has raised and secured approximately $74 million in funding and was named a Centre of Excellence for Commercialization and Research (CECR). Ms. Dakers is active in a number of business and scientific organizations, including Past Chair of BC Biotech (now LifeSciences British Columbia), the association supporting and representing the province’s biotech, medical device and life sciences community. Currently, Ms. Dakers is a board member of the Canada Foundation for Innovation (CFI), BIOTECanada and the International Science and Technology Partnership Canada (ISTP Canada). Previously, Ms. Dakers also served on the Boards of Genome Canada, Genome BC, and the Michael Smith Foundation for Health Research. Ms. Dakers is an Adjunct Professor in UBC’s Faculty of Pharmaceutical Sciences and a member of the Council of Canadian Academies’ Expert Panel on Business Innovation. Ms. Dakers received a Peak Award for Performance and Excellence in 2004. In 2009, Ms. Dakers was the recipient of BIOTECanada’s Gold Leaf Award for Industry Leadership.

Using Science Policy to Improve Health Outcomes in the North
The Canadian North has become a focus for politicians and researchers alike within recent years. This increased attention has not only helped to reignite Canadians’ awareness of the North, it has also shed light on certain disparities. Many Northerners, especially Aboriginal people, suffer from poorer health in comparison to other Canadians. This panel will explore the current health challenges in the North, and discuss how science policy can be used to help improve the situation. Overall, the goals of this panel are to:

Raise awareness about health issues in the North and the challenge of addressing those issues
Show how building up the scientific presence within the North will help to improve health outcomes among Northerners
Reiterate the notion that scientific work cannot take place in isolation – rather it must be a collaborative activity which is engaged in by many different, yet inter-connected, communities
Reaffirm the need for governments, communities, and academia to work together.

Moderator
Sandra Lister
Manager, Science Policy Coordination
Health Canada
Sandra Lister is the Manager of the Science Policy Coordination Unit (SPCU) within the Policy, Planning and Coordination Division of Health Canada's Strategic Policy Branch. The SPCU provides senior management with strategic analysis and advice on complex, horizontal and multi-dimensional S&T and science policy issues. Ms. Lister oversees the secretariat to the departmental Director General Science Committee and the Northern Health Evidence Sub-Working Group, which is responsible for leading the Health Portfolio’s contribution to the Northern Strategy. Additionally, Ms. Lister is an active member on several working groups which support the Federal S&T Strategy, the Federal Integrated Northern S&T Strategy (FINeST) and the Canadian High Arctic Research Station (CHARS).

Dr. Pertice Moffitt
Nurse Educator
Aurora College
Dr. Pertice Moffitt is a nurse educator in the undergraduate program at Aurora College, Yellowknife Campus, Yellowknife, NT; an Adjunct Professor with Dalhousie University; and, as well, she also teaches graduates students at Athabasca University. Additionally, Dr. Moffitt is the Manager of the Health Research Programs for Aurora Research Institute at the North Slave Research Centre in Yellowknife. Dr. Moffitt's research interests are with Circumpolar Health, Cultural Diversity and Women's Health utilising the qualitative methods of ethnography, photovoice and fourth generation evaluation.

Dr. Kue Young
Professor
Dalla Lana School of Public Health, University of Toronto
Dr. Kue Young is a professor in the Dalla Lana School of Public Health at the University of Toronto and TransCanada Chair in Aboriginal Health & Well-being. He is President of the International Network for Circumpolar Health Research and a former co-chair of the Arctic Council’s Human Health Expert Group. Much of Dr. Young's professional career has been devoted to northern and Aboriginal health research, with a major focus on the prevention of diabetes and cardiovascular diseases. In 2010 he was appointed Member of the Order of Canada for "his contributions and commitment to advancing the health and well-being of Indigenous peoples, notably as a leading scholar in the field of Aboriginal health research.”

Christopher Cornish
Regional Director, Policy, Planning, and Evaluation
Health Canada - Northern Region
Christopher Cornish is the regional Director of Policy, Planning, and Evaluation for Health Canada’s Northern Region. Northern Region is responsible for delivering on Health Canada’s mandate in the three northern territories, managing and administering health promotion and disease prevention programs, the Non-Insured Health Benefits program for First Nations and Inuit, and the Territorial Health System Sustainability Initiative. Northern Region also serves as the departmental link on circumpolar health and research activities and plays an instrumental role in supporting the Government of Canada’s Northern Strategy. Prior to joining Health Canada, Mr. Cornish served in various policy roles at Aboriginal Affairs and Northern Development Canada.

Sarah Kalhok Bourque
Manager, Northern Science and Contaminants Research
Aboriginal Affairs and Northern Development Canada
Sarah Kalhok Bourque is the Manager of Northern Science and Contaminants Research with Aboriginal Affairs and Northern Development Canada. In this capacity, Sarah Kalhok Bourque manages the Northern Contaminants Program (NCP), established in 1991. Prior to this, Sarah Kalhok Bourque was part of the core team that developed Canada’s Program for the International Polar Year (IPY), which was designed along policy-relevant themes of “Climate change impacts and adaptation” and “Health and well-being of Northern communities”, and she was subsequently Manager and Science Manager of the Government of Canada Program for IPY. Now based in Ottawa, she used to call the North her home while working for the Aurora Research Institute in Inuvik, Northwest Territories. Her perspective on northern/Arctic science and policy comes from program experience at the local, national and international level.

4:40 pm - 6:00 pm
Sponsor Showcase & Networking
6:00 pm - 7:00 pm
Keynote Panel - Science and Politics in Canada
This is a non-partisan and cross party discussion, among former scientists and current politicians, on the interface between science and government. The panel will discuss:

The barriers and potential solutions for greater interaction between the scientific and political communities in Canada
How to encourage and facilitate the greater participation of scientists in politics.

Introductions
Pierre Meulien, Ph.D
President and CEO
Genome Canada
Pierre Meulien was appointed President and CEO of Genome Canada in 2010. Prior to this appointment, Dr. Meulien served as Chief Scientific Officer for Genome British Columbia from 2007 to 2010 where he promoted the organization’s ongoing scientific strategy, focusing on the science of genomics, proteomics and bioinformatics within the larger realm of biotechnology and life sciences. Facilitating the translation of genome based technologies into end user communities across many life science sectors was also a key responsibility.

From 2002 to 2007, Dr. Meulien served as the founding CEO of the Dublin Molecular Medicine Centre (now Molecular Medicine Ireland) which linked the three medical schools and six teaching hospitals in Dublin to build a critical mass in molecular medicine and translational research. The Centre managed the Euro 45 Million “Program for Human Genomics” financed by the Irish government and was responsible for coordinating the successful application for the first Wellcome Trust funded Clinical Research Centre to be set up in Ireland.

For over 20 years, Dr. Meulien has managed expert research teams with a number of organizations, including Aventis Pasteur in Toronto (Senior Vice President of R&D), and in Lyon, France (Director of Research). He also spent seven years with the French biotechnology company Transgene in Strasbourg, France as a research scientist and part of the management team. Dr. Meulien’s academic credentials include a PhD from the University of Edinburgh and a post-doctoral appointment at the Institut Pasteur in Paris.

Marc Garneau
Former Astronaut
MP for Westmount Ville-Marie, Quebec
Marc Garneau has served his country his entire professional career, beginning with the Canadian Navy and then as an astronaut and President of the Canadian Space Agency , and now in political life. Garneau resigned from the Canadian Space Agency to run under the Liberal banner in Vaudreuil–Soulanges in 2006. After the last federal elections, he remained very involved in politics and played a determining role in the Liberal Renewal Commission by drafting its Science and Technology position paper. He also helped draft a number of resolutions aimed at clarifying the Canadian mission in Afghanistan, the resolution of fiscal unbalance and the implementation of the Kyoto Protocol.

Hon. Hélène LeBlanc
MP for LaSalle-Emard, Science and Technology Critic
Hélène is an agronomist and project manager for the Conseil d’assainissement et d’aménagement du ruisseau Lacorne.
Hélène has taught French in Vancouver and Ottawa and was an interpreter/guide for the Canada Museums of Science and Technology Corporation in Ottawa. She was also an assistant to persons suffering from Alzheimers for the organization Baluchon Alzheimer and an agro-environment officer with the Fédération de l’Union des producteurs agricoles de l’Outaouais-Laurentides.
Hélène has a Bachelor’s degree in education from the University of Ottawa and a Bachelor of Science degree in agriculture and environment from McGill University.

Dr. Kellie Leitch
MP for Simcoe Grey
Dr. Kellie Leitch is the Member of Parliament for Simcoe-Grey and Parliamentary Secretary to the Minister of Human Resources and Skills Development Canada, and to the Minister of Labour. Prior to her election on May 2, 2011, Dr. Leitch was an orthopaedic paediatric surgeon at the Hospital for Sick Children in Toronto. Dr. Leitch was also an Associate Professor at the University of Toronto, Chair of the Ivey Centre for Health Innovation and Leadership, and Director of the Health Sector MBA program at the Richard Ivey School of Business, University of Western Ontario. Dr. Leitch received the Order of Ontario in 2010 for her work advocating for children. Dr. Leitch was selected as one of Canada's Top 40 Under 40 for her work in both medicine and business in 2005. Dr. Leitch previously served as Chair of the Expert Panel for the Children's Fitness Tax Credit in 2006, which made recommendations to the Honourable Jim Flaherty, Minister of Finance, regarding the best ways to implement the tax credit designed to encourage health and fitness among Canadian children and youth. In 2008, Dr. Leitch authored the report entitled: "Reaching for the Top: A Report by the Advisor on Healthy Children & Youth". The report is a "call to action" for government and industry on key issues affecting Canadian children and youth.
Dr. Leitch earned her Doctorate of Medicine from the University of Toronto in 1994, MBA from Dalhousie University in 1998, completed the Orthopaedic Surgery Residency Program in 2001 at the University of Toronto, and became a Fellow of Paediatric Orthopaedics at the Children's Hospital of Los Angeles/University of Southern California in 2002.

As a volunteer, Dr. Leitch served as a council member on the NRC (National Research Council of Canada), a Board member of Genome Canada, a Director on the YMCA (GTA) board of directors, Vice President of CANFAR (Canadian Foundation for AIDS Research), and is the founder of The Sandbox Project. In addition, Dr. Leitch hosts an annual golf tournament to raise funds for the Canadian Breast Cancer Foundation.

Reza Moridi, Ph.D
Ontario MPP - Richmond Hill
An award-winning scientist, engineer, educator, business leader and community activist who has lived in Richmond Hill since 1991, Reza Moridi was first elected to the Ontario Legislative Assembly in 2007. Upon his election, Reza was appointed by Premier Dalton McGuinty as the Parliamentary Assistant to the Minister of Training, Colleges and Universities. He was also appointed to the Cabinet Committee on Economy, Environment and Resources Policy. Prior to his election, Reza was the Vice-President and Chief Scientist of the Radiation Safety Institute of Canada. His 17 year career at this Institute provided him with a thorough understanding of the nuclear industry of Canada as well as the application of radiation and nuclear materials in a large variety of industry and health care sectors. Over the years, Reza has contributed significantly to the understanding of nuclear materials, radiation and radiation safety by the public, students, educators and workers in Canada. In recognition of his contributions, the Canadian Nuclear Society presented Reza with the Education and Communication Award in 2001.

In recognition of Reza’s outstanding contributions to the profession of Health Physics (radiation protection), the US Health Physics Society presented Reza with the Fellow Award in 2002. For his original contribution to physics and engineering, Reza was elected as Fellow of the UK Institute of Physics (1986) and Fellow of the UK Institution of Engineering and Technology (1992). Education, energy, innovation, environment, health and prosperity are key issues of interest to Reza.

7:00 pm - 9:00 pm
Genome Canada Reception - Induction of 2011 Members to the Canadian Science and Engineering Hall of Fame
Friday, November 18, 2011
7:30 am - 8:30 am
Continental Breakfast
8:30 am - 8:40 am
Opening Statement of the Day: International Year of Chemistry

Bernard West, Ph.D
President/Chair of the Board
Westworks Consulting/Ontario BioAuto Council
Bernard West holds a BSc and a PhD in chemical engineering from the University of Manchester where he also taught for 6 years. In 2008 he was President and CEO of CANSOLV Technologies of Montreal, and was previously President and COO, Canada Colors and Chemicals Limited. Prior to that, he had 30 years of experience in the chemical industry with Rhone-Poulenc, Imperial Oil [ Esso ] and Polymer Corporation.

Bernard has also been very active in industry associations and industry-government bodies; member of the Board of the Canada’s Chemical Producers Association (Chair 1995–1997), Chair of The Chemical Institute of Canada, Chair of the Society of Chemical Industry–Canadian Section, member of the Board of the National Association of Chemical Distributors (Washington, D.C.).

He is currently; Chair of the Board of Ontario BioAuto Council, Co-Chair of the Sustainable Chemistry Alliance, Co-Chair of the Canadian Green Chemistry and Engineering Network, and Chair of the Advisory Board of the Institute for Chemical Process and Environmental Technologies in the National Research Council of Canada. He is an associate member of the IUPAC Committee on Chemical Industry representing Canada and a member of the board of Life Sciences Ontario.

8:40 am - 10:10 am
Drivers of Innovation in the Chemical-Related Industry Sector
In its 2011 Brief to the House of Commons Standing Committee on Finance, the Partnership Group for Science and Engineering (PAGSE) states that “a highly skilled workforce is an essential component of the innovation pipeline. Canada has done well to improve its capacity to train the next generation of researchers and innovators. Clearly we are on our way to building the next generation of cutting-edge researchers that will fuel the innovation pipeline. However employment prospects for highly skilled workers are bleak. A large part of the problem is that businesses in Canada invest very little in research and development (R&D), so they have little need to hire highly skilled workers. Canadian graduates have trouble finding good jobs, especially R&D jobs in industry”.
This session will explore the factors that drive industrial research and development in several of Canada’s largest chemical-related trade sectors. What are the strengths and weaknesses of our national and provincial science, economic and other related policies and regulations that attract or hinder research investments in Canada? Does research have to be carried out in Canada, in all cases, in order for the country to benefit? Are our industry / academic partnerships and commercial centres working - and producing results?
Moderator

Avrim Lazar, Ph.D

CEO & President
Forest Products Association of Canada
Avrim Lazar is President & CEO of the Forest Products Association of Canada, since Jan. 1, 2002 and he is chair of the Advisory Committee on Paper and Wood Products (ACPWP) to the United Nations. Mr. Lazar has held senior policy positions in the government of Canada in the Ministries of Justice, Agriculture, Environment and Human Resource Development. During this period he was responsible for national policy in areas as diverse as climate change, biodiversity, child poverty, employment insurance and labor force training.

Mr. Lazar was Chair of the Committee of the Whole of the Second UN Conference of the Parties to the Convention on Biological Diversity in 1995. He also chaired the National Business Association Roundtable and is the Past-President of the International Council of Forest and Paper Associations (ICFPA). Mr. Lazar taught high school in Vancouver and Zambia from 1969 to 1973. Over the years, Mr. Lazar has given many courses in the graduate studies programs at the University of Ottawa and Carleton University. Mr. Lazar holds degrees in science and education, including a B.Sc (1968) from McGill University, a B.Ed (1970) and a PhEd in Ed (1976) from the University of Ottawa.

Craig Crawford
President & CEO
Ontario BioAuto Council
Craig has served on numerous government and industry committees and non-profit boards that have advocated support for biobased industries in both Canada and the United States. He has acted as a consultant to the federal and Ontario governments on the bioeconomy and wrote a framework for developing biobased industries in Canada. He has been actively involved in identifying research and business opportunities in the new bioeconomy for more than a decade.

Craig is currently the President and CEO of the Ontario BioAuto Council. The Council’s vision is to make Ontario a global leader in the manufacture of automobile parts, construction materials and packaging from biological feedstocks. Its mission is to unite Ontario’s largest economic sectors (i.e. agriculture, forestry, oil, chemical, manufacturing and automotive), research community and government around viable strategies aimed at building a province-wide bioeconomy.

David Yake, Ph.D
Director - Corporate Process Innovation, Research & Business Development
DuPont Canada
David Yake has more than 31 years of global R&D, business, sales and marketing leadership with DuPont. He received his MS and Ph.D in Chemical Engineering from Iowa State University in 1980. He served six years with DuPont in Asia as regional business and marketing manager and director of the company’s Chemical Solutions business, leveraging broad based open innovation across the region to establish a sustainable growth platform. During the last five years David has lived in Canada and led the Research and Business Development Centre in Kingston, Ontario, and the DuPont Center for Process Innovation - a global corporate leveraged technology based business that specializes in developing and scaling-up technology solutions to commercial level. In Canada, the organization’s key role is to identify key growth opportunities and collaborate with global businesses to commercialize innovative solutions that meet market needs.

Dave Collyer
CEO & President
Canadian Association of Petroleum Producers
David Collyer was appointed President of the Canadian Association of Petroleum Producers (CAPP) on September 15th, 2008, after serving as President and Country Chair for Shell in Canada. In his current position, Mr. Collyer is responsible for leading CAPP’s activities in education, communications and policy / regulatory advocacy on behalf of its members representing over 90% of the upstream petroleum production in Canada.

During his 30 year career tenure with Shell, Mr. Collyer held a broad range of technical, business and senior leadership roles. These included positions in conventional oil and gas, oil sands, marketing and transportation and downstream commercial marketing, as well as cross-business roles such as strategy and planning, communications and sustainable development. He also participated in a two year Executive Exchange assignment with the federal government in Ottawa.

Mr. Collyer holds a petroleum engineering degree and an MBA from the University of Alberta, and belongs to a range of professional affiliations including the Association of Professional Engineers, Geologists, and Geophysicists of Alberta (APEGGA) as well as the Society of Petroleum Engineers (SPE). He has also been a member of a number of not-for-profit boards.

10:10 am - 10:30 am
Coffee Break
10:30 am - 12:00 pm
How do we build resilient communities in the face of climate change?
The science is complex, the picture is daunting, the impacts all too real. A global challenge, climate change is creating environmental, economic and social upheaval, particularly in coastal and northern communities.
What strategies are available to those communities to mitigate and adapt to climate change and its impact on their ecosystems? Are there governance and policy hurdles hindering the development and implementation of such strategies? Can and will local actions make a difference? As part of the conference’s “Exploring the True North Strong and Free: Reflections on Northern Science Policy” theme, this panel will engage in an inspiring conversation on community activism, sustainability and resilience in Canada’s northern communities.

Moderator
James Baxter
Founding Editor and Publisher
iPolitics
Over the past 25 years, Baxter has been an award-winning sportswriter, political journalist, bureau chief and editorial writer. A third-generation public affairs journalist, Baxter’s work covering politics, first in Ottawa and then in Alberta, earned him a prestigious Nieman Fellowship at Harvard University in 2008, where his studies focused on the future of media businesses and the role of the press in democracy. Born and raised in Ottawa, he holds degrees in international relations, journalism, and media administration. He lives in Ottawa with his wife, Sarah, and three young children, coaches football and soccer, and is an exuberant skier.

Frances Abele
Academic Director of the Carleton Centre for Community Innovation
Professor of the School of Public Policy and Administration, Carleton University
Dr. Abele has written widely on Canadian public policy and the northern political economy, publishing over 80 books, articles, book chapters and technical reports. With a northern research career stretching back thirty years, she is the author of an oft-consulted study of employment training in the Northwest Territories (Abele 1989) and numerous articles and technical reports on northern economic and political issues. She is an expert on federal northern policy, publishing regularly on this theme, and on the implications for the federation of governance innovations pursuant to the modern treaties. Abele is co-author and co-editor of the first comprehensive examination of northern development policy to include a balanced complement of authors from northern and southern Canada (Abele, Courchene, St-Hilaire and Seidle, 2009). As deputy director of research for the Royal Commission on Aboriginal Peoples in the 1990s, Abele was responsible for the Commission's research on the North, and portions of the work on governance and economy. She has worked in partnership with northern organizations in Canada and abroad, ranging from the North-West Academy of Public Administration, Murmansk, Russia to community governments in Canada, where she currently collaborates with the Hamlet of Igloolik and community partners in Deline.

Gordon McBean
Professor, Joint Appointment with Geography and Political Science
& Research Chair at the Institute of Catastrophic Loss Reduction, University of Western Ontario
Professor, Joint Appointment with Geography and Political Science
Dr. Gordon McBean received his B.Sc. in Physics and Ph.D. in Oceanography from the University of British Columbia and a M.Sc. in Meteorology from McGill University. He was a scientist in Environment Canada from 1970 to 1988 when he was appointed Professor and Chair of the Atmospheric Science Program at the University of British Columbia. In 1992, he was appointed Head, Department of Oceanography. From 1994 to 2000, he was Assistant Deputy Minister responsible for the Meteorological Service of Environment Canada. He was appointed to his present position in July 2000. Dr. McBean's research interests are in atmospheric and climate sciences, ranging in scope from the natural sciences of the phenomena to the policies of governments and responses of people to them. He is undertaking new research on the changing climate and weather systems in the Arctic, and investigating the role of science in changing government policies. An area of interest is the changing occurrence of extreme weather events with climate change, their influence on public systems and strategies for adaptation. In addition to his activities at UWO, Dr. McBean is active nationally and internationally. He is Chair of the Board of Trustees of the Canadian Foundation for Climate and Atmospheric Sciences and a member of the scientific committee for the International Arctic Research Center of the University of Alaska, the Board of the International Institute for Sustainable Development, the Northern S&T Committee, and the Canadian Committee for the International Polar Year. He was a lead author for the Arctic Climate Impact Assessment. Earlier in his career he participated in the first Polar Experiment planning meeting and as chair of the World Climate Research Programme helped create the Arctic Climate System Study (ACSYS). He has received the Patterson Medal for distinguish contributions to meteorology by a Canadian and is a Fellow of the Royal Society of Canada, the Canadian Meteorological and Oceanographic Society and the American Meteorological Society.

Ian Mauro
Canada Research Chair in Human Dimensions of Environmental Change
Mount Allison University
Ian Mauro is a Canada Research Chair in "human dimensions of environmental change" at Mount Allison University, in New Brunswick. He is both a researcher and filmmaker, with a PhD in environmental science, and his work focuses on hunter, farmer and fisher knowledge regarding environmental change, specifically issues related to food security and global warming. As part of his doctorate, he co-directed "Seeds of Change" (www.seedsofchangefilm.org), a highly controversial film that was banned from being released by the University of Manitoba, and created one of the largest academic freedom battles in Canada. For his postdoctorate, Mauro teamed up with Zacharias Kunuk and Igloolik Isuma Productions to develop "Inuit Knowledge and Climate Change", the world's first Inuktitut language film on the topic. The film is available for free on our website (www.isuma.tv/ikcc). This upcoming year, Mauro will be collaborating with Sheila Watt-Cloutier - acclaimed Inuk climate change advocate and Nobel Prize nominee - who will be working on her forthcoming book as a Visiting Scholar at Mount Allison. Ian can be contacted through email at imauro@mta.ca.

Jamal Shirley
Manager, Research Design and Policy Development
Iqaluit Research Centre, Nunavut Research Institute
Jamal Shirley is Manager of Research Design at the Nunavut Research Institute in Iqaluit. He grew up in Rankin Inlet, Nunavut, and has lived in Iqlauit since 1997. An advisor to researchers working in the social, natural and biological disciplines in Nunavut, Jamal contributes to research design, data collection, analysis, and public outreach for a wide range of studies. He has served on the advisory board for the Arctic Storm Studies Project, and as a member of Canada’s National Committee for International Polar Year. As a member of the Nunavut Government’s Sustainable Development Advisory Group Jamal contributes to the development of policy and strategies relating to resource development, climate change adaptation, land use planning, and wildlife management in Nunavut. Jamal also works directly with Nunavut community groups to develop research proposals and identify funding and partnerships.

What do some of the fastest growing S&T Firms in Canada think about Canada's Innovation Policy?
The policy community has no shortage of indicators and creative ideas to support more innovative economies and high quality services to and opportunities for Canadians. The challenge, rather, is to determine the right mix of indicators to monitor for a desired outcome in a particular sector, and the right approach to policy development and implementation for the same sector outcomes. This panel will set out to identify the most influential policies and gaps in policy for fast-growing S&T firms in Canada. The discussion would explore issues of incentives, trade, HQP, innovation strategy and partnerships as they are influenced by policy and implemented through management practice. The panelists will be invited to explore one or two of these issues to a greater depth that speaks to specific policy and management linkages.
The panelists represent some of the fastest growing S&T companies in Canada, moderated by Dr. Charles Davis, Research Chair in Media Management and Entrepreneurship at Ryerson University, and of the Innovation Systems Research Network.

Moderator
Charles Davis
Professor
Ryerson Unversity's School of Radio and Television Arts
Charles Davis is a professor in Ryerson Unversity's School of Radio and Television Arts (Faculty of Communication and Design) and is cross-appointed with the Entrepreneurship and Strategy Department in the Ted Rogers School of Management. He currently teaches and conducts research on management and policy in industries that produce experience goods - with special interest in innovation and new product development in the software and content layers of mediated creative industries. He is currently involved in research projects on media product innovation, media labour, media industry clusters, audience responses to media offerings, corporate governance of innovation, and digital entrepreneurship. His recent graduate and undergraduate teaching includes courses in media management, new product development, political economy of media industries, audience analysis, innovation in experience-producing industries, cultural economy, and media entrepreneurship. He teaches in Ryerson's MA in Media Production program, in the Ryerson/York MA/PhD program in Communication and Culture, and in Ryerson's MBA/MSc in Management of Technology and Innovation program.

David Arthurs
President
Hickling Arthurs Low
Dr. David Arthurs is the President of Hickling Arthurs Low (HAL). David specializes in economic analysis, policy development, and strategic planning for public sector science and technology organizations. David has a BASc in Mechanical Engineering from the University of Waterloo, an MBA from the University of Ottawa, and a PhD from the School of Business at Queen's University

Curtis VanWalleghem, MBA, BEng, PMP
Chief Executive Officer
Hydrostor Inc
Mr. VanWalleghem currently leads energy storage start-up Hydrostor Inc. Curtis has spent the last 10 years helping companies set and execute on their strategy. Prior to Hydrostor, he was Sr. Manger in Deloitte's Corporate Strategy Consulting Practice where he advised some of the top energy companies in Canada and around the globe. He has also held positions at Bruce Power, Celestica Inc, and CIBC.

Nicolas Morgan
Vice-President, Business Development and Marketing
Morgan Solar
Nicolas Morgan is a co-founder of Morgan Solar, and leads the company’s Business Development and Marketing efforts. He holds a Bachelor of Social Science in Anthropology and a post-graduate degree in Applied Information Technology. Before coming to Morgan Solar at the start of 2008, Nicolas spent two years in Spain as a senior manager for FON Technologies, a Web 2.0 start-up. At FON, Nicolas coordinated the activities of business development teams in Europe, North America and Asia. Prior to this, Nicolas worked at Ernst & Young as a risk management and business process advisor to the Ontario electricity sector.

Glen Martin
President and COO
Pod Generating Group
Glen has over 20 years experience in early-phase project development in space and high technology sectors. Most recently he served as co-founder and Senior Adviser in Business Development at ProtoStar Limited, a satellite operator focused on direct-to-home satellite television services in Asia. Prior to co-founding Pod Generating Group, Glen worked with NASA, Motorola, Hughes and Raytheon on advanced space systems and international business development. He previously worked for McDonnell Douglas Space Systems Company, Boeing Canada and Rolls-Royce Canada. He holds a Bachelor of Technology in Aerospace Engineering from Ryerson University and an MBA from the University of Southern California.

Reaching out with Big Science
The public often learns of developments in science in the media distilled from press offices at peer-reviewed journals or universities. In a few cases, research institutions such as the Mayo Clinic and CERN have also developed a reputation for being seen as authoritative sources of science news and information for the public. In recent years, the Canadian research landscape has grown to feature a number of ‘big science’ facilities. These institutions, such as TRIUMF, Ocean Networks Canada, the Canadian Light Source, SNOLab and the Perimeter Institute, conduct research at the forefront of science – often at the convergence of science disciplines and with a scope and scale that is larger than traditional research institutions in government or the academy. In addition to research, all of these laboratories also engage in a number of forms of public engagement and outreach, ranging from media relations to classroom education. In a media landscape where science reporting is becoming increasingly fractured, what role do Canada’s big science facilities have in being sources of science news, information and education?

Moderator
Matthew Dalzell
Communications Coordinator
Canadian Light
Matthew Dalzell is the Communications Coordinator and Staff Writer at the Canadian Light Source, Canada’s national synchrotron facility in Saskatoon. His role includes media relations, strategic communications and telling stories about the science done at the CLS as an embedded science writer. One of the items on his ‘bucket list’ was fulfilled soon after starting at the CLS in 2004: appearing on CBC radio’s Quirks and Quarks. Matt earned a M.Sc. in Geology, specializing in palaeontology, as well as bachelor degrees in Science and Education, all from the University of Saskatchewan. He taught high school in Saskatoon and rural Saskatchewan, and spent several years on full-time service with the Royal Canadian Navy as a reserve staff officer and instructor. Matt is also chair of lightsources.org, an international communications collaboration of synchrotrons and other high-energy light source facilities.

John Matlock
Director, External Relations & Public Affairs
Perimeter Institute
John Matlock is the Director of External Relations and Public Affairs, Perimeter Institute for Theoretical physics. John and his team are responsible for a wide range of Perimeter Institute's strategic communications and relationships. Since 2004, John has led a wide range of activities, including special events with Stephen Hawking, the award winning "Quantum Tamers" documentary (viewable in sixty countries), and the successful "Quantum to Cosmos: Ideas for the Future" festival, reaching over one million on-site, online and via television. Prior to joining Perimeter, John was an award winning news producer in both the CTV and CBC news organizations. In transferring his skills to science communications, he has guided others in a successful "rule of three" - tied to content, conversation and coordination.

Penny Park
Executive Director
Science Media Centre of Canada
Penny Park is the Executive Director of the Science Media Centre of Canada, with extensive hands-on experience in radio and television science journalism. From 1980 to 1995, she worked as a producer and senior producer with Quirks and Quarks, the award-winning weekly science program on CBC radio. Since 1995, Penny has been with the Discovery Channel, where she helped develop the show now called Daily Planet. Originally from Montreal, she first earned a BA from the University of New Brunswick, studying linguistics, followed by a B.Sc (honours) in biology from the University of Guelph, graduating there in 1980.

Tim Meyer, Ph.D
Head of Strategic Planning & Communications
TRIUMF
Dr. Timothy I. Meyer is Head of Strategic Planning and Communications at TRIUMF, Canada’s national laboratory for particle and nuclear physics. He coordinates interactions with elected officials, stakeholders, the general public, and the media. Tim oversaw preparation and successful approval of the laboratory’s five-year plan 2010-2015 and played a role in Canada’s national discussions about producing medical isotopes using accelerators. He came to TRIUMF in late 2007 from the U.S. National Academies in Washington, D.C., where he served as an expert in science and public policy as a senior program officer at the Board on Physics and Astronomy. Dr. Meyer joined the U.S. National Academies after earning his Ph.D. in experimental particle physics from Stanford University. Tim has been recognized for excellence in public-policy analysis and communication strategies. In 2010, he chaired a strategic communications review of the U.S. DOE’s premier plasma and fusion science laboratory managed by Princeton University. When not working, Tim reads pulp fiction on his Kindle, plays volleyball, and follows his gourmet-chef wife around the kitchen to wash the dishes.

Jay Ingram
Science Broadcaster and Writer
Jay Ingram was the host of Discovery Channel Canada’s Daily Planet from the first episode in January, 1995 to June, 2011. Daily Planet is the only hour-long, prime-time daily science show in the world. Prior to joining Discovery, Jay hosted CBC radio’s national science show, Quirks and Quarks, from 1979 to 1992. During that time he won two ACTRA awards, one for best host, and several Canadian Science Writers’ awards. He wrote and hosted two CBC radio documentary series and short radio and television science stories for a variety of programs. He was a contributing editor to Owl magazine for ten years, and wrote a weekly science column in the Toronto Star for twelve. Jay has also written eleven books - which have been translated into twelve languages - and is working on more.

Jay has received the Sandford Fleming medal from the Royal Canadian Institute for his efforts to popularize science, the Royal Society’s McNeil medal for the Public Awareness of Science and the Michael Smith award from the Natural Sciences and Engineering Research Council. He is a Distinguished Alumnus of the University of Alberta, has received five honorary doctorates and is a member of the Order of Canada.

12:00 pm - 12:45 pm
Lunch
12:45 pm - 12:55 pm
Luncheon Address - PIPSC

Gary Corbett
President
Professional Institute of the Public Service of Canada
Gary Corbett brings over 30 years of experience in the public and private sectors to his role as President of the Professional Institute of the Public Service of Canada (PIPSC). Mr. Corbett represents 60,000 members including more than 23,000 scientists, researchers and regulators who work in government departments, agencies and laboratories.

A former employee of Natural Resources Canada, Gary worked as a scientist conducting operational research in the coal mining industry in Cape Breton. Relocating his family to Ottawa following the close of the coal industry in 1998, he focused his attention on policy development as it pertains to the role of public science and evidence-based decision-making.

As National Vice-President and then President of the Institute, Gary Corbett has ensured that PIPSC is actively engaged in the search for solutions to the challenges facing Canadian science. He initiated and chaired successful Science Policy Symposiums in 2007 and 2010. Mr. Corbett is also strongly committed to advocating on behalf of Canada's public science and its public scientists.
1:00 pm - 1:30 pm
Keynote Luncheon Address
1:30 pm - 3:30 pm
Examining the Prospects of a Canadian Science Policy Centre

The original agenda was published in the CSPC website, follow it here

For more details visit https://cis-india.org/news/canadian-science-policy-conference

Study of Privacy Policies of Indian Service Providers

praskrishna — 2014-12-21T15:09:49Z

For more details visit https://cis-india.org/internet-governance/blog/study-of-privacy-policies-indian-service-providers.pdf

A Study of the Privacy Policies of Indian Service Providers and the 43A Rules

elonnai — 2015-01-13T02:37:31Z

Written by Prachi Arya and Kartik Chawla
Edited by: Vipul Kharbanda, Elonnai Hickok, Anandini Rathore, and Mukta Batra

Click to download the PDF

Contents
Executive Summary
Introduction
Objective, Methodology, and Scope of the Study
Objective of Research
Methodology
Scope
Criteria for selection of companies being studied
Overview of Company Privacy Policy and Survey Results
Vodafone
Tata Teleservices Limited
Airtel
Aircel
Atria Convergence Technologies
Observations
International Best Practices
Australia
European Union
Recommendations
Annexure 1
Annexure 2

Executive Summary

India has one of the largest telecom subscriber base in the world, currently estimated at 898 Million users.^{^[1]} With over 164.8 Million people accessing the internet ^{^[2]} in the subcontinent as well, technology has concurrently improved to facilitate such access on mobile devices. In fact, the high penetration rate of the internet in the market can be largely attributed to mobile phones, via which over 80% of the Indian population access the medium.^{^[3]}

While this is a positive change, concerns now loom over the expansive access that service providers have to the information of their subscribers. For the subscriber, a company's commitment to protect user information is most clearly defined via a privacy policy. Data protection in India is broadly governed by Rules notified under Section 43A of the Information Technology Act 2000.^{^[4]} Amongst other things, the Rules define requirements and safeguards that every Body Corporate is legally required to incorporate into a privacy policy.

The objective of this research is to understand what standards of protection service providers in India are committing to via organizational privacy policies. Furthermore, the research seeks to understand if the standards committed to via organizational privacy policies align with the safeguards mandated in the 43A Rules. Towards this, the research reviews the publicly available privacy policies from seven different service providers - Airtel, Aircel, Vodafone, MTNL, BSNL, ACT, and Tata Teleservices.

The research finds that only Airtel, Vodafone, and Tata Teleservices fully incorporate the safeguards defined in the 43A Rules. Aircel, and ACT incorporate a number of such safeguards though not all. On the other hand BSNL minimally incorporates the safeguards, while MTNL does not provide a privacy policy that is publicly available.

Introduction

The Indian Telecom Services Performance Indicators report by the Telecom Regulatory Authority of India (TRAI) ^{^[5]} pegs the total number of internet subscribers in India at 164.81 million and the total number of telecom subscribers at 898.02 million, as of March 2013. As mobile phones are adopted more widely, by both rural and urban populations, there is an amalgamation of telecommunications and internet users. Thus, in India, seven out of eight internet users gain access through mobiles phones. ^{^[6]}

Though this rapid evolution of technology allows greater ease of access to digital communication, it also has led to an increase in the amount of personal information that is shared on the internet. Subsequently, a number of privacy concerns have been raised with respect to how service providers handle and protect and customer data as companies rely on this data not only to provide products and services, but also as a profitable commodity in and of itself. Individuals are thus forced to confront the possible violation of their personal information, which is collected as a quid pro quo by service providers for access to their services and products. In this context, protection of personal information, or data protection, is a core principle of the right to privacy.

In India, the right to privacy has been developed in a piecemeal manner through judicial intervention, and is recognized, to a limited extent, as falling under the larger ambit of the fundamental rights enshrined under Part III of the Constitution of India, specifically those under Article 21. ^{^[7]} In contrast, historically in India there has been limited legislative interest expressed by the Government and the citizens towards establishing a statutory and comprehensive privacy regime. Following this trend, the Information Technology Act, 2000 (IT Act), as amended in 2008, provided for a limited data protection regime.

However, this changed in 2010 when, concerned about India's robust growth in the fields of IT industry and outsourcing business, an 'adequacy assessment' was commissioned by the European Union (EU), at the behest of India, which found that India did not have adequate personal data protection regime. ^{^[8]} The main Indian legislation on the personal data security is the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (Rules), enacted under Section 43A of the IT Act, which extends the civil remedy by way of compensation in case wrongful loss or gain under Section 43A to cases where such loss or gain results from inadequate security practices and procedures while dealing with sensitive personal data or information. In 2012, the Justice AP Shah group of Experts was set up to review and comment on Privacy,^{^[9]} for the purpose of making recommendations which the government may consider while formulating the proposed framework for the Privacy Act.

Objective, Methodology, and Scope of the Study

Objective of Research

This research aims to analyse the Privacy Policies of the selected Telecommunications (TSP) and Internet Service Providers (ISP) (collectively referred to as 'service providers' for the purposes of this research) in the context of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules ('Rules') in order to gain perspective on the extent to which the privacy policies of different types of service providers in India, align with the Rules. Lastly, this research seeks to provide broad recommendations about changes that could be incorporated to harmonize the respective policies and to bring them in line with the aforementioned Rules.

Methodology

The Privacy Policies^{^[10]} of seven identified service providers are sought to be compared vis-a-vis - the requirements under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, (Rules) as notified by way of section 87(2) (ob) read with section 43A of the Information Technology Act, 2000.

Specifically, the Privacy Policies of each of the selected companies are compared against a template that is based on of the essential principles of the Rules respectively, and consists of a series of yes or no questions which are answered on the basis of the respective Privacy Policy. These responses are meant to fulfil the first aim of this research, i.e., provide a perspective into the extent to which these companies follow the Rules and the Principles, and thus the extent to which they respect the privacy of their customers. See Annex 1 for the survey template and the interpretation of the 43A Rules for the development of the survey.

Scope

Criteria for selection of companies being studied

For the purpose of the study the companies selected are limited to service providers - including Telecommunication Service Providers and Internet Service Providers. Four broad categories of companies have been selected, namely (i) State Owned Companies, (ii) Multinational Companies, (iii) Joint Venture companies where one party is an Indian company and the other party is a foreign based company and (iv) Domestic companies which have a localized user base. The companies have been selected on this basis of categorization to better understand if the quality of their respective privacy policies is determined by their market reach and user base.

The privacy policies of the following service providers have been analyzed:

1. State Owned Companies^{^[11]}

a. BSNL^{^[12]}: Bharat Sanchar Nigam Limited, better known as BSNL, is a state-owned telecommunications company that was incorporated by the Indian government in the year 2000, taking over the functions of Central Government departments of Telecommunications Services (DTS) and Telecom Operations (DTO). It provides, inter alia, landline, mobile, and broadband services, and is India's oldest and largest communication services provider. ^{^[13]} It had a monopoly in India except for Mumbai and New Delhi till 1992.

b. MTNL^{^[14]}: Mahanagar Telephone Nigam Limited is a state-owned telecommunications company which provides its services in Mumbai and New-Delhi in India, and Mauritius in Africa. It was set up by the Indian Government in the year 1986, and just like BSNL, it had a monopoly in the sector till 1992, when it was opened up to other competitors by the Indian government. It provides, inter alia, Telephone, Mobile, 3G, and Broadband services. ^{^[15]}

2. Multinational Companies

a. Bharti Airtel Ltd:^{^[16]} Bharti Airtel, more commonly referred to as Airtel, is the largest provider of mobile telephony and the second largest provider of fixed telephony in India. Its origins lie in the Bharti Group founded by Sunil Bharti Mittal in 1983, and the Bharti Telecom Group which was incorporated in 1986. It is a multinational company, providing services in South Asia, Africa, and the Channel Islands. Among other services, it offers fixed line, cellular, and broadband services. ^{^[17]} The company also owns a submarine cable landing station in Chennai, connecting Chennai and Singapore.[18]

b. Vodafone^{^[19]}: Vodafone is a British multinational telecom company. Its origins lie in the establishment of Racal Telecom in 1982 which then became Racal Vodafone in 1984, which was a joint venture between Racal, Vodafone and Hambros Technology Trust. Racal Telecom was demerged from Racal Electronics in 1991, and became the Vodafone group. ^{^[20]} The Vodafone group started its operations in India with its predecessor Hutchison Telecom, which was a joint venture of Hutchison Whampoa and the Max Group, acquiring the cellular license for Mumbai in 1994^{^[21]}, and it bought out Essar's share in the same in the year 2007.^{^[22]} As of today, it has the second largest subscriber base in India. After Airtel, ^{^[23]} Vodafone is the largest provider of telecommunications and mobile internet services in India.^{^[24]}

3. Joint Ventures

a. Tata Teleservices^{^[25]} - Incorporated in 1996, Tata Teleservices Limited is an Indian telecommunications and broadband company, the origins of which lie in the Tata Group. A twenty-six percent equity stake was acquired by the Japanese company NTT Docomo in Tata Docomo, a subsidiary of Tata Teleservices, in 2008. ^{^[26]} Tata Teleservices provides services under three brand names, Tata DoCoMo, Virgin Mobile, and T24 Mobile. As a whole, these brands under the head of Tata Teleservices provide cellular and mobile internet services, with the exception of the Tata Sky teleservices brand, which is a joint venture between and Tata Group and Sky. ^{^[27]}

b. Aircel^{^[28]}: Aircel is an Indian mobile headquarter, which was started in Tamil Nadu in the year 1999, and has now expanded to Tamil Nadu, Assam, North-east India and Chennai. It was acquired by Maxis Communication Berhard in the year 2006, and is currently a joint venture with Sindya Securities & Investments Pvt. Ltd. ^{^[29]} Aircel provides telecommunications and mobile internet services in the aforementioned regions.

4. India based Companies/Domestic Companies -

a. Atria Convergence Technologies (ACT)^{^[30]}: Atria Convergence Technologies Pvt. Ltd is an Indian cable television and broadband services company. Funded by the India Value Fund Advisor (IVFA), it is centered in Bangalore, but also provides services in Karnataka, Andhra Pradesh, and Madhya Pradesh.

Overview of Company Privacy Policy and Survey Results

This section lays out the ways in which each company's privacy policy aligns with the Rules found under section 43A of the Information Technology Act. The section is organized based on company and provides both a table with the survey questions and yes/no/partial ratings and summaries of each policy. The rationale and supporting documentation for each determination can be found in Annexure 2.

VODAFONE[31]: 43A Rules Survey
Criteria	Yes/No
Clear and Accessible statements of its practices and policies
Whether the privacy policy is accessible through the main website of the body corporate?	Yes
Whether the privacy policy is mentioned or included in the terms and conditions of publicly available documents of the body corporate that collect personal information?	No
Whether the privacy policy can be comprehended by persons without legal knowledge?	Yes
Collection of personal or sensitive personal data/information
Type
Whether the privacy policy mentions all categories of personal information including SPD/I being collected?	Partially
Whether the privacy policy explicitly specifies the type of SPD/I being collected?	Partially
Option
Whether the Privacy Policy specifies that the user has the option to not provide information?	No
Whether the Privacy Policy specifies that the user has the option to subsequently withdraw consent?	No
Grievance Officer
Whether the privacy policy mentions the existence of a grievance officer?	Yes
Whether the privacy policy provides the contact information of the grievance officer	Yes
Purpose of Collection and usage of information
Whether the privacy policy enumerates the purpose(s) for which information is collected exhaustively?	Yes
Disclosure of Information
Whether contractual provisions exist in the privacy policy or ToS addressing the disclosure of personal information with third parties	Yes
Whether personal information is disclosed to government agencies/LEA/IA only when legally mandated?	Yes
Reasonable Security practices and procedures
Whether the privacy policy provides adequate details of the reasonable security practices and procedures followed by the body corporate to secure personal information?	Yes

Vodafone

Vodafone's privacy policy partially incorporates the safeguards found in the Rules under 43A.

Vodafone's privacy policy is accessible online, however, it does not include a copy of its policy with a customer application form. The policy merely lists the type of information collected with no categorization as to SPD/I. The information collected includes contact information, location based information, browsing activity and persistent cookies.

There is no provision for consent or choice within the policy. Disclosure of personal information to third parties extends to Vodafone's group companies, companies that provide services to Vodafone, credit reference agencies and directories.

The policy mentions an email address for grievance redressal. In addition, the policy does not lay down any mechanism for correcting personal information that is held with Vodafone.

Vodafone has a non-exhaustive list of purposes of information usage, though these primarily relate to subscriber services, personnel training, and legal or regulatory requirements.

With regard to security practices, Vodafone follows the ISO 27001 Certification as per its 2012 Sustainability Report, however this goes unmentioned under its privacy policy

Tata Teleservices Limited[32]: 43A Rules Survey
Criteria	Yes/No
Clear and Accessible statements of its practices and policies
Whether the privacy policy is accessible through the main website of the body corporate?	Yes
Whether the privacy policy is mentioned or included in the terms and conditions of all document of the body corporate that collects personal information?	No
Whether the privacy policy can be comprehended by persons without legal knowledge?	Yes
Collection of personal or sensitive personal data/information
Type
Whether the privacy policy mentions all categories of personal information including SPD/I being collected?	Yes
Whether the privacy policy explicitly specifies the type of SPD/I being collected?	Yes
Option
Whether the Privacy Policy specifies that the user has the option to not provide information?	No
Whether the Privacy Policy specifies that the user has the option to subsequently withdraw consent?	No
Grievance Officer
Whether the privacy policy mentions the existence of a grievance officer?	No
Whether the privacy policy provides the contact information of the grievance officer?	No
Purpose of Collection and usage of information
Whether the privacy policy enumerates the purpose(s) for which information is collected exhaustively?	Yes
Disclosure of Information
Whether contractual provisions exist in the privacy policy or ToS addressing the disclosure of personal information with third parties	Yes
Whether personal information is disclosed to government agencies/LEA/IA only when legally mandated?	Yes
Reasonable Security practices and procedures
Whether the privacy policy provides adequate details of the reasonable security practices and procedures followed by the body corporate to secure personal information?	Yes

Tata Teleservices Limited

Tata Teleservices Limited's Privacy Policy fully incorporates the safeguards found in the Rules under 43A.

The Tata Teleservices Limited privacy policy is accessible on their website, though when applying for a subscription, the terms and conditions do not include the privacy policy. The privacy policy is easy to understand although there are several elements of the 2011 Rules that are unaddressed.

The policy does not make any distinction regarding sensitive personal data or information. As per the policy, TTL collects contact and billing information, information about the equipment the subscriber is using, and information and website usage from its customers.

The purposes of information collection are broadly for managing customer services and providing customized advertising. Information is also collected for security issues, illegal acts and acts that are violative of TTL's policy. TTL's directory services use a customer's name, address and phone number, however a customer may ask for his/her information to not be published on payment of a fee.

As per the policy, the disclosure of information to third parties is limited to purposes such as identity verification, bill payments, prevention of identity theft and the performance of TTL's services. Third parties are meant to follow the guidelines of TTL's privacy policy in the protection of its user information. The consent of subscribers is only required when third parties may use personal information for marketing purposes. Consent is precluded under the previous conditions. Disclosure of information to governmental agencies and credit bureaus is for complying with legally authorised requests such as subpoenas, court orders and the enforcement of certain rights or claims. The policy provides for a grievance officer and in addition, TTL, has a separate Appellate Authority to deal with consumer complaints.

TTL does not follow any particular security standard for the protection of subscriber information, however, it establishes other measures such as limited access to employees, and encryption and other security controls. Although TTL Maharashtra follows the ISO 27001 ISMS Certification, TTL does not seem to follow a security standard for data protection for other regions of its operations.

Airtel[33]: 43A Rules Survey
Criteria	Yes/No
Clear and Accessible statements of its practices and policies
Whether the privacy policy is accessible through the main website of the body corporate?	Yes
Whether the privacy policy is mentioned or included in the terms and conditions of all document of the body corporate that collects personal information?	Yes
Whether the privacy policy can be comprehended by persons without legal knowledge?	Yes
Collection of personal or sensitive personal data/information
Type
Whether the privacy policy mentions all categories of personal information including SPD/I being collected?	Yes
Whether the privacy policy explicitly specifies the type of SPD/I being collected?	Yes
Option
Whether the Privacy Policy specifies that the user has the option to not provide information?	Yes
Whether the Privacy Policy specifies that the user has the option to subsequently withdraw consent?	Yes
Grievance Officer
Whether the privacy policy mentions the existence of a grievance officer?	Yes
Whether the privacy policy provides the name and contact information of the grievance officer?	Yes
Purpose of Collection and usage of information
Whether the privacy policy enumerates the purpose(s) for which information is collected exhaustively?	Yes
Disclosure of Information
Whether contractual provisions exist in the privacy policy or ToS addressing the disclosure of personal information with third parties?	Yes
Whether personal information is disclosed to government agencies/LEA/IA only when legally mandated?	Yes
Reasonable Security practices and procedures
Whether the privacy policy provides adequate details of the reasonable security practices and procedures followed by the body corporate to secure personal information?	Yes

Airtel

Airtel's Privacy Policy fully incorporates the safeguards found in the Rules under 43A.

Airtel's privacy policy incorporates a number of the requirements stipulated in the Rules. Airtel's privacy policy is easily accessible on its website and is clear and easy to understand. The policy defines sensitive personal information, and states that information collected will be used for specified regulatory and business purposes, though it adds that it may be used for other purposes as well. The policy does allow for the withdrawal of consent for providing information, in which case, certain services may be withheld. In addition, Airtel has provided for a grievance officer and abides by the IS/ISO/IEC 27001 security standards. While Airtel allows for the disclosure of information including sensitive personal information to third parties, its policy states that such third parties will follow reasonable security practices in this regard. Concerning disclosure to the government, Airtel shares user information only when it is legally authorised by a government agency. Airtel's policy also provides for an opt-out provision. Such choice remains after subscription of Airtel's services as well. However, withdrawal of consent gives Airtel the right to withdraw its services as well. In terms of disclosure, sharing of user information with third parties is regulated by its Airtel's guidelines on the secrecy of information.

While Airtel lists the purposes for information collection, it states that such collection may not be limited to these purposes alone. In addition, the policy states that user's personal information will be deleted, although it does not state when this will happen. Thus, the policy could be more transparent and specific on matters of regarding the purpose of collection of information as well as deletion of information.

Aircel[34]: 43A Rules Survey
Criteria	Yes/No
Clear and Accessible statements of its practices and policies
Whether the privacy policy is accessible through the main website of the body corporate?	yes
Whether the privacy policy is mentioned or included in the terms and conditions of all document of the body corporate that collects personal information?	no
Whether the privacy policy can be comprehended by persons without legal knowledge?	Yes
Collection of personal or sensitive personal data/information
Type
Whether the privacy policy mentions all categories of personal information including SPD/I being collected?	Partially
Whether the privacy policy explicitly specifies the type of SPD/I being collected?	Partially
Option
Whether the Privacy Policy specifies that the user has the option to not provide information?	Yes
Whether the Privacy Policy specifies that the user has the option to subsequently withdraw consent?	Yes
Grievance Officer
Whether the privacy policy mentions the existence of a grievance officer?	Yes
Whether the privacy policy provides the contact information of the grievance officer?	Yes
Purpose of Collection and usage of information
Whether the privacy policy enumerates the purpose(s) for which information is collected exhaustively?	Partially
Disclosure of Information
Whether contractual provisions exist in the privacy policy or ToS addressing the disclosure of personal information with third parties	Partially
Whether personal information is disclosed to government agencies/LEA/IA only when legally mandated?	Partially
Reasonable Security practices and procedures
Whether the privacy policy provides adequate details of the reasonable security practices and procedures followed by the body corporate to secure personal information?	Yes

Aircel

Aircel's Privacy Policy partially complies with the safeguards in the Rules under 43A.

Aircel's privacy policy is accessible online through its website, though it is not included under the terms and conditions of its customer application. The privacy policy lists the kinds of information that is collected from subscribers, including relevant contact details, call records, browsing history, cookies, web beacons, server log files and location details. The policy does not demarcate information into SPD/I or personal information. Aircel provides subscribers with the right to withdraw consent from the provision of information before and after subscribing, while reserving the right to withdraw its services in this regard. The policy provides the name and contact details of a grievance officer.

In the privacy policy, the stated purposes for use of subscriber information is limited to customer services, credit requirements, market analyses, legal and regulatory requirements, and directory services by Aircel or an authorised third party.

In the policy, the provision on disclosure to governmental agencies is vague and does not mention the circumstances under which personal information would be disclosed to law enforcement. The policy provides for correction of information of a subscriber in case of error and deletion after the purpose of the information is served but does not specify when. Although Aircel follows the ISO 27001 standard, it does not mention this under its policy. It does however, provide for accountability in cases of breach or privacy.

Atria Convergence Technologies[35]: 43A Rules Survey
Criteria	Yes/No
Clear and Accessible statements of its practices and policies
Whether the privacy policy is accessible through the main website of the body corporate?	Yes
Whether the privacy policy is mentioned or included in the terms and conditions of all document of the body corporate that collects personal information?	information not available
Whether the privacy policy can be comprehended by persons without legal knowledge?	Yes
Collection of personal or sensitive personal data/information
Type
Whether the privacy policy mentions all categories of personal information including SPD/I being collected?	Partially
Whether the privacy policy explicitly specifies the type of SPD/I being collected?	Partially
Option
Whether the Privacy Policy specifies that the user has the option to not provide information?	No
Whether the Privacy Policy specifies that the user has the option to subsequently withdraw consent?	No
Grievance Officer
Whether the privacy policy mentions the existence of a grievance officer?	No
Whether the privacy policy provides the contact information of the grievance officer?	No
Purpose of Collection and usage of information
Whether the privacy policy enumerates the purpose(s) for which information is collected exhaustively?	Yes
Disclosure of Information
Whether contractual provisions exist in the privacy policy or ToS addressing the disclosure of personal information with third parties	Yes
Whether personal information is disclosed to government agencies/LEA/IA only when legally mandated?	Partially
Reasonable Security practices and procedures
Whether the privacy policy provides adequate details of the reasonable security practices and procedures followed by the body corporate to secure personal information?	No

Atria Convergence Technologies

Though Atria Convergence Technologies provides a privacy policy on its website, it does not broadly incorporate the safeguards in the Rules under 43A. ACT's privacy policy is easily accessible online and is easy to understand as well. The information collected from subscribers is limited to contact details along with information on whether a subscriber has transacted with any of ACT's business partners. Though the privacy policies refers to disclosing information for the purpose of assisting with investigating, preventing, or take action on illegal behaviour - there is no specific provision concerning disclosure to government and regulatory agencies. The policy does not provide information on any security practices and procedures followed. Provisions for withdrawal of consent or correction of personal information are absent from the policy as well.

BSNL: 43A Rules Survey
Criteria	Yes/No
Clear and Accessible statements of its practices and policies
Whether the privacy policy is accessible through the main website of the body corporate?	No
Whether the privacy policy is mentioned or included in the terms and conditions of all document of the body corporate that collects personal information?	No
Whether the privacy policy can be comprehended by persons without legal knowledge?	Yes
Collection of personal or sensitive personal data/information
Type
Whether the privacy policy mentions all categories of personal information including SPD/I being collected?	No
Whether the privacy policy explicitly states that it is collecting SPD/I?	No
Option
Whether the Privacy Policy specifies that the user has the option to not provide information?	No
Whether the Privacy Policy specifies that the user has the option to subsequently withdraw consent?	No
Grievance Officer
Whether the privacy policy mentions the existence of a grievance officer?	Yes
Whether the privacy policy provides the contact information of the grievance officer?	Yes
Purpose of Collection and usage of information
Whether the privacy policy enumerates the purpose(s) for which information is collected exhaustively?	Partially
Disclosure of Information
Whether contractual provisions exist in the privacy policy or ToS addressing the disclosure of personal information with third parties	Yes
Whether personal information is disclosed to government agencies/LEA/IA only when legally mandated?	Yes
Reasonable Security practices and procedures
Whether the privacy policy provides adequate details of the reasonable security practices and procedures followed by the body corporate to secure personal information?	No

BSNL

BSNL's Privacy Policy broadly does not incorporate the safeguards in the Rules under 43A .

BSNL's privacy is accessible online, though not on the website, and is easy to understand. The policy does not however, categorize SPD/I but defines personal information vaguely as information that helps BSNL identify its customers. As per its policy, subscriber information is used for subscriber services such as identification, assistance etc., credit-worthiness and marketing communications. The policy does not contain any provision on consent and with respect to marketing communications and a customer implicitly agrees to third party usage of personal information. Third parties under the policy are those that provide services on behalf of BSNL, which extend mailing and billing services and market research services.

As per its policy, BSNL may disclose personal information on the basis of legal requirements to credit organisations, BSNL's consultants, government agencies.

With respect to access and correction, BSNL reserves the right to modify its privacy policy without notice to its customers. What is presumably a grievance officer email address has been provided for queries and corrections on personal information, however no further contact details are given.

MTNL

MTNL does not provide a publicly available Privacy Policy.

Observations

This section highlights key trends observed across the privacy policies studied in this research by contrasting the applicable Rule against the applicable provision in the policy.

1. Access and Location of Privacy Policy

Applicable Rule and Principle: According to Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, a Body Corporate must provide a privacy policy on their website. Under Rule 5, all bodies corporate have to convey the purpose(s) for which SPD/I are collected prior to the collection and they can, under certain circumstances, move forward with the collection regardless of consent. While this does not entirely violate the Notice Principle of the National Privacy Principles, it does not meet the rather higher standards of the Principle, which recommends that notice must be provided prior to any form of collection of personal information. In addition, the Rules do not contain provisions regulating bodies corporate, regarding changes to their privacy policies.^{^[36]}

Observation : In the survey, it was found that the location and accessibility of a service provider's privacy policy varied. For example:

a. Privacy Policy on main website: Airtel, Aircel, and Vodafone provide a privacy policy that is accessible through the main website of each respective company.

b. Privacy Policy not on website : MTNL does not provide a Privacy Policy on the main website of each of its respective branches across India.

c. Privacy Policy not accessible through main website : TTL and BSNL have a Privacy Policy, but it is not accessible through the main website. For example, The Privacy Policy found on TTL's website is only accessible through the "terms and services" link on the homepage. Similarly, the BSNL privacy policy can only be found through its portal website. ^{^[37]}

d. Privacy Policy not included in Customer Application form : Almost all of the Service Providers do not include/refer to their Privacy Policy in the Customer Application Form, and some do not display their privacy policy or a link to it on its website's homepage. For example, Airtel is the only Service Provider that refers to their privacy policy in the Customer Application Form for an Airtel service.

e. Collection of personal information before Privacy Policy: In some cases it appears that service providers collect private information before the privacy policy is made accessible to the user. For example, before the homepage of ACT's website is shown, a smaller window appears with a form asking for personal information such as name, mobile and email Id. Although the submission of this information is not mandatory, there is no link provided to the privacy policy at this level of collection of information.

2. Sharing of information with Government

Applicable Rule and Principle: Rule 6, specifically the proviso to Rule 6, and the Disclosure of Information Principle respectively govern the disclosure of information to third parties. Yet, while the proviso to Rule 6 directly concerns the power of the government to access information with or without consent for investigative purposes, the Disclosure of Information Principle only says that disclosure for law enforcement purposes should be in accordance with the laws currently in force.

Observation : Though all service providers did include statements addressing the potential of sharing information with law enforcement or governmental agencies, how this was communicated varied. For example:

a.) Listing circumstances for disclosure to law enforcement : The Privacy Policy of ACT states "We believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person". ^{^[38]} The Privacy Policy of Airtel on the other hand states "Government Agencies: We may also share your personal information with Government agencies or other authorized law enforcement agencies (LEAs) mandated under law to obtain such information for the purpose of verification of identity or for prevention, detection, investigation including but not limited to cyber incidents, prosecution, and punishment of offences." ^{^[39]} Lastly, TTL states " To investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person" or "To notify or respond to a responsible governmental entity if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires or justifies disclosure without delay". ^{^[40]}

b.) Listing authorities to whom information will be disclosed to : The privacy policy of Aircel states "There may be times when we need to disclose your personal information to third parties. If we do this, we will only disclose your information to: …8. Persons to whom we may be required to pass your information by reason of legal, governmental or regulatory authority including law enforcement agencies and emergency services".^{^[41]} Similarly, Vodafone states "There may be times when we need to disclose your personal information to third parties. If we do this, we will only disclose your information to persons to whom we may be required to pass your information by reason of legal, governmental or regulatory authority including law enforcement agencies and emergency services and any person or organisation as authorised by laws and regulations applicable in India." ^{^[42]} While BSNL states "Apart from the above, BSNL may divulge your personal information to: Government bodies, Regulatory Authorities, and other organizations in accordance with the law or as authorised by law…".^{^[43]}

3. Readability of Privacy Policies

Applicable Rule and Principle : In subsection (i) of Rule 4 body corporate must provide a privacy policy that is "clear and accessible". Similarly, the Notice Principle requires that the data controller give a " simple-to-understand notice of its information practices to all individuals, in clear and concise language".

Observation : It was found that, particularly with respect to clauses on the collection and disclosure of information, most Privacy Policies use:

a. Vague terminology: For example, in the Privacy Policy of ACT, it states as a purpose of collection "conduct research" while for the collection and disclosure of information it states ,"The Company may combine information about you that we have, with information we obtain from business partners or other companies. The Company shall have the right to pass on the same to its business associates, franchisees without referring the same to you." ^{^[44]} Similarly, with regards to the collection of information, Vodafone's Privacy Policy states that it may collect "any other information collected in relation to your use of our products and services". ^{^[45]}

b. Undefined terminology: On disclosure of information TTL's privacy policy states disclosure is "Subject to applicable legal restrictions, such as those that exist for Customer Proprietary Network Information (CPNI)" ^{^[46]} Confusingly, although TTL defines CPNI it does not mention what legal restriction it is referring to, and CPNI is in fact an American term and similar legal restrictions could not be found in India.

4. Information about security practices

Applicable Rule and Principle: The parameter for 'reasonable security practices and procedures' has been detailed comprehensively under Rule 8 of the Rules. The same is also covered in detail under the Openness Principle read with Security Principle. While the Security Principle recommends that the data controller protect the information they collect through reasonable security safeguards, the Openness Principle recommends that information regarding these should be made available to all individuals in clear and plain language.

Observation : With the exception of Airtel, no service provider has comprehensively followed the legal requirements for the purpose of their privacy policy. Thus, while most service providers do mention security practices, many do not provide specific or comprehensive details about their security practices and procedures for data protection, and instead assure users that 'reasonable security' procedures are in place. For example:

a. Comprehensive information about security practices in privacy policy: Airtel and Aircel have provided comprehensive information about their security practices in the companies Privacy Policy.

b. Information about security practice, but not in privacy policy: Vodafone has specified its security standards only in its latest 'Sustainability Report' available on its website. In the case of TTL, the specific security standard it follows is available only for its Maharashtra branch (TTLM) through its annual report.

c. Broad reference to security practices: Many service providers broadly reference security practices, but do not provide specifics. For example, TTL states only "we have implemented appropriate security controls to protect Personal Information when stored or transmitted by TTL." ^{^[47]}

d. No information about security practices: Some service providers do not mention any details about their security practices and procedures, or whether they even follow any security practices and procedures or not. An example of this would be ACT, which does not mention any security practices or procedures in its Policy.

5. Grievance mechanisms

Applicable Rule and Principle: Rule 5 of the Rules mandates that applicable bodies corporate must designate a 'Grievance Officer' for redressing grievances of users regarding processing of their personal information, and the same is also recommended by the Ninth Principle, i.e., Accountability.

Observation : It was found that adherence with this requirement varied depending on service provider. For example:

a. No Grievance Officer: ACT and MTNL do not provide details of a grievance officer on their websites.

b. Grievance Officer, but no process details: Airtel, TTL, and Vodafone provide details of the Grievance Officer, but no further information about the grievance process is provided.

c. Grievance Officer and details of process: Aircel provides details of the grievance officer and grievance process.

As a note: All service providers with the exception of ACT have a general grievance redressal mechanism in place as documented on TRAI's website. ^{^[48]} It is unclear whether these mechanisms are functional, and furthermore it is also unclear if these mechanisms can be used for complaints under the IT Act or the Rules, or complaints on the basis of the Principles. It should be further noted that the multiplicity of grievance redressal officers is a cause for concern, as it may lead to confusion.

6. Consent Mechanism

Applicable Rule and Principle : Rules 5 and 6 of the Rules^{^[49]} on Collection and Disclosure of information, respectively, require applicable bodies corporate to obtain consent/permission before collecting and disclosing personal information. The Choice and Consent Principle of the National Privacy Principles, as enumerated in the A.P. Shah Report, deals exclusively with choice and consent. ^{^[50]} Withdrawal of consent is an important facet of the choice and consent principle as evidenced by the Rules^{^[51]} and the National Privacy Principles ^{^[52]}.

Observation: Methods of obtaining consent and for what consent was obtained for varied across service providers. For example:

a. Obtaining consent: Some service providers give data subjects with the choice of submitting their personal information (with some exceptions such as for legal requirements) and obtaining their consent for its collection and processing. For example, the policies of Airtel, Aircel, and TTL are the only ones which provide information on the mechanisms used to obtain consent. ACT provides for targeted advertisements based on the personal information of the user. The viewing or interaction of the user of such targeted advertisements is however, considered an affirmation to this third party source, that the user is the targeted criteria. Thus, there appears to be lack of consent in this regard.

b. No Consent or choice offered: Some service providers do not mention consent. For example, Vodafone, and BSNL do not make any mention of choice or consent in their respective privacy policies.

c. Consent for limited circumstances: Some service providers only provide consent in limited circumstances. For example, ACT mentions consent only in relation to targeted advertising. However, this information is potentially misleading, as discussed earlier in the survey.

There is also a certain degree of assumption in all the policies regarding consent, as noted in the survey. Thus, if you employ the services of the company in question, you are implicitly agreeing to their terms even if you have not actually been notified of them. And the vague terminology used by most of the policies leaves quite a lot of wiggle room for the companies in question, allowing them to thereby collect more information than the data subject has been notified of without obtaining his or her consent.

7. Transparency mechanism :

Applicable Rule and Principle: The Openness Principle specifically recommends transparency in all activities of the data controller. ^{^[53]} The Rules provide a limited transparency mechanism under Rule 8 which require bodies corporate to document their security practices and procedures and Rule 4 which requires them to provide such information via a privacy policy. As a note, these fall short of the level of 'transparency' espoused by the Openness Principle of the National Privacy Principles.

Observation: All service providers fail in implementing adequate mechanisms for transparency.

8. Scope :

Applicable Rule and Principle : Though the Openness Principle does not directly speak of the scope of the policies in question, it implies that policies regarding all data collection or processing should be made publically available. The same is also necessary under Rule 4, which mandates that any body corporate which " collects, receives, possess, stores, deals or handle information of provider of information, shall provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information and ensure that the same are available for view by such providers of information who has provided such information under lawful contract. "

Observation : Though most of the companies mention the scope of their Privacy Policy and include the information collected through the websites, WAP Services, and use of the company's products and services, some companies do not do so. For instance, the scope of the policy is given rather vaguely in the Airtel's Policy, and the scope of ACT's policy is restricted to the information collected during the usage of their products and services, and not their website. BSNL's privacy policy is worrisome as it seems to restrict its scope to the information collected through the website only, but does not at the same time state that it does not apply to other methods of data collection and processing.

International Best Practices

Canada

The privacy regulation regime in Canada is a mixture of the federal regulations and the provincial regulations. Of the former, the Privacy Act is applicable to the public sector, while the Personal Information Protection and Electronic Documents Act ('PIPEDA') applies to the private sector. There are also federal level sectoral regulations, of which the Telecommunications Act is relevant here. The PIPEDA covers the activities of all businesses and federally regulated industries regarding their collection, use, disclosure, safeguarding and provision of access to their customers' personal information. Further, in 2009, the Canadian Radio-television and Telecommunications Commission ('CRTC'), by virtue of the 'Telecom Regulatory Policy CRTC 2009-657' ^{^[54]} made ISPs subject to privacy standards higher than the standards given under the PIPEDA, while at the same time allowing them to use Internet Traffic Management Practices ('ITMPs'). ^{^[55]}

The 2009 policy is progressive as it balances the economic needs of Internet Traffic Management Providers vis-à-vis the privacy concerns of consumers. The need to identify ITMP's is integral in the protection of online privacy, as ITMP's most commonly employ methods such as deep packet inspection which can be used to burrow into personal information of consumers as well.

Recognising that this may not be the current practice, but a possibility in the future, the policy makes certain guidelines for ITMPs. It permits ITMP's that block bad traffic such as spam and malicious software. Nearly all other ITMPs however, require the prior notice of 30 days or more before initialising the ITMP.^{^[56]}

ITMP's are to be used only for the defined need of the ISP and not beyond this, and must not be used for behavioural advertising. Secondary ISPs in their contracts with Primary ISPs must agree to the same duties of the latter, that is the personal information entrusted to them is meant for its purpose alone and is not to be disclosed further.

Australia

The central privacy regulation in Australia is the Privacy Act, 1988. The Act defines two sets of privacy principles, the Information Privacy Principles which apply to the public sector, and the National Privacy Principles which apply to the private sector.^{^[57]} These principles govern the following: collection,^{^[58]} use and disclosure,^{^[59]} data quality,^{^[60]} security,^{^[61]} openness,^{^[62]} access and correction,^{^[63]} identifiers,^{^[64]} anonymity,^{^[65]} trans-border data flows,^{^[66]} and sensitive information. ^{^[67]}

The Telecommunications Act, 1997, is also relevant here, as it also governs the use or disclosure of information by telecommunication services providers, ^{^[68]} but such information is only protected by the Telecommunications Act if it comes to a person's knowledge or possession in certain circumstances. An example of this is Section 276 of the same, which providers that the information protected by that section will be protected only if the person collecting the information is a current or former carrier, carriages service provider or telecommunications contractor, in connection with the person's business as such a carrier, provider or contractor; or if the person is an employee of a carrier, carriage service provider, telecommunications contractor, because the person is employed by the carrier or provider in connection with its business as such a carrier, provider or contractor.

European Union

The most important source of law in the European Union ('EU') regarding Data Privacy in general is the Data Protection Directive ('Directive'). ^{^[69]} The Directive has a broad ambit, covering all forms of personal data collection and processing, and mandating that such collection or processing follow the Data Protection Principles it sets out.^{^[70]} The Directive differentiates between Personal Data and Sensitive Personal Data, ^{^[71]} with the collection and processing of the latter being subject to more stringent rules. The telecommunications service providers and internet service providers are included in the definition of 'Controller' as set out in the Directive, and are hence subject to the regulations enforced by the member states of the EU under the same. ^{^[72]} The Directive will soon be superseded by the General Data Protection directive, which is scheduled to come into force in late 2014, with a two-year transition period after that. ^{^[73]}

In addition to the above, ISPs are also subject to the Directive on Privacy and Electronic Communications^{^[74]} and the Data Retention Directive. ^{^[75]} The Directive on Privacy and Electronic Communications ('E-Privacy Directive') sets out rules regarding processing security, confidentiality of communications, data retention, unsolicited communications, cookies, and a system of penalties set up by the member states under the title of 'Control'. The E-Privacy Directive supplements the original Data Privacy Directive, and replaces a 1997 Telecommunications Privacy directive. The Data Retention Directive does not directly concern the collection and processing of data by a service provider, but only concerns itself with the retention of collected data. It was an amendment to the E-Privacy Directive, which required the member states to store the telecommunications data of their citizens for six to twenty-four months, and give police and security agencies access to details such as IP addresses and time of use of e-mails.

The established practices considered above have the following principles, relevant to the study at hand, in common:

1. Notice

2. Collection Limitation

3. Use Limitation

4. Access and Corrections

5. Security

6. Data Quality and Accuracy

7. Consent

8. Transparency

And the following principles are common between two of the three regimes discussed above:

1. The PIPEDA and the Privacy Act both mention rules regarding Disclosure of collecting information, but the Data Protection Directive does not directly govern disclosure of collected information.

2. The Principles of Accountability is covered by the Data Protection Directive and the PIPEDA, but is not directly dealt with by the Privacy Act

3. The PIPEDA and the Data Protection Directive directly mention the principle of Enforcement, but it is not directly covered by the Privacy Act.

Recommendations

Broadly, service providers across India could take cognizance of the following recommendations to ensure alignment with the Rules found under section 43A and to maximize the amount of protection afforded to customer data.

1. Access and location of privacy policy: Service providers should ensure that the privacy policy is easily accessible through the main page of the company's website. Furthermore, the Privacy Policy should be accessible to users prior to the collection of personal information. All 'User Agreement' forms should include a written Privacy Policy or a reference to the Privacy Policy on the service provider's website.

2. Scope of privacy policy: The privacy policy should address all practices and services offered by the service provider. If a service requires a different or additional privacy policy, a link to the same should be included in the privacy policy on the main website of the service provider.

3. Defining consent: The Privacy Policy should clearly define what constitutes 'consent'. If the form of consent changes for different types of service, this should be clearly indicated.

4. Clear language: The language in the Privacy Policy should be clear and specific, leaving no doubt or ambiguity with regards to the provisions.

5. Transparent security practices: The Privacy Policy should include comprehensive information about a company's security practices should be included in the Privacy Policy. Information pertaining to audits of these procedures should be made public.

6. Defined and specified third parties: The Privacy Policy should define 'third party' as it pertains to the company's practices and specify which third parties information will be shared with.

7. Comprehensive grievance mechanism: The Privacy Policy should include relevant details for users to easily use established grievance mechanisms. This includes contact details of the grievance officers, procedure of submitting a grievance, expected response of the grievance officer (recognition of the grievance, time period for resolution etc.), and method of appealing decision of the grievance officer.

8. Specify laws governing disclosure to governmental agencies and law enforcement: The Privacy Policy should specify under what laws and service providers are required disclose personal information to.

9. Inclusion of data retention practices: The Privacy Policy should include provisions defining the retention practices of the company.

Annexure 1

Explanation and Interpretation of Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

Section 43A under the Information Technology Act 2000 addresses the protection of sensitive personal data or information and the implementation of an information security management system, and the Rules framed under section 43A attempt establish a holistic data security regime for the private sector.

The following section is a description of the requirements found under section 43A and subsequent Rules with respect to information that must be included in the privacy policy of a 'body corporate' and procedures that must be followed by 'body corporate' with respect to the publishing and notice of a privacy policy. This section also includes an explanation of how each relevant provision has been interpreted for the purpose of this research.

Relevant provisions that pertain to the privacy policy of body corporate

Rule 3: This section defines the term 'Sensitive Personal Data or Information', setting out the six types of information that are considered 'sensitive personal data' including:

i. Password - Defined under the Rules as "a secret word or phrase or code or passphrase or secret key, or encryption or decryption keys that one uses to gain admittance or access to information"^{^[76]}.

ii. Financial information - "such as Bank account or credit card or debit card or other payment instrument details" ^{^[77]}

iii. Physical, physiological and mental health condition

iv. Sexual orientation

v. Medical records and history

vi. Biometric information

The two other broad categories of Sensitive Personal Data or Information that are included in the Rule are - any related details provided to the body corporate, and any information received by the body corporate in relation to the categories listed above. ^{^[78]}

The proviso to this section excludes any information available in the public domain or which may be provided under the Right to Information Act, 2005 from the ambit of SPD/I.

Under the Rules, Sensitive Personal Data is considered to be a subset of Personal Information - which has been defined by Section 2 (1) (i) as " any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person "^{^[79]}

Interpretation: While the Rules are clearly limited to personal and sensitive personal data or information, the use of these terms throughout the Rules is not consistent. For example, some provisions under the Rules ambiguously use the term 'information' in place of the terms 'personal information' and/or 'sensitive personal information'.^{^[80]} While 'information' has been defined non-exhaustively as any 'data, message, text, images, sound, voice, codes, computer programs, software and databases or micro film or computer generated microfiche' in the Act, this definition appears to be overbroad and cannot be applied in that form for the purpose of provisions on privacy policy. ^{^[81]} Hence, 'information', when used in the Rules, is construed to mean 'personal information' including 'sensitive personal information' for the purpose of this survey.

As per Rule 3, information in the public domain isn't classified as sensitive personal data. This exception may require a relook considering that 'providers' of information' may not want their data to be disclosed beyond its initial disclosure, or in certain cases, they may not even know of its existence in the public domain. Since the notice of collection, purpose and use of information is limited to SPD alone under Rule 5, information in the public domain should be seen together with whether the provider of information has provided the latter directly or to service provider that requires the information. If the source is the information provider directly, it need not be classified as SPD.

On a positive note, the addition of the term "in combination with other information available or likely to be available", gives recognition to the phenomenon of convergence of data. Parts of information that seem of negligible importance, when combined, provide a fuller personal profile of an individual, the recognition of this, in effect, gives a far wider scope to personal information under the Rules.

In the specific context of Privacy Policies, the Rules do not stipulate whether the mandated privacy policy has to explicitly mention SPD/I that is collected or used.{This is mentioned under Rule 4(ii) and (iii)} Since Rules do require that a privacy policy must be clear, it is construed that the privacy policy should explicitly recognize the type of PI and SPD/I being collected by the company.

Rule 4: This rule mandates that a "body corporate that collects, receives possess, stores, deals or handles information of the provider of information". For the purposes of this research, this entity will be referred to as a 'data controller'. According to Rule 4, every data controller must provide a privacy policy on its website for handling of or dealing in personal information including sensitive personal information.

The following details have to be included in the privacy policy -

"(i) Clear and easily accessible statements of its practices and policies;

(ii) Type of personal or sensitive personal data or information collected under rule 3;

(iii) Purpose of collection and usage of such information;

(iv) Disclosure of information including sensitive personal data or information as provided in rule 6;

(v) Reasonable security practices and procedures as provided under rule 8."^{^[82]}

Interpretation : The Rules do not provide an adequate understanding of the terms 'clear' and 'accessible', and the terms 'practices' and 'policies' are not defined. For the purpose of this research, 'practices' will be construed to mean the privacy policy of the company. It is deemed to be clear and accessible if it is available either directly or through a link on the main website of the body corporate. To meet the standards set by this Rule, the policy or policies should disclose information about the company's services, products and websites, whenever personal information is collected.

Rule 5: This Rule establishes limits for collection of information. It states that prior informed consent has to be obtained by means of letter, fax or email from the user regarding the purpose of usage for the sensitive personal information sought to be collected. It limits the purpose for collection of SPD/I to collection for a lawful purpose connected with a function or activity of the body corporate or any person on its behalf and only if it is considered necessary for that purpose. Thus, the information collected can only be used for the stated purpose for which it has been collected. ^{^[83]}

Further, Rule 5 (3) provides that consent has to be obtained and knowledge provided to a person from whom personal information is being directly collected - which for service providers - is understood to be through the customer application form. This rule will be deemed to have been complied with when the following information is provided -

a. The fact that the information is being collected.

b. The purpose of such collection.

c. Intended recipients of the collected information.

d. Names and addresses of the agency or agencies collecting and retaining information.

Moreover, it provides that the user has to be given the option of not providing information prior to its collection. In case the user chooses this option or subsequently withdraws consent the body corporate has the option to withhold its services.

This section also provides under Section 5 (2) (a) that the type of information that this Rule concerns itself with can only be collected for a lawful purpose connected with a function or activity of the body corporate or any person on its behalf and if it is considered necessary for that purpose.

It also requires that a Grievance Officer be instated to redress the grievance " expeditiously but within one month from the date of receipt of grievance." The Grievance Redressal process has been discussed in more detail later.

Interpretation: Even though Rule 5 incorporates various major data protection principles and mandates the establishment of a Grievance Redressal Mechanism, neither Rule 5 nor Rule 4 (3) makes a reference to the other. [Rule 4(3) uses the term "such information", and the fact that it follows Rule 4(2) which clearly refers to personal information as well as SPD/I, means that Rule 4(3) also refers to the same]

Prima facie , the scope of Rule 5 is limited to collection of SPD/I. However, Rule 4 (3) ostensibly covers the broad ambit of 'information' which includes SPD/I. Construing these two provisions together using the 'Harmonious Construction' principle ^{^[84]}, Rule 5 could be interpreted to cover personal information for privacy policies under Rule 4.

In addition, Rule 5(3) doesn't expand on the reasonable steps to be taken for intimating the information provider on the extent of disclosure and purpose of collection. This appears as a rather large loophole considering the wide interpretation that can be given to 'reasonable' practices of service providers.

Rule 6: This rule lays down the conditions and procedure for disclosure of information.^{^[85]} Under it, the following conditions apply before any disclosure of information by the 'body corporate' to any third party -

a. The body corporate is required to obtain prior permission from the provider of the information, or

b. Permission to disclose has to be agreed on in the contract between the company and the data subject, or

c. Disclosure is necessary for the compliance of a legal obligation.

An exception is made in case the disclosure is made to an authorized and legally mandated Government agency upon request for the purposes of verification of identity, for prevention, detection, and investigation of incidents, specifically including cyber incidents, prosecution, and punishment of offences, in which case no consent from the data subject will be required. Thus, the company does not need user consent to disclose information to authorized law enforcement or intelligence agencies when presented with an authorized request.

Interpretation :

The guidelines for disclosure limit themselves to SPD under Rule 6 leaving a vacuum with respect to information that doesn't fall within the definition of SPD/I. However, Rule 4 (iv)'s applies to 'information including SPD'. Reading the two together, in accordance with the 'Harmonious Construction' principle, the scope of SPD/I in Rule 6 is construed to extend to the same personal information and SPD/I as is covered by Rule 4 (iv), for the limited purpose of the privacy policies under Rule 4.

Rule 7 : This Rule requires that when the data controller transfers SPD/I to another body corporate or person, such a third party must adhere to the same standards of data protection that the body corporate collecting the information in the first instance follows.

Interpretation : Although the privacy policy is not required to provide details of the transfer of information, the fourth sub-section of Rule 4, which concerns itself with the obligation of the body corporate to provide a policy for privacy including information about the disclosure of information to its consumers, incorporates this Rule as it deals with disclosure of information to third parties. Thus, the Policy of the body corporate must include details of the way the data is handled or dealt by the third party, which is shared by the body corporate in question.

Rule 8: This Rule details the criteria for reasonable security practices and procedures.^{^[86]} It provides that not only must the body corporate have implemented standard security practices and procedures, but it should also have documented the information security program and policies containing appropriate "managerial, technical, operational and physical security control measures". The Rule specifically uses the example of IS/ISO/IEC 27001 as an international standard that would fulfill the requirements under this provision. The security standards or codes of best practices adopted by the company are required to be certified/audited by a Government approved independent auditor annually and after modification or alteration of the existing practice and procedure. Sub-section (1) of the Rule also gives the body corporate the option of creating its own security procedures and practices for dealing with managerial, technical, operational, and physical security control, and have comprehensive documentation of their information security programme and information security policies. These norms should be as strict as the type of information collected and processed requires. In the event of a breach, the body corporate can be called to demonstrate that these norms were suitably implemented by it.

Interpretation : It is unclear whether the empanelled IT security auditing organizations recognized by CERT-In discussed later are qualified for the purpose of this Rule, but from publicly available information the Data Security Council of India and CERT-In's empanelled Security Auditors seem to be the agencies given this task^{^[87]}. With regards to the Privacy Policy or Policies of a company, it is only necessary that the company include as many details as possible regarding the steps taken to ensure the security and confidentiality of the collected information in the Privacy Policy and Policies, and notify them to the consumer.

Other Relevant Policies:

Empanelled Information Technology Security Auditors - CERT-In has created a panel of 'IT Security Auditors' for auditing networks & applications of various organizations of the Government, critical infrastructure organizations and private organizations including bodies corporate.^{^[88]} The empanelled IT security auditing organization is required to, inter alia, conduct a " Review of Auditee's existing IT Security Policy and controls for their adequacy as per the best practices vis-à-vis the IT Security frameworks outlined in standards such as COBIT, COSO, ITIL, BS7799 / ISO17799, ISO27001, ISO15150, etc." ^{^[89]} and conduct and document various assessments and tests. Some typical reviews and tests that include privacy reviews are - Information Security Testing, Internet Technology Security Testing and Wireless Security Testing.^{^[90]} For this purpose CERT-In maintains a list of IT Security Auditing Organizations^{^[91]}.

Criteria for analysis of company policies based on the 43A Rules

1. Clear and Accessible statements of its practices and policies^{^[92]} -

i. Whether the privacy policy is accessible through the main website of the body corporate?

ii. Whether the privacy policy is mentioned or included in the terms and conditions of all document of the body corporate that collects personal information?

iii. Whether the privacy policy can be comprehended by persons without legal knowledge?

2. Type and acknowledgment of personal or sensitive personal data/information collected ^{^[93]}-

i. Whether the privacy policy explicitly states that personal and sensitive personal information will be collected.

ii. Whether the privacy policy mentions all categories of personal information including SPD/I being collected?

3. Option to not provide information and withdrawal of consent^{^[94]} -

i. Whether the Privacy Policy specifies that the user has the option to not provide information?

ii. Whether the Privacy Policy specifies that the user has the option to subsequently withdraw consent?

4. Existence of Grievance Officer -

i. Whether the privacy policy mentions the existence of a grievance officer?

ii. Whether the privacy policy provides details of the grievance redressal mechanism?

iii. Whether the privacy policy provides the names and contact information of the grievance officer?

5. Purpose of Collection and usage of information -

i. Whether the privacy policy enumerates the purpose(s) for which information is collected exhaustively?

6. Disclosure of Information -

i. Whether personal information is shared with third parties (except authorized government agencies/LEA/IA) only with user consent?

ii. Whether the policy specifies that personal information is disclosed to Government agencies/LEA/IA only when legally mandated as per the circumstances laid out in 43A?

7. Reasonable Security practices and procedures -

i. Whether the privacy policy provides adequate details of the reasonable security practices and procedures followed by the body corporate to secure information?

Annexure 2

Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules) 2011 and Company SURVEY

1. Bharti Airtel Ltd.

1. Clear and Accessible statements of its practices and policies: Yes

a. Rationale: Airtel's Privacy Policy^{^[95]} is available through the main page of the website and it is mentioned in the Airtel Terms and Conditions and is applicable for Airtel's websites as well as its services and products, such as its telecommunications services. It was determined that the policy can be comprehended by individuals without legal knowledge.

2. Type and acknowledgement of personal or sensitive personal data/information collected: Yes

b. Rationale: Airtel's Privacy Policy indicates that sensitive personal and personal information will be collected, defines sensitive personal information^{^[96]}, and specifies specific types of personal^{^[97]} and sensitive personal information ^{^[98]} that will be collected.

3. Option to not provide data or information and subsequent withdrawal of consent: Yes

c. Rationale: The Airtel Privacy Policy states that individuals have the right to choose not to provide consent or information and have the right to withdraw consent. The policy notes that if consent/information is not provided, Airtel reserves the right to not provide or to withdraw the services.^{^[99]}

4. Existence of Grievance Officer: Yes

a. Rationale: Airtel provides for the contact details of nodal officers^{^[100]} and appellate authorities ^{^[101]} on its website. Additionally the website provides for the 'Office of the Ombudsperson'^{^[102]}, which is an independent forum for employees and external stakeholders^{^[103]} of the company to raise concerns and complaints about improper practices which are in breach of the Bharti Code of Conduct. Additionally, details of the Airtel Grievance Redressal Officers can also be found in the TRAI website.^{^[104]}

5. Comprehensive disclosure of purpose of collection and usage of information: Partial

Rationale: Airtel's Privacy Policy indicates eight purposes^{^[105]} that information will be collected and used for, but notes that the use and collection is not limited to the defined purposes.

6. Disclosure of Information^{^[106]}: Yes

a. Rationale: Airtel has a dedicated section explaining the company's practices around the disclosure and sharing of collected information, including ways in which consent will be collected for the sharing of personal information^{^[107]}, how collected personal information may be collected internally ^{^[108]}, the disclosure of information to third parties and that the third party will be held accountable for protecting the information through contract^{^[109]}, the possible transfer of personal information and its purposes^{^[110]}, and the circumstances under which information will be disclosed to governmental agencies (which reflect the circumstances defined by the Rules.) ^{^[111]}

7. Existence of reasonable security practices and procedures ^{^[112]} : Yes

a. Rationale: Airtel's privacy policy has a dedicated section that explains the company's security practices and procedures in place. The policy notes that Airtel's practices and procedures are IS/ISO/IEC 27001 compliant ^{^[113]}, that access is restricted to a need to know basis and that employees are bound by codes of confidentiality^{^[114]}, and that Airtel works to ensure that third parties also have strong security procedures in place.^{^[115]} The policy also provides details on the retention^{^[116]} and destruction ^{^[117]} procedures for personal information, and notes that reasonable steps are taken to protect against hacking and virus attacks.^{^[118]}

1. Tata Telecommunication Services (DoCoMo and Virgin Mobile)

1. Clear and Accessible statements of its practices and policies : Partial

a. Rationale: Though Tata DoCoMo has a comprehensive Data Privacy Policy ^{^[119]} that is applicable to Tata Teleservices Limited's ("TTL") products and services and the TTL website, it is not accessible to the user through the main website. In the Frequently Asked Questions Section of TTL, it is clarified under what circumstances information that you provide is not covered by the TTL privacy policy. ^{^[120]}

2. Type of personal or sensitive personal data/information collected: Partial

a. Rational: TTL defines personal information^{^[121]} but only provides general examples of types of personal information^{^[122]} (and not sensitive personal) collected, rather than a comprehensive list. The definitions and examples of information collected are clarified in the FAQs and the Privacy Policy, rather than in the Privacy Policy alone. As a strength, the Privacy Policy clarifies the ways in which TTL will collect information from the user - including the fact that they receive information from third parties like credit agencies. ^{^[123]}

3. Option to not provide information and withdrawal of consent: N/A

a. Rationale: The TTL Privacy Policy does not address the right of the individual to provide consent/information and to withdraw information/consent.

4. Existence of Grievance Officer: Yes

a. Rationale: TTL has various methods to lodge complaints and provides for an appellate authority. ^{^[124]} Additionally, details of the Grievance Redressal Officers are provided via the TRAI website.^{^[125]}

5. Purpose of Collection and usage of information: Yes

a. Rationale: In its' Privacy Policy, TTL describes the way in which collected information is used. ^{^[126]} The TTL FAQs further clarify the use of cookies by the company, the use of provided information for advertising purposes, ^{^[127]} and the use of aggregate and anonymized data.^{^[128]}

6. Disclosure of Information: Yes

a. Rationale: In the Privacy Policy and the FAQs page, TTL is transparent about the circumstances on which they will share/disclose personal information with third parties^{^[129]}, with law enforcement/governmental agencies^{^[130]}, and with other TTL companies. ^{^[131]} Interestingly, the TTL FAQ's clarify to the customer that their personal information might be processed in different jurisdictions, and thus would be accessible by law enforcement in that jurisdiction. ^{^[132]}

7. Reasonable Security practices and procedures: Partial

a. Rationale: TTL's Privacy Policy broadly references that security practices are in place to protect user information, but the policy does not make reference to a specific security standard, or provide detail as to what these practices and procedures are. ^{^[133]} Although TTL's Privacy Policy does not make mention of any specific security standard, Tata Teleservices (Maharashtra) Limited claims to have been awarded with ISO 27001 ISMS (Information Security Management Systems) Certification in May 2011, and completed its first Surveillance Audit in June 2012^{^[134]}. Information on IT security standards adopted by other circles could not be found on the internet.

2. Vodafone

1. Clear and Accessible statements of its practices and policies: Yes

Rationale: Vodafone's Privacy Policy^{^[135]} is easily accessible from its website from a link at the bottom, directly from the home page and from all other pages of the website. ^{^[136]}

2. Collection of personal or sensitive personal data/information: No

Rationale: Type -

a. Personal Information - The amount of details given by the Privacy Policy with regards to the personal information being collected is insufficient, as it does not include a number of relevant facts, and uses is vague language - such as 'amongst other things', implying that information other than that which is notified is being collected.^{^[137]}

b. Sensitive Personal Data or Information - The Privacy Policy does not mention the categories or types of SPD/I, as defined under Rule 3, being collected by the service provider explicitly, only gives a general overview of the information that is collected.

3. Option to not provide information and withdrawal of consent: No

a. Rationale: The privacy policy does not mention the consent of data subject anywhere, nor does it mention his or her right to withdraw it at any point of time. It also does not mention whether or not the provision of services by Vodafone is contingent on the provision of such information.

4. Existence of Grievance Officer: Yes

a. Rationale: The Privacy Policy explicitly mentions and gives the email address of a grievance redressal officer, though further details about the other offices are given in a separate section of the website.^{^[138]}

5. Purpose of Collection and usage of information: Partial

a. Rationale:

The Privacy Policy gives an exhaustive list of purposes for which the collected information can be used by Vodafone, ^{^[139]} but at the same time the framing of the opening sentence and the usage of the term 'may include' could imply that it can be used for other purposes as well.

6. Disclosure of Information: Yes

a. Rationale:

The Privacy Policy mentions that Vodafone might share the collected information with certain third parties and the terms and conditions which would apply to such a third party.^{^[140]} The phrasing does not imply that there are other conditions that have not been mentioned in the policy, under which the information would be shared with a third party. At the same time, the Privacy Policy does not explicitly say that the third party will necessarily follow the privacy and data security procedures and rules laid down in the Privacy Policy.

7. Reasonable Security practices and procedures: Yes

a. Rationale:

The Privacy Policy mentions in reasonably clear detail the security practices and procedures followed by Vodafone, and also mentions the circumstances in which the data subject should take care to protect his or her own information, wherein Vodafone will not be liable. ^{^[141]} Although Vodafone India's Privacy Policy does not specify what their IT Security standard is, its 2012/2013 Sustainability Report available through its international website ^{^[142]} states that it follows industry practices in line with the ISO 27001 standard and its core data centre in India follows this standard^{^[143]}.

3. Aircel

1. Clear and Accessible statements of its practices and policies: Yes

Rationale:

The Privacy Policy is accessible from every page of the Aircel website, with a link at the bottom of each page after the specific circle has been chosen. It is reasonably free of legalese and is intelligible.^{^[144]}

2. Type of personal or sensitive personal data/information collected: Partial

Rationale: Type -

a. Personal Information

In the Privacy Policy, the repeated usage of the term 'may' creates some doubt about the actual extent of the data collected, and leaves the Privacy Policy quite unclear in this regard. At the same time, the Privacy Policy does include a fairly comprehensive list of personal information that could be collected. ^{^[145]} The wording in the Privacy Policy thus requires further clarification and specification in order to make a determination on whether or not it provides complete details on the personal information that will be collected.

a. Sensitive Personal Data or Information

The Privacy Policy does not mention SPDI explicitly, which adds to the lack of concrete details as noted earlier.

3. Option to not provide information and withdrawal of consent - Yes

Rationale : The Privacy Policy mentions that users do have the right to refuse to provide or the withdrawal of consent to collect personal information. In such cases, Aircel can respectively refuse or discontinue the provision of its services. ^{^[146]}

4. Existence of Grievance Officer: Yes

a. Rationale:

Though not directly mentioned in the Privacy Policy, a separate, easily noticeable link at the bottom of each webpage links to the Customer Grievance section. There are different officers in charge of each node, called the Nodal Officers. ^{^[147]}

5. Purpose of Collection and usage of information: Partial

a. Rationale: The usage of the term 'may' in the section of the Privacy Policy regarding the purpose of collection and usage of information again leaves it ambiguous in this regard, implying that it can just as easily be used for purposes that have not been notified to the data subject.^{^[148]}

6. Disclosure of Information: Yes

a. Rationale: Though the Privacy Policy does not specify all the circumstances under which Aircel would share the collected information with a third party, it specifies the terms and conditions that would apply in the cases that it does. ^{^[149]}

7. Reasonable Security practices and procedures: Yes

a. Rationale:

The Policy gives a reasonable amount of detail about the steps taken by Aircel to ensure the security of the information collected by it, but leaves certain holes uncovered.^{^[150]}

4. Atria Convergence Technologies Private Limited (ACT)

1. Clear and Accessible statements of its practices and policies: Yes

a. Rationale: The Policy is intelligible, and is easily accessible from all the webpages of the company's website from a link at the bottom of all pages.^{^[151]}

2. Type of personal or sensitive personal data/information collected: Partial

a. Rationale:

Type -

a. Personal Information - Yes -

The Policy mentions the different types of Personal Information which will be collected by ACT if the customer registers with the Company. ^{^[152]}

a. Sensitive Personal Data or Information -

The categories of SPD/I collected by ACT are not specifically mentioned in the policy, though they are mentioned as part of the general declarations.

3. Option to not provide information and withdrawal of consent: No

a. Rationale: The option of the data subject not providing or withdrawing consent has not been mentioned in the Policy.

4. Existence of Grievance Officer: No

a. Rationale: No Grievance Officer has been mentioned in the Privacy Policy or on the ACT website, nor has any other grievance redressal process been specified.^{^[153]}

5. Purpose of Collection and usage of information: Yes

a. Rationale: The Policy mentions the various ways ACT might use the information it collects, though the use of the term 'general' is a cause for concern.^{^[154]} The list of purposes for collection given in the Privacy Policy is a very general list.

6. Disclosure of Information: Yes

a. Rationale: The Policy mentions the circumstances in which ACT might share the collected information with a third party, and also mentions that such parties will either be subject to confidentiality agreements, or that the data subject will be notified before his or her information becomes subject to a different privacy policy. It also mentions the exception to above, that being when the information is shared for investigative purposes.^{^[155]} At the same time, the intended recipients of the information are not mentioned, and the name and address of agency/agencies collecting and retaining information is not mentioned.

7. Reasonable Security practices and procedures: No

a. Rationale: - The security practices and procedures followed by ACT to protect the information of its customers are not mentioned in the Policy, which is a critical weak point, keeping in mind the requirements of the Rules. ^{^[156]}

[1] . Telecom Regulatory Authority of India, Press Release 143/2012,(< http://www.trai.gov.in/WriteReadData/PressRealease/Document/PR-TSD-May12.pdf >)

[2] . The Indian Telecom Service Performance Indicators, January-March 2013, Telecom Regulatory Authority of India,. (< http://www.trai.gov.in/WriteReadData/WhatsNew/Documents/Indicator%20Reports%20-01082013.pdf >)

[3] . 'India is now world's third largest Internet user after U.S., China', (The Hindu, 24 August 2013) < http://www.thehindu.com/sci-tech/technology/internet/india-is-now-worlds-third-largest-internet-user-after-us-china/article5053115.ece >

[4] . In addition, the Unified Access License Framework which allows for a single license for multiple services such as telecom, the internet and television, provides certain security guidelines. As per the model UIL Agreements, privacy of communications is to be maintained and network security practices and audits are mandated along with penalties for contravention in addition to what is prescribed under the Information Technology Act,2000. For internet services, the Agreement stipulates the keeping an Internet Protocol Detail Record (IPDR) and copies of packets from customer premises equipment (CPE). Accessed at < http://www.dot.gov.in/sites/default/files/Unified%20Licence.pdf>

[5] . See >> http://www.trai.gov.in/WriteReadData/WhatsNew/Documents/Indicator%20Reports%20-01082013.pdf >>

[6] . 'India is now world's third largest Internet user after U.S., China', (The Hindu, 24 August 2013) < http://www.thehindu.com/sci-tech/technology/internet/india-is-now-worlds-third-largest-internet-user-after-us-china/article5053115.ece > Accessed..

[7] . Starting with Kharak Singh v. State of UP 1963 AIR SC 1295, the right to privacy has been further confirmed and commented on in other cases, like Govind v.State of M.P (1975) 2 SCC 148: 1975 SCC (Cri) 468. A full history of the development of the Right to Privacy can be found in B.D. Agarwala, Right to Privacy: A Case-By-Case Development, (1996) 3 SCC (Jour) 9, available at http://www.ebc-india.com/lawyer/articles/96v3a2.htm.

[8] . White Paper on EU Adequacy Assessment of India, 3, ("Based on an overall

analysis against the identifiable principles under Article 25, the 2010 Report concludes that India does not at present provide adequate protection to personal data in relation to any sector or to the whole of its private sector or to the whole of its public sector. ") available at < https://www.dsci.in/sites/default/files/WhitePaper%20EU_Adequacy%20Assessment%20of%20India.pdf >

[9] . Planning Commission, Report of the Group of Experts on Privacy, 2012, (< http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf>)

[10] . Though a company's Privacy Policy was the main document analysed for this research, when applicable a company's Terms of Service wavas also reviewed.

[11] . BSNL and MTNL are government companies as defined under section 617, Indian Companies Act, 1956, incorporated under the Indian Companies Act, 1956. Under section 43 A (i) of the Act, a 'body corporate' has been broadly defined as "any company…sole proprietorship or other association of individuals engaged in commercial or professional activities". Therefore, for the purpose of this survey, BSNL and MTNL are recognized as bodies corporate.

[12] . Documents Reviewed: http://portal.bsnl.in/portal/privacypolicy.html

[13] . A full list of its services are available here: < http://bsnl.co.in/opencms/bsnl/BSNL/services/>

[14] . The MTNL website does not provide access to a privacy policy

[15] . A full list of its services are available here <<http://mtnldelhi.in>>

[16] . Documents Reviewed: http://www.airtel.in/forme/privacy-policy , http://www.airtel.in/applications/xm/FixedLineNodalOfficer.jsp, http://www.airtel.in/applications/xm/BroadbandInternet_AppellateAuth.jsp , http://www.airtel.in/about-bharti/about-bharti-airtel/ombuds-office

[17] . A full list of services provided by Bharti Airtel is available here: <www.airtel.in>

[18] . http://submarinenetworks.com/stations/asia/india/chennai-bharti

[19] . Documents Reviewed: http://www.vodafone.com/content/sustainabilityreport/2014/index/operating_responsibly/privacy_and_security/law_enforcement.html https://www.vodafone.in/pages/privacy_policy.aspx?cid=ker , http://www.vodafone.com/content/sustainability/operating_responsibly/privacy_and_security.html

[20] . See < http://historyofbusiness.blogspot.in/2013/11/history-of-vodafone.html. >

[21] . Vodafone International Holdings v Union of India, WP 1325/2010, Bombay High Court

[22] . 'Vodafone to Buy Additional Essar India Stake for $5 Billion',(Bloomberg, March 31, 2011) < http://www.bloomberg.com/news/2011-03-31/essar-exercises-option-to-sell-5-billion-stake-in-vodafone-essar-venture.html >Accessed 26 May 2014

[23] . See <https://www.vodafone.in/pages/aboutus.aspx?cid=ker.>

[24] . Vodafone, supra note 13.

[25] . Documents Reviewed:http://www.tatadocomo.com/downloads/data-privacy-policy.pdf, http://www.tatateleservices.com/t-customercare.aspx, http://www.tatateleservices.com/download/aboutus/ttml/TTML-Annual-Report-2012-13.pdf

[26] . 'Japan's Docomo acquires 26% stake in Tata Tele'(The Hindu Business Line, November 13 2008) < http://www.thehindubusinessline.in/bline/2008/11/13/stories/2008111352410100.htm .>

[27] . Further details are available at: < http://www.tatateleservices.com/t-aboutus-ttsl-organization.aspx>

[28] . Documents Reviewed

http://www.aircel.com/AircelWar/appmanager/aircel/karnataka?_nfpb=true&_pageLabel=P26400194591312373872061 , http://www.aircel.com/AircelWar/appmanager/aircel/karnataka?_nfpb=true&_pageLabel=customercare_consumergrievance_page , http://www.aircel.com/AircelWar/ShowProperty/UCMRepository/Contribution%20Folders/Global/PDF/Manual_Customer_Grievan.pdf

[29] . See < http://www.aircel.com/AircelWar/appmanager/aircel/ap?_nfpb=true&_pageLabel=aboutus_book. >

[30] . Documents Reviewed: http://www.acttv.in/index.php/privacy-policy

[31] . https://www.vodafone.in/pages/privacy_policy.aspx?cid=ker

[32] . http://www.tatadocomo.com/downloads/data-privacy-policy.pdf

[33] . http://www.airtel.in/forme/privacy-policy

[34] .http://www.aircel.com/AircelWar/appmanager/aircel/karnataka?_nfpb=true&_pageLabel=P26400194591312373872061

[35] . http://www.acttv.in/index.php/privacy-policy

[36] . In 2012, the Minister of State for Communications & Information Technology informed the Rajya Sabha that " (a)ny change in the privacy policy is not within the purview of amended Information Technology Act, 2000",, while discussing changes to Google's privacy policy. Even though the Minister noted that the EU has reported its dissatisfaction with the changed policy, finding that the policy " makes it impossible to understand which purposes, personal data, recipients or access rights are relevant to the use of a specific service ", he argued that the Act and Rules therein merely stipulate the publication of a privacy policy which provide " information to the end users as to how their personal information is collected, for which it is collected, processed and secure". Further, when asked how changes to privacy policy affect end users the Minister shifted the responsibility on end users, stating that " (t)he end users… need to fully understand the privacy policy of Google, the consequences of sharing their personal information and their privacy rights before they start using online services ".( < http://rsdebate.nic.in/bitstream/123456789/609109/2/PQ_225_30032012_U1929_p129_p130.pdf#search=%22google%22 >).

[37] . Available at http://portal.bsnl.in/portal/privacypolicy.htm, the privacy policy was found through a search engine and not through a link from the website. An RTI request was submitted to BSNL for a copy of its privacy policy as applicable to all its products, services and websites. BSNL responded by submitting a copy of this privacy policy even though the text of the policy does not clarify the scope.

[38] . See, <http://www.acttv.in/index.php/privacy-policy>

[39] . See <http://www.airtel.in/forme/privacy-policy>

[40] . See <www.tataindicom.com/Download/data-privacy-policy.pdf>

[41] . See <<www.aircel.com/AircelWar/appmanager/aircel/delhi?_nfpb=true&_pageLabel=P26400194591312373872061>>

[42] . See <https://www.vodafone.in/pages/privacy_policy.aspx?cid=kar>

[43] . See<< http://portal.bsnl.in/portal/privacypolicy.htm>>

[44] . See <http://www.acttv.in/index.php/privacy-policy>

[45] . See <https://www.vodafone.in/pages/privacy_policy.aspx?cid=kar>

[46] . See <http://www.tataindicom.com/Download/data-privacy-policy.pdf>

[47] . Ibid

[48] . The complaint center details are available here: < http://www.tccms.gov.in/Queries.aspx?cid=1>

[49] . Rules 5 and 6

[50] . Principle 2, Principle 3, Personal Information Protection and Electronic Documents Act 2000. Available at: << http://laws-lois.justice.gc.ca/eng/acts/P-8.6/index.html>>

[51] . Rule 5(7),

[52] . Principle 2

[53] . P. 21

[54] . Telecom Regulatory Policy CRTC 2009-657, Review of the Internet traffic management practices of Internet service providers << www.crtc.gc.ca/eng/archive/2009/2009-657.htm>>

[55] . Alex Cameron,CRTC Imposes Super-PIPEDA Privacy Protections for Personal Information Collected by ISPs, Privacy and Information Protection Bulletin, Fasken Martineau, << http://www.fasken.com/files/Publication/4317fd62-0827-4d1d-b836-5b932b3b21db/Presentation/PublicationAttachment/bafbf01e-365c-47f8-86a5-5cf7d7e43787/Bulletin_-_November_2009_-_Cameron.pdf . >> Accessed 21 May 2014

[56] . Bram D. Abramson, Grant Buchanan, Hank Intven, CRTC Shapes Canadian "Net Neutrality" Rules, McCarthy Tetrault. < http://www.mccarthy.ca/article_detail.aspx?id=4720 > Accessed 21 May 2014

[57] . The Privacy Act, 1988, Part III, available at << http://www.comlaw.gov.au/Series/C2004A03712.>>

[58] . Id, note 28, Schedule 3, 1.

[59] . Id, schedule 3, 2.

[60] . Id, schedule 3, 3.

[61] . Id, schedule 3, 4.

[62] . Id, schedule 3, 5.

[63] . Id, schedule 3, 6.

[64] . Id, schedule 3, 7.

[65] . Id, schedule 3, 8.

[66] . Id, schedule 3, 9.

[67] . Id, schedule 3, 10.

[68] . Telecommunications Act, Part 13 (Information or a document protected under Part 13 could relate to many forms of communications, including fixed and mobile telephone services, internet browsing, email and voice over internet telephone services. For telephone-based communications, this would include subscriber information, the telephone numbers of the parties involved, the time of the call and its duration. In relation to internet-based applications, the information protected under Part 13 would include the Internet Protocol (IP) address used for the session, and the start and finish time of each session.)

[69] . Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML.

[70] . Id, article 3.

[71] . Id, article 8.

[72] . Id, article 2, (d). (" (d) 'controller' shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law; ")

[73] . European Commission-IP-12/46, 25 January 2012, < http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en.>

[74] . Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector.

[75] . Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC.

[76] . Rule 2 (h)

[77] . Rule 3 (ii)

[78] . Rule 3 (vii) and (viii)

[79] . Rule 2 (i)

[80] . Rule 4(iii), (iv)

[81] . Section 2(v) of the Act defines 'information'

[82] . Rule 4 (1).

[83] . Rule 5 (5)

[84] . Defined by Venkatarama Aiyar, J as: "The rule of construction is well settled that when there are in an enactment two provisions which cannot be reconciled with each other, they should be so interpreted that, if possible, effect could be given to both" in Venkataramana Devaru v. State of Mysore, AIR 1958 SC 255, p. 268: G. P. Singh, Principles of Statutory Interpretation, 1th ed. 2010, Lexisnexis Butterworths Wadhwa Nagpur. The principle was applied to interpret statutory Rules in A. N. Sehgal v. Raje Ram Sheoram, AIR 1991 SC 1406.

[85] . Rule 6

[86] . Rule 8

[87] . 52^nd Report, Standing Committee on Information Technology, 24, available at < http://164.100.47.134/lsscommittee/Information%20Technology/15_Information_Technology_52.pdf. >

[88] . Panel Of Information Security Auditing Organisations, CERT-IN < http://www.cert-in.org.in/PDF/background.pdf>

[89] . Section 1, Guidelines for applying to CERT-In for Empanelment of IT Security Audition Organisation, < http://www.cert-in.org.in/PDF/InfoSecAuditorsEmpGuidelines.pdf>

[90] . Section 2.0, Guidelines for auditee organizations, Version 2.0, IT Security

Auditing Assignment, http://www.cert-in.org.in/PDF/guideline_auditee.pdf

[91] . See <http://www.cert-in.org.in/PDF/Empanel_org.pdf>

[92] . Rule 4

[93] . Rule 4

[94] . Rule 5 (7)

[95] . See << http://www.airtel.in/forme/privacy-policy>>

[96] . 'Information that can be used by itself to uniquely identify, contact or locate a person, or can be used with information available from other sources to uniquely identify an individual. For the purpose of this policy, sensitive personal data or information has been considered as a part of personal information.' Accessed at << http://www.airtel.in/forme/privacy-policy/collection+of+personal+info?contentIDR=53535f55-b787-4cb8-b399-d11d97f80c26&useDefaultText=0&useDefaultDesc=0 >>

[97] . Subscriber's name, father's name, mother's name, spouse's name, date of birth, current and previous addresses, telephone number, mobile phone number, email address, occupation and information contained in the documents used as proof of identity and proof of address. Information related to your utilization of our services which may include your call details, your browsing history on our website, location details and additional information provided by you while using our services. We may keep a log of the activities performed by you on our network and websites by using various internet techniques such as web cookies, web beacons, server log files, etc.

[98] . Password, Financial information -details of Bank account, credit card, debit card, or other payment instrument detail s, Physical, physiological and mental health condition.

[99] . Airtel states that if a customer does not provide information or consent for usage of personal information or subsequently withdraws consent, Airtel reserves the right to not provide the services or to withdraw the services for which the said information was sought, Avaliable at: < http://www.airtel.in/forme/privacy-policy/collection+of+personal+info?contentIDR=53535f55-b787-4cb8-b399-d11d97f80c26&useDefaultText=0&useDefaultDesc=0 >

[100] . See <www.airtel.in/applications/xm/FixedLineNodalOfficer.jsp>

[101] . See << http://www.airtel.in/applications/xm/BroadbandInternet_AppellateAuth.jsp >

[102] . See << http://www.airtel.in/about-bharti/about-bharti-airtel/ombuds-office>>

[103] . Stakeholders are defined as: employee, associate, strategic partner, vendor

[104] . See << http://www.trai.gov.in/WriteReadData/ConsumerGroup/Document/2013072331247805566Bharti_Airtel_CC_AA-23072013.pdf >>

[105] . Verification of customer's identity; Complete transactions effectively and bill for products and service; Respond to customer requests for service or assistance; Perform market analysis, market research, business and operational analysis; Provide, maintain and improve Airtel products and services; Anticipate and resolve issues and concerns with Airtel products and services; Promote and market Airtel products and services which it may consider of interest and benefit to customers; and, Ensure adherence to legal and regulatory requirements for prevention and detection of frauds and crimes.

[106] . See << http://www.airtel.in/forme/privacy-policy/disclosure+and+transfer?contentIDR=745792ad-d6af-4684-85d4-d85773e77356&useDefaultText=0&useDefaultDesc=0 >>

[107] . "Airtel may obtain a customer's consent for sharing personal information in several ways, such as in writing, online, through "click-through" agreements; orally, including through interactive voice response; or when a customer's consent is part of the terms and conditions pursuant to which Airtel provides a service."

[108] . Airtel and its employees may utilize some or all available personal information for internal assessments, measures, operations and related activities…"

[109] . Airtel may at its discretion employ, contract or include third parties external to itself for strategic, tactical and operational purposes. Such agencies though external to Airtel, will always be entities which are covered by contractual agreements. These agreements in turn include Airtel's guidelines to the management, treatment and secrecy of personal information

[110] . Airtel may transfer subscriber's personal information or other information collected, stored, processed by it to any other entity or organization located in India or outside India only in case it is necessary for providing services to a subscriber or if the subscriber has consented (at the time of collection of information) to the same. This may also include sharing of aggregated information with them in order for them to understand Airtel's environment and consequently, provide the subscriber with better services. While sharing personal information with third parties, adequate measures shall be taken to ensure that reasonable security practices are followed at the third party."

[111] . Airtel may share subscribers' personal information with Government agencies or other authorized law enforcement agencies (LEAs) mandated under law to obtain such information for the purpose of verification of identity or for prevention, detection, investigation including but not limited to cyber incidents, prosecution, and punishment of offences.

[112] . See<< http://www.airtel.in/forme/privacy-policy/security+practices+and+procedures?contentIDR=9346516c-c1a1-4bd7-bce0-6945236dceaa&useDefaultText=0&useDefaultDesc=0 >>

[113] . Airtel adopts reasonable security practices and procedures, in line with international standard IS/ISO/IEC 27001, to include, technical, operational, managerial and physical security controls in order to protect a customer's personal information from unauthorized access, or disclosure while it is under our control.

[114] . Airtel's security practices and procedures limit access to personal information on need-only basis. Further, its employees are bound by Code of Conduct and Confidentiality Policies which obligate them to protect the confidentiality of personal information.

[115] . Airtel takes adequate steps to ensure that its third parties adopt reasonable level of security practices and procedures to ensure security of personal information.

[116] . Airtel may retain a subscriber's personal information for as long as required to provide him/her with services or if otherwise required under any law.

[117] . When Airtel disposes of its customers' personal information, it uses reasonable procedures to erase it or render it unreadable (for example, shredding documents and wiping electronic media)."

[118] . Airtel maintains the security of its internet connections, however for reasons outside of its control, security risks may still arise. Any personal information transmitted to Airtel or from its online products or services will therefore be at a customer's own risk. It observes reasonable security measures to protect a customer's personal information against hacking and virus dissemination.

[119] . See <<http://www.tatadocomo.com/downloads/data-privacy-policy.pdf

[120] . Information that customers provide to non-TTL companies is not covered by TTL's Policy. For example: When customers download applications or make an online purchase from a non-TTL company while using TTL's Internet or wireless services, the information collected by the non-TTL company is not subject to this Policy. When you navigate to a non-TTL company from TTL websites or applications (by clicking on a link or an advertisement, for example), information collected by the non-TTL company is governed by its privacy policy and not TTL's Privacy Policy. If one uses public forums - such as social networking services, Internet bulletin boards, chat rooms, or blogs on TTL or non-TTL websites, any Personal Information disclosed publicly can be read, collected, or used by others. Once one chooses to reveal Personal Information on such a site, the information is publicly available, and TTL cannot prevent distribution and use of that information by other parties. Information on a wireless Customer 's location, usage and numbers dialed, which is roaming on the network of a non-TTL company will be subject to the privacy policy of the non-TTL company, and not TTL's Policy.

[121] . "Personal Information" is any information that relates to a natural person which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

[122] . Personal Information - Some general examples -TTL may collect Confidential Data in different forms such as Personal and other Information based on a customer's use of its products and services. Some examples include, Contact Information that allows us to communicate with you -- including your name, address, telephone number, and e-mail address; Billing information-- including payment data, credit history, credit card number, security codes, and service history.Equipment, Performance, TTL Website Usage, Viewing and other Technical Information about use of TTL's network, services, products or websites.

Technical & Usage Information is clarified in the FAQ's as information related to the services provided, use of TTL's network, services, products or websites. Examples of the Technical & Usage Information collected include: Equipment Information that identifies the equipment used on TTL's network, such as equipment type, IDs, serial numbers, settings, configuration, and software. Performance Information about the operation of the equipment, services and applications used on TTL's network, such as IP addresses, URLs, data transmission rates and latencies, location information, security characteristics, and information about the amount of bandwidth and other network resources used in connection with uploading, downloading or streaming data to and from the Internet. TTL Website Usage Information about the use of TTL websites, including the pages visited, the length of time spent, the links or advertisements followed and the search terms entered on TTL sites, and the websites visited immediately before and immediately after visiting one of TTL's sites.TTL also may collect similar information about a customer's use of its applications on wireless devices. Viewing Information about the programs watched and recorded and similar choices under Value added TTL services and products.

[123] . Ways in which TTL collects information: On the purchase or interaction about a TTL product or service provided; Automatically collected when one visits TTL's websites or use its products and services; Other sources, such as credit agencies.

[124] . See <http://www.tatateleservices.com/t-customercare.aspx>

[125] .See< http://www.trai.gov.in/WriteReadData/ConsumerGroup/Document/2013072341218463621Tata_CC_AA_1-23072013.pdf >

[126] . To provide the best customer experience possible; Provide the services a customer purchases, respond to customer questions; Communicate with customers regarding service updates, offers, and promotions; Deliver customized content and advertising that may be of interest to customers; Address network integrity and security issues; Investigate, prevent or take action regarding illegal activities, violations of TTL's Terms of Service or Acceptable Use Policies

[127] . Site functionality -Cookies and other tracking tools are used to help TTL analyze, manage and improve websites and storing customer preferences. Advertising TTL and its advertising partners, including Yahoo! and other advertising networks, use anonymous information gathered through cookies and other similar technologies, as well as other information TTL or its advertising networks may have, to help tailor the ads a customer sees on its sites.

[128] . TTL collects some Information on an anonymous basis. TTL also may anonymize the Personal Information it collects about customers. It may obtain aggregate data by combining anonymous data that meet certain criteria into groups.

[129] . In Other Circumstances: TTL may provide Personal Information to non-TTL companies or other third parties for purposes such as: To assist with identity verification, and to prevent fraud and identity theft; Enforcing its agreements and property rights; Obtaining payment for products and services that appear on customers' TTL billing statements, including the transfer or sale of delinquent accounts to third parties for collection; and to comply to legal and regulatory requirements. TTL shares customer Personal Information only with non-TTL companies that perform services on its behalf, and only as necessary for them to perform those services. TTL requires those non-TTL companies to protect any Personal Information they may receive in a manner consistent with this policy. TTL does not provide Personal Information to non-TTL companies for the marketing of their own products and services without a customer's consent. TTL may share aggregate or anonymous Information in various formats with trusted non-TTL entities, and may work with those entities to do research and provide products and services.

[130] . TTL provides Personal Information to non-TTL companies or other third parties (for example, to government agencies, credit bureaus and collection agencies) without consent for certain purposes, such as: To comply with court orders, subpoenas, lawful discovery requests and other legal or regulatory requirements, and to enforce our legal rights or defend against legal claims, To obtain payment for products and services that appear on customer TTL billing statements, including the transfer or sale of delinquent accounts to third parties for collection; To enforce its agreements, and protect our rights or property; To assist with identity verification, and to prevent fraud and identity theft; To prevent unlawful use of TTL's services and to assist in repairing network outages; To provide information regarding the caller's location to a public safety entity when a call is made to police/investigation agencies, and to notify the public of wide-spread emergencies; To notify or respond to a responsible governmental entity if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires or justifies disclosure without delay; To display name and telephone number on a Caller ID device;

[131] . Subject to applicable legal restrictions, such as those that exist for Customer Proprietary Network Information (CPNI), the TTL companies may share your Personal Information with each other to make sure your experience is as seamless as possible, and you have the benefit of what TTL has to offer.

[132] . Customers and Users should be aware that TTL affiliates and non-TTL companies that perform services on behalf of TTL may be located outside the country where customers access TTL's services. As a result, when customer Personal Information is shared with or processed by such entities, it may be accessible to government authorities according to the laws of those jurisdictions.

[133] . TTL has implemented appropriate security controls to protect Personal Information when stored or transmitted by TTL. It has established electronic and administrative safeguards designed to secure the information it collects, to prevent unauthorized access to or disclosure of that information and to ensure it is used appropriately. Some examples of those safeguards include: All TTL employees are subject to the internal Code of Business Conduct. The TTL Code requires all employees to follow the laws, rules, regulations, court and/or commission orders that apply to TTL's business such as legal requirements and company policies on the privacy of communications and the security and privacy of Customer records. Employees who fail to meet the standards embodied in the Code of Business Conduct are subject to disciplinary action, up to and including dismissal. TTL has implemented technology and security features and strict policy guidelines to safeguard the privacy of customer Personal Information. TTL has implemented encryption or other appropriate security controls to protect Personal Information when stored or transmitted by it; TTL limits access to Personal Information to those employees, contractors, and agents who need access to such information to operate, develop, or improve its services and products; TTL requires caller/online authentication before providing Account Information so that only the customer or someone who knows the customer's account Information will be able to access or change the information.

[134] . See << http://www.tatateleservices.com/download/aboutus/ttml/TTML-Annual-Report-2012-13.pdf >>

[135] . See << https://www.vodafone.in/pages/privacy_policy.aspx?cid=ker >>

[136] . "We have created this Privacy Policy to help you understand how we collect, use and protect your information when you visit our web and WAP sites and use our products and services."

[137] . Vodafone may hold information relating to customers that have been provided (such as on an application or registration form) or that it may has obtained from another source (such as its suppliers or from marketing organisations and credit agencies).

This information may include, amongst other things, a customer's name, address, telephone numbers, information on how a customer uses Vodafone's products and services (such as the type, date, time, location and duration of calls or messages, the numbers called and how much a customer spends, and information on his/her browsing activity when visiting one of Vodafone's group companies' websites), the location of a customer's mobile phone from time to time, lifestyle information and any other information collected in relation to his/her use of Vodafone's products and services ("information").

It may use cookies and other interactive techniques such as web beacons to collect non-personal information about how a customer interacts with its website, and web-related products and services.

It may use a persistent cookie to record details such as a unique user identity and general registration details on your PC. Vodafone states that most browser technology (such as Internet Explorer, Netscape etc) allows one to choose whether to accept cookies or not - a customer can either refuse all cookies or set their browser to alert them each time that a website tries to set a cookie.

[138] . In case of any concerns the privacy officer can be contacted at privacyofficer@vodafone.com. Additionally details of the Grievance Redressal Officers is provided via the TRAI website. (TRAI website: http://www.trai.gov.in/WriteReadData/ConsumerGroup/Document/2013072341567851124Vodafone_CC_AA-23072013.pdf _

[139] . The information that Vodafone collects from customers is held in accordance with applicable laws and regulations in India. It may be used by us for a number of purposes connected with its business operations and functions, which include:

2.1 Processing customer orders or applications;

2.2 Carrying out credit checking and scoring (unless Vodafone have agreed otherwise);

2.3 Providing the customer with products and/or services requested (including the presentation or elimination of calling or connected line identification) or administering his/her account;

2.4 Billing

2.5 Settling accounts with those who provide related services to Vodafone;

2.6 Dealing with requests, enquiries or complaints and other customer care related activities; and all other general administrative and business purposes;

2.7 Carrying out market and product analysis and marketing Vodafone and its group companies' products and services generally;

2.8 Contacting a customer (including by post, email, fax, short text message (SMS), pager or telephone) about Vodafone and its group companies' products and services and the products and services of carefully selected third parties which it think may be of interest to customers (unless a customer asks us in writing not to). Electronic marketing messages may not include a marketing facility.

2.9 Registering customer details and allocating or offering rewards, discounts or other benefits and fulfilling any requests that a customer may have in respect of our and our group companies' schemes.

2.10 inclusion in any telephone or similar directory or directory enquiry service provided or operated by us or by a third party (subject to any objection or preference a customer may have indicated to us in writing);

2.11 carrying out any activity in connection with a legal, governmental or regulatory requirement on Vodafone or in connection with legal proceedings, crime or fraud prevention, detection or prosecution;

2.12 carrying out activities connected with the running of Vodafone's business such as personnel training, quality control, network monitoring, testing and maintenance of computer and other systems and in connection with the transfer of any part of Vodafone's business with respect to a customer or a potential customer.

[140] . In the need for disclosure to third parties, the personal information will only be disclosed to the third parties below:

3.1 Vodafone's group companies who may in India use and disclose your information for the same purposes as us;

3.2 those who provide to Vodafone or its group companies products or services that support the services that we provide, such as our dealers and suppliers;

3.3 credit reference agencies (unless Vodafone has agreed otherwise) who may share your information with other organisations and who may keep a record of the searches Vodafone makes against a customer's name;

3.4 if someone else pays a customer's bill, such as a customer's employer, that person;

3.5 those providing telephone and similar directories or directory enquiry services

3.6 anyone Vodafone transfers business to in respect of which a person is a customer or a potential customer;

3.7 anyone who assists Vodafone in protecting the operation of the Vodafone India networks and systems, including the use of monitoring and detection in order to identify potential threats, such as hacking and virus dissemination and other security vulnerabilities;

3.8 persons to whom Vodafone may be required to pass customer information by reason of legal, governmental or regulatory authority including law enforcement agencies and emergency services;

3.9 any person or organisation as authorised by laws and regulations applicable in India.

If a customer has opted in to receiving marketing material from Vodafone, it may also provide customer's personal information to carefully selected third parties who we reasonably believe provide products or services that may be of interest to customers and who have contracted with Vodafone India to keep the information confidential, or who are subject to obligations to protect your personal information.

To opt-out of receiving Vodafone marketing materials,customers can send a 'Do Not Disturb' message to Vodafone. If a customer wishes to use Vodafone products or services abroad, his/her information may be transferred outside India to that country. Vodafone's websites and those of its group companies may also be based on servers located outside of India.

[141] . Vodafone takes reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete, up-to-date and stored in a secure environment protected from unauthorized access, modification or disclosure.

Vodafone makes every effort to maintain the security of our internet connections; however for reasons outside of our control, security risks may still arise. Any personal information transmitted to it or from its online products or services will be at a customer's own risk, however, it will use its best efforts to ensure that any such information remains secure. Vodafone cannot protect any information that a customer makes available to the general public - for example, on message boards or in chat rooms.

Vodafone may use cookies and other interactive techniques such as web beacons to collect non-personal information about how a customer interacts.

[142] . See <http://www.vodafone.com>

[143] . See < http://www.vodafone.com/content/sustainability/operating_responsibly/privacy_and_security.html >

[144] . http://www.aircel.com/AircelWar/appmanager/aircel/karnataka?_nfpb=true&_pageLabel=P26400194591312373872061 (Scope - This Privacy Policy has been created to help customer's understand how Aircel collects, uses and protects customer information when one visits its web and WAP sites and use its products and services.)

[145] . This information may include, amongst other things, customer's name, father's name, mother's name, spouse's name, date of birth, address, telephone numbers, mobile phone number, email address, occupation and information contained in the documents used as proof of identity and proof of address. Aircel may also hold information related to utilization of its services. This may include customer call records, browsing history while surfing Aircel's website, location details and additional information provided by customer while using our services.

Aircel may keep a log of the activities performed by a customer on its websites by using various internet techniques such as web cookies, web beacons, server log files, etc.

Aircel may use cookies and other interactive techniques such as web beacons to collect non-personal information about how customers interact with Aircel's website, and web-related products and services

Aircel may use a persistent cookie to record details such as a unique user identity and general registration details on customer's Personal Computers.

[146] . In case a customer does not provide information or consent for usage of personal information or later on withdraw consent for usage of the personal information so collected, Aircel reserves the right to discontinue the services for which the said information was sought.

[147] . In case of any feedback or concern regarding protection of personal information, customers can contact Aircel's Circle Care ID. Alternatively, one may also direct your privacy-related feedback or concerns to the Circle Nodal Officer. (e.g. - Delhi Circle Nodal details are as mentioned below):

1. Name: Moushumi De

Contact Number: 9716199209

E-mail: nodalofficer.delhi@aircel.co.in

Further it provides for a general customer grievance redressal mechanism

Additionally details of the Grievance Redressal Officers is provided via the TRAI website.

To resolve all concerns, Aircel has established a 2-tier complaint handling mechanism. Level I: Our Customer Touch Points As an Aircel customer you have the convenience to contact at Customer Interface Points via email, post or telephone. Level II - Appellate AuthorityDespite the best efforts put by Aircel's executive, if a customer is still not satisfied with the resolution provided then he/she may submit his/her concern to the Appellate Authority of the circle. Comments - However this information contradicts the mechanism provided under Aircel's Manual of Practice for handling Consumer Complaints which provides for a 3-tier complaint handling mechanism.

[According to the DoT - The earlier three-tier complaint redressal mechanism - Call center, Nodal Center and Appellate Authority, has been replaced by a two-tier one by doing away with the level of Nodal Officer. This is because the Complaint Centres are essentially registration and response centres and do not deal with the resolution of complaints. They only facilitate registration of consumer complaint and the level at which a problem is resolved within a company depends upon the complexity of the issue involved.]

[148] . It may be used by us for a number of purposes connected with our business operations and functions, which include:

1. Processing customer orders or applications.

2. Carrying out credit checking and scoring (unless agreed otherwise).

3. Providing customers with products and/or services requested (including the presentation or elimination of calling or connected line identification) or administering a customer's account.

4. Billing (unless there exists another agreed method).

5. Settling accounts with those who provide related services to Aircel.

6. Dealing with requests, enquiries or complaints and other customer care related activities; and all other general administrative and business purposes.

7. Carrying out market and product analysis and marketing our and our group companies' products and services generally.

8. Contacting customers (including by post, email, fax, short text message (SMS), pager or telephone) about Aircel and its group companies' products and services and the products and services of carefully selected third parties which it think may be of interest to a customer (unless a customer says 'no' in writing). Electronic messages need not have an unsubscribe facility.

9. Registering customer details and allocating or offering rewards, discounts or other benefits and fulfilling any requests that customers may have in respect of Aircel and its group companies' loyalty or reward programmes and other similar schemes.

10. Inclusion in any telephone or similar directory or directory enquiry service provided or operated by Aircel or by a third party (subject to any objection or preference a customer may have indicated in writing).

11. Carrying out any activity in connection with a legal, governmental or regulatory requirement on Aircel or in connection with legal proceedings, crime or fraud prevention, detection or prosecution.

12. Carrying out activities connected with the running of business such as personnel training, quality control, network monitoring, testing and maintenance of computer and other systems and in connection with the transfer of any part of Aircel's business with respect to a customer or potential customer. Aircel may use cookies and other interactive techniques such as web beacons to collect non-personal information about how customers interact with our website, and web-related products and services, to:

● Understand what a customer likes and uses about Aircel's website.

● Provide a more enjoyable, customised service and experience

Aircel may use a persistent cookie to record details such as a unique user identity and general registration details on your Personal Computer.

[149] . Where Aircel needs to disclose your information to third parties, such third parties will be:

1. Group companies who may use and disclose your information for the same purposes as us.

2. Those who provide to Aircel or its group companies products or services that support the services that we provide, such as our dealers and suppliers.

3. Credit reference agencies (unless we have agreed otherwise) who may share your information with other organisations and who may keep a record of the searches Aircel make against your name.

4. If someone else pays a customer's bill, such as an employer.

5. Those providing telephone and similar directories or directory enquiry services.

6. Anyone Aircel transfers its business to in respect of which you are a customer or a potential customer.

7. Anyone who assists Aircel in protecting the operation of the Aircel networks and systems, including the use of monitoring and detection in order to identify potential threats, such as hacking and virus dissemination and other security vulnerabilities.

8. Persons to whom Aircel may be required to pass customer information by reason of legal, governmental or regulatory authority including law enforcement agencies and emergency services. If a customer has opted in to receiving marketing material from Aircel, it may also provide personal information to carefully selected third parties who it reasonably believes to provide products or services that may be of interest to customers and who have contracted with Aircel to keep the information confidential, or who are subject to obligations to protect customer personal information.

[150] . We adopt reasonable security practices and procedures to include, technical, operational, managerial and physical security control measures in order to protect your personal information from unauthorized access, or disclosure while it is under our control.Our security practices and procedures limit access to personal information on need to know basis. Further, our employees, to the extent they may have limited access to your personal information on need to know basis, are bound by Code of Conduct and Confidentiality Policies which obligate them to protect the confidentiality of personal informationWe take adequate steps to ensure that our third parties adopt reasonable level of security practices and procedures to ensure security of personal information

We may retain your personal information for as long as required to provide you with services or if otherwise required under any law. We, however assure you that Aircel does not disclose your personal information to unaffiliated third parties (parties outside Aircel corporate network and its Strategic and Business Partners) which could lead to invasion of your privacy

When we dispose off your personal information, we use reasonable procedures to erase it or render it unreadable (for example, shredding documents and wiping electronic media).

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete, up-to-date and stored in a secure environment protected from unauthorised access, modification or disclosure. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. For example, we store the personal information you provide on computer systems with limited access, which are located in controlled facilities. When we transmit highly confidential information (such as a credit card number or password) over the Internet, we protect it through the use of encryption, such as the Secure Socket Layer (SSL) protocol. If a password is used to help protect your accounts and personal information, it is your responsibility to keep your password confidential. Do not share this information with anyone. If you are sharing a computer with anyone you should always log out before leaving a site or service to protect access to your information from subsequent users.

We make every effort to maintain the security of our internet connections; however for reasons outside of our control, security risks may still arise. Any personal information transmitted to us or from our online products or services will therefore be your own risk, however we will use our best efforts to ensure that any such information remains secure.

[151] . http://www.acttv.in/index.php/privacy-policy

[152] . "When you register, we ask for information such as your name, email address, birth date, gender, zip code, occupation, industry, and personal interests.

The Company collects information about your transactions with us and with some of our business partners, including information about your use of products and services that we offer."

[153] . Not provided for on the TRAI website as ACT is not a telecom.

[154] . The Company can use information for the following general purposes: to customize the advertising and content you see, fulfill your requests for products and services, improve our services, contact you, conduct research, and provide anonymous reporting for internal and external clients.

The Company collects personal information when you register with the Company, when you use the Company products or services, when you visit the Company pages or the pages of certain partners of the Company. The Company may combine information about you that we have, with information we obtain from business partners or other companies. The Company shall have the right to pass on the same to its business associates, franchisees without referring the same to you.

[155] . Aircel provide the information to trusted partners who work on behalf of or with the Company under confidentiality agreements. These companies may use customer personal information to help the Company communicate about offers from the Company and marketing partners.

Aircel believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the Company's terms of use, or as otherwise required by law.

Aircel transfer information about a customer if the Company is acquired by or merged with another company under a different management. In this event, the Company will notify a customer before information about a customer is transferred and becomes subject to a different privacy policy.

The Company plans to display targeted advertisements based on personal information. Advertisers (including ad serving companies) may assume that people who interact with, view, or click on targeted ads meet the targeting criteria - for example, women ages 18-24 from a particular geographic area.

The Company will not provide any personal information to the advertiser when customers interact with or view a targeted ad. However, by interacting with or viewing an ad a customer consents to the possibility that the advertiser will make the assumption that he/she meets the targeting criteria used to display the ad.

[156] . Rule 8.

For more details visit https://cis-india.org/internet-governance/blog/a-study-of-the-privacy-policies-of-indian-service-providers-and-the-43a-rules

Digital Natives with a Cause? A Report

radha — 2012-03-13T10:43:09Z

Youth are often seen as potential agents of change for reshaping their own societies. By 2010, the global youth population is expected reach almost 1.2 billion of which 85% reside in developing countries. Unleashing the potential of even a part of this group in developing countries promises a substantially impact on societies. Especially now when youths thriving on digital technologies flood universities, work forces, and governments and could facilitate radical restructuring of the world we live in. So, it’s time we start listening to them.

For more details visit https://cis-india.org/publications-automated/cis/nishant/dnrep.pdf

AI and Healtchare Report

Admin — 2018-01-26T01:35:20Z

For more details visit https://cis-india.org/internet-governance/files/ai-and-healtchare-report

AI and Healthcare Report

pranav — 2019-06-11T14:23:51Z

For more details visit https://cis-india.org/internet-governance/ai-and-healthcare-report

Centre for Internet and Society

Cybersecurity Compilation

Big Data and Positive Social Change in the Developing World

NCAER Parallel Imports Report

MLAT Report

DP Compendium

Internet Shutdown Stories

Openness

Free and Open Software

FOSS in India

Open Standards

Case Study: Digital Colonialism

Open Content

Wikipedia

Open Access

Open (Government) Data

AI in Banking and Finance

Draft Annual Report (2010-11)

3rd Canadian Science Policy Conference

Conference Objectives

Agenda

Wednesday, November 16, 2011

Thursday, November 17, 2011

Study of Privacy Policies of Indian Service Providers

A Study of the Privacy Policies of Indian Service Providers and the 43A Rules

Introduction

Objective of Research

Methodology

Scope

Vodafone

Tata Teleservices Limited

Atria Convergence Technologies

Observations

International Best Practices

Canada

Recommendations

Annexure 1

Digital Natives with a Cause? A Report

AI and Healtchare Report

AI and Healthcare Report