With cyber crime on the rise, the Data Security Council of India has started working with the office of the National Security Advisor to safeguard citizens’ information under a new privacy framework programme.
The Council, which is an industry-government initiative spearheaded by IT industry body Nasscom, has sent its recommendations to the NSA, and the framework is expected to be in place within the next two-three months. A Joint Working Group that includes members from the Government and industry has been constituted for the purpose.
Once the framework is in place, all companies — especially in the banking, insurance and telecom sectors — will have to furnish proof that they are adhering to privacy principles, such as proper use of data, no breach of an individual’s details and erasing of old customer data. .
Consulting firms
The Working Group was formed in October last year under the chairmanship of Latha Reddy, the Deputy National Security Advisor.
It is expected to put in place a permanent mechanism for public-private partnership, identify bodies that can play a wider role in funding, and come up with an appropriate policy and legal framework to ensure compliance with cyber security efforts. “In privacy, there are no standards and certification programmes. So, we are pushing for the adoption of the DSCI privacy framework, which will become a law in the near future,” Kamlesh Bajaj, Chief Executive Officer, DSCI, told Business Line .
The Council has roped in consulting firms, including KPMG, PWC, E&Y, Deloitte and three Europe-based companies — British Standards Institution (India), Det Norske Veritas (DNV) and TÜV Rheinland (TUV) — to train individuals who will assess companies on their privacy protection standards.
Bajaj said the Council has trained 31 officials who will in turn train 100 assessors by the end of December.
“They will be called DSCI Privacy Lead Assessors, for which we have created a curriculum to train these individuals. They are authorised to conduct assessments on behalf of DSCI once the companies send a request to us,” he said.
The assessment reports made by them will finally come to the Council , and based on the analysis of those reports, a decision on whether that particular company can be given a privacy seal (or certification) will be taken.
The certification will be valid for three years and checks will be carried out at the end of each year.