Last week, the Supreme Court of India
As a nation, India is aiming toward digital penetration and being a lucrative market for data-driven companies, it’s now increasingly important to ensure protection of an individual’s privacy. Data protection is one of the most important parts of the right to privacy judgment, as a data protection law will protect your personal information, which is collected, processed and stored by "automated" means or intended to be part of a filing system. According to a survey conducted by KPMG this year, consumers believe that the banking sector is the most trusted industry. This could be attributed to the fact that industry regulators such as RBI and IRDAI have been proactive in providing organizations with Cybersecurity Guidelines for protecting personal data of consumers. Also, India, which is well known for its IT/ITeS sector, BPOs and KPOs, would now go under the microscope with privacy being an imperative both globally and nationally.
The judgment on right to privacy as a fundamental right transforms the need for a data protection law into a necessity.
As of now, data protection provisions are scattered across several statutes, ranging from the Information Technology Act of 2011 to Aadhaar Act of 2016. Thus, the judgment on right to privacy as a fundamental right transforms the need for a data protection law into a necessity. The Minister of Law and Information has suggested that a panel would be setup to develop a robust framework by December, comprising a blend of data availability and data safety, security and privacy.
India Inc. is now confronted with the task of ensuring an individual's right to privacy and, more often than not, in reality, that seems to be a far-fetched goal. Organizations should do well to take cognizance of this and work on strengthening data privacy by putting on the end user lens rather than a regulatory lens. Organizations need to approach this challenge with logical and methodical solutions like developing a robust privacy framework, recruiting and upscaling resources for privacy, implementing technological solutions for data protection and security, building a privacy governance structure within the organization, adhering to customers contractual and regulatory obligations, maintaining a data inventory and driving enterprise level change management in order to stay ahead of the curve. While we can expect the judicial system to come up with statutes now, it is important that businesses start building privacy in their business DNA and give it due to considerations in every business decision.
photo credit: Meanest Indian Doorway Tiranga via photopin (license)