Last week, the Supreme Court of India ruled that the right to privacy is intrinsic to life and liberty. The Court's determination could be a key step toward a comprehensive privacy regulation. Globally there has been a tectonic shift in the privacy landscape with changing regulatory requirements and increased consumer awareness. Organizations across the world are attempting to keep up with the dynamic changes in the risk profiles, fluid geographical boundaries and the constant need to win customer confidence. It's no wonder privacy has become a part of the board room agenda.
Regulators and statutes across the world are developing regulations and frameworks to protect personal information of their citizens. Key among these regulations has been the General Data Protection Regulation of the European Union, creating an impact across borders and extending the jurisdiction of European Data Protection Authorities. Under the GDPR, which focuses on organizations processing all EU residents' personal data, misuse of data could cost organizations 4 percent of annual global turnover or 20 million euros in fines and penalties.
As a nation, India is aiming toward digital penetration and being a lucrative market for data-driven companies, it’s now increasingly important to ensure protection of an individual’s privacy. Data protection is one of the most important parts of the right to privacy judgment, as a data protection law will protect your personal information, which is collected, processed and stored by "automated" means or intended to be part of a filing system. According to a survey conducted by KPMG this year, consumers believe that the banking sector is the most trusted industry. This could be attributed to the fact that industry regulators such as RBI and IRDAI have been proactive in providing organizations with Cybersecurity Guidelines for protecting personal data of consumers. Also, India, which is well known for its IT/ITeS sector, BPOs and KPOs, would now go under the microscope with privacy being an imperative both globally and nationally.
The judgment on right to privacy as a fundamental right transforms the need for a data protection law into a necessity.
As of now, data protection provisions are scattered across several statutes, ranging from the Information Technology Act of 2011 to Aadhaar Act of 2016. Thus, the judgment on right to privacy as a fundamental right transforms the need for a data protection law into a necessity. The Minister of Law and Information has suggested that a panel would be setup to develop a robust framework by December, comprising a blend of data availability and data safety, security and privacy.
India Inc. is now confronted with the task of ensuring an individual's right to privacy and, more often than not, in reality, that seems to be a far-fetched goal. Organizations should do well to take cognizance of this and work on strengthening data privacy by putting on the end user lens rather than a regulatory lens. Organizations need to approach this challenge with logical and methodical solutions like developing a robust privacy framework, recruiting and upscaling resources for privacy, implementing technological solutions for data protection and security, building a privacy governance structure within the organization, adhering to customers contractual and regulatory obligations, maintaining a data inventory and driving enterprise level change management in order to stay ahead of the curve. While we can expect the judicial system to come up with statutes now, it is important that businesses start building privacy in their business DNA and give it due to considerations in every business decision.
If you want to comment on this post, you need to login.