The Securities and Exchange Board of India recently issued a cybersecurity framework for KYC Registration agencies, highlighting the need to protect the integrity of data and guard against privacy breaches. The framework, which goes into effect 1 Jan. 2020, requires agencies to define the responsibilities of employees who have privileged access to networks. The framework also says no one “should have an intrinsic right to access confidential data by virtue of their rank or position.” This means all access to confidential data would require affirmative action, and, I believe, is the first Indian policy to put it so explicitly.
There are three important cases before the India courts at the moment. Facebook filed a petition requesting all lawsuits filed against the company appear before the Supreme Court, prompting the Indian government to notify the court that it needs three months to notify the “intermediary guidelines for social media platforms.”
In the second case, the Bombay High Court overruled three orders passed by the Union Home Ministry to intercept phone calls of a businessman in a bribery case filed by the Central Bureau of Investigation, citing the orders “violate right to privacy.” Further, the High Court ordered the destruction of the recorded calls and quoted the Supreme Court by saying “tapping can be allowed only in a public emergency or in the interest of public safety." Finally, the New Delhi High Court in its judgment yesterday said the Indian courts can pass global injunctions to block web content uploaded from India.
In the tech space, browsers such as Firefox and Chrome are enhancing their privacy protection features. Privacy focus is also noticeably growing in advertisements, tech upgrades, product launches, awareness campaigns etc., with organizations trying hard to foster trust relationships with consumers through their data governance practices.
The IAPP participated in the 41st International Conference of Data Protection and Privacy Commissioners in Tirana, Albania this week. Check out our coverage on what transpired and the reason everyone calls for close-knit collaboration and cooperation as the way forward to fight privacy violations.
Have you read the IAPP-EY Annual Governance Report 2019 yet? Interesting insights include 38% of organizations subjected to the EU General Data Protection Regulation have reported breaches this year, an increase from 16% last year. Standard Contractual Clauses remain the most popular instruments of data transfer outside the EU, according to 88% respondents, followed by the EU-U.S. Privacy Shield arrangement. Organizations continue to struggle with “locating unstructured personal data,” ranking it as the most difficult issue in responding to data subject access requests (including access, deletion, and rectification requests). There’s lot more in the report.
Also, the IAPP ANZ Summit kicks off next Tuesday with two days of packed agenda, impactful sessions and an excellent speaker line-up! Try not to miss it.
If you want to comment on this post, you need to login.