Author Archives: naavi

FDPPI and ISACA conduct Program on PDPA

FDPPI launched its offline activities formally through a conference in Bangalore on PDPA conducted along with ISACA Bangalore Chapter.

At a well attended half day program held at FKCCI hall, the Privacy Laws as they are present in India, the Impact of GDPR and the essential features of the proposed PDPA were presented by a panel of experts from FDPPI, ISACA and also from the industry.

The program was well received.

Naavi

Some Photographs from the event:

Mumbai Team Gets into Action

A meeting of the Governing Council (Subject to ratification by the Board) was held on 13th January 2019 at Mumbai and decided  that a workshop on PDPA 2018 will be organized on 20th February 2019 in Mumbai as a paid event.

Special efforts would be taken by the Mumbai team to expand the membership and also to contribute articles to the proposed journal .

 

Contributions to the Journal are welcome

Foundation of Data Protection Professionals in India (FDPPI) is launching a quarterly Journal on Data Protection from the First quarter of 2019.

An editorial committee is being formed for leading the activities. Presently the responsibilities of taking this activities further is entrusted to Ms Sreevidya Varma.

This journal is expected to be  “The Eyes and Ears of the Data Protection Professionals in India” and speak on topics that would enhance the value of Data Protection Professionals and the industry in India. It is meant to be educative, assist the policy makers in getting the views of the industry on different aspects.

Those professionals who would like to contribute their articles to the journal may kindly get in touch of Sreevidya Varma through the e-mail of FDPPI provided in the contact.

More information on the constitution of the Editorial Committee and the Editorial Policies will be published soon.

Regional Council of Bengaluru constituted

On 30th October 2018, the Bengaluru Regional Council of FDPPI was constituted. The Nine member General Council will be the body which will plan and execute the programs of FDPPI.

The team will be headed by Sri S.K. Prakash as the Honorary President and Mr Ramesh Kauta as the Honorary Vice President.

Smt Vasanthika Srinath, Sreevidya Varma, Deepalakshmi Vadivelan, as well as Sri Vibhakar Bhushan, M A Ranganath, along with the two Directors namely Vijayashankar Nagaraja Rao (Naavi) and Nagendra Javagal will be the other members.

The team quickly identified several projects for implementation and identified different members to take the lead in the implementation.

One of the immediate projects to be initiated was the publication of a quarterly e-journal in the name of FDPPI to disseminate knowledge related to Data Protection industry and also the activities of the Company. Details are being finalized by a subcommittee.

 

 

PDPA Awareness Movement

FDPPI has embarked on an awareness building program in Bengaluru where members of FDPPI will be conducting a ” PDPA Sensitisation Lecture Programme” in different organizations initially in Bengaluru.

The program will be offered as a complimentary offer from FDPPI to make Bengaluru the Data Protection Regulation Capital of India.

This would be a movement to ensure that a large number of institutions in India would be aware of the Personal Data Protection Act which is likely to become a key legislation in India affecting a large section of the industry both IT and non IT.

Naavi will personally devote time for this activity along with a few other members.

In the coming days, FDPPI would conduct such programs from time to time to corporate members free of charge on on a reasonable fee for other Non Member Companies.

Interested organizations may contact FDPPI through e-mail for scheduling the program by mutual convenience.

We are an Inclusive Body… We donot have conflicts with other like minded organizations

As we start taking the next steps to develop FDPPI, it is necessary to make a public disclosure of our intention to build a common platform for all Data Protection Professionals in India.

We have therefore added in our objectives the following ancillary objective

” Collaborate with other Individuals, Organizations, Government authorities or any
other entity with complimentary interests in any lawful activity within the
objectives of the Company”

It is proposed that FDPPI will try to be a “Federation of Data Protection Organizations ” (FDPO) so that the activities of different organizations with similar purposes are integrated.

Members of other organizations who may consider such collaboration may note that

a) FDPPI is a Section 8 company. No profits will be distributed with the members.

b) It is a Company limited by Guarantees. Hence it does not raise resources by way of Share Capital.

c) The Resource mobilization is through Donations which are similar to membership fee in other organisations like a society.

d) The activity of FDPPI is not “Commercial” though it may earn revenue in some of its activities such as conducting training programs, etc. The profits earned will be re-invested in the activities of the Company as per the objectives in the MOA.

e) Every Member Donor who is called a “Prime Member” will have one Vote as a member and can participate in the activities either by electing members to the General Council or seeking election themselves.

f) In case other organizations want to join FDPPI in the Federation concept, they can join as a composite member with one single vote representing all their members,. But they need to be a legal entity  such as a Company, Society or a Trust.

g) FDPPI advocates the concept of “Supporting Members” where the member may occasionally share his efforts, products and services in the joint name with FDPPI with agreed sharing of benefits as a compensation for the efforts brought in to a joint project. The Federation member can therefore continue to have its activities without conflict and yet benefit by associating with FDPPI.

h) FDPPI wants this collaboration to also to exist between the community in the IT sector which relates to Data Protection with other professionals in the Legal sector, Law Enforcement sector and Academic Sector involved in the field of Privacy protection, Crime Prevention, Education etc., and therefore welcomes members from these professionals as part of this organization.

If any clarifications are required on the above, FDPPI would be willing to provide.

Invite your comments on Aadhaar Judgement

Before the public comments to PDPA 2018 closes on 10th October 2018, it is proposed that we conduct a web meeting and discuss views from our community.

As a thought starter, Naavi has  placed his personal views in the form of 10 different articles available at www.naavi.org. These are to be considered as his personal views and a background material for others to start thinking on the issues.

We request others-members and provisional members to send in their views through e-mail to FDPPI before 8th October 2018.

On 9th October 2018, at 8.00 pm, we will have an online meeting of the members of FDPPI and based on the views collected in this meeting, we shall submit one report to MeiTy if possible as a recommendation regarding PDPA 2018.

There have been several industry wide discussions in the last few months on PDPA 2018 in which issues like Data localization has been highlighted. What is new now is the Aadhaar judgement and its impact on PDPA 2018.

FDPPI wishes to  collect some thoughts on this aspect exclusively and submit it to the Government.

The FDPPI Starts Rolling…

 

FDPPI conducted its first informal meeting in physical space yesterday the 29th September in Bangalore. For the general information of all, we are posting this information here.

The essence of the discussions yesterday was a re-iteration of the objectives of the group and charting a broad scope for the future activities of the Company. The key points to be noted are as follows.

  1. The objectives of the group is to empower the community of Data Protection Professionals with knowledge, skill and an ethical attitude.
  2. The community by definition would include all those professionals who have a stake in “Data Protection”.
  3. An “Ethical Declaration” or a draft “Code of Conduct” document would be developed for adoption by the members.
  4. The Company being a Section 8 company, would be reinvesting all its earnings back into its operations and not distribute it to the members by way of dividend.
  5. The Company being a company where the member’s liabilities are limited by guarantee, will not have share capital and members are not required to contribute to the share capital. Alternatively they have to provide a guarantee as required under Companies Act 2013 and we have fixed the guarantee amount under the Articles to be Rs 10000/-. Hence the membership application form will contain a clause indicating this obligation. The membership is however limited to “Donors” who contribute to a minimum of Rs 5000/-
  6. All donors who contribute Rs 5000/- and above as donation would be given an option to become a member and the application would be approved by the Board subject to any further criteria in this regard prescribed by the Articles and once approved, they would become “Members” with voting rights.
  7. From among the members, a few would be elected as members of the Governing Council with a segmentation of such regional councils in different geographical locations.  Since the members have started enrolling in Bangalore now, we will shortly constitute the “FDPPI Governing Council of Bengaluru”.  
  8.  A “Members only” part of this website would provide more information on the list of members etc., in due course.
  9. Some of the members have opted to take up the position as “Supporting Donors”. They have agreed to execute some of their professional projects ( at their option and subject to mutual discussion and approval)  by sharing their professional expertise in execution of the project under the joint name of FDPPI and such a Supporting donor. The credentials of such supporting donors and their skills will be separately show cased on this site in due course and they will represent the “Collective Professional Capabilities of FDPPI” which would be on offer to the community.
  10. In identifying the future activities, it was discussed that FDPPI should go beyond conducting of workshops and seminars with further value added services to the community such as

a) Certification of the Data Protection Professionals under the criteria to be developed by FDPPI… particularly incorporating the need for knowledge on  Indian Privacy and Data Protection Requirements as an extension of other Certification programs that may be available in the market. 

b) Conducting workshops and training programs for Corporate employees as well as professionals who aspire for Certification of other organisations.

c) The FDPPI Certifications may co-exist with other Internationally recognized Certifications and provide the focus on the Indian requirements. As and when the Indian Data Protection Authority comes into being, based on any norms that may be prescribed by them, attempt will be made  to gain an additional level of recognition. 

d) FDPPI will develop Codes for implementation of Data Protection Norms for conducting Data Audits of different types envisaged in the draft PDPA 2018.  FDPPI will also develop a system for evaluation and representation of “Trust Scores” for implementation of Data Protection by organizations. 

e) An attempt will be made to  get the standards developed by FDPPI acceptable under the norms of the other established industry standards taking care that no restrictions on its use would be accepted under IPR considerations.

f) FDPPI would try to identify and develop other value added services that the community may require as a part of the development of Data Protection legislation in India.

Considering the recent developments in the Country it was decided that we need to address the issue of the adverse impact of the Aadhaar Judgement on the industry and also form specific recommendations that can be sent to the Ministry of Information Technology on the draft PDPA 2018 for which the public comments will be received upto 10th of October 2018.

P.S: The meeting of 29th does not constitute a formal meeting of the members of the Company or its Governing Council or the Board. It is like a “Round Table” of stake holders. The proceedings would therefore not go into the minutes book of the Company under the Company’s Act.

Members who were present in the meeting may suggest modifications to the above if required.

I thank those who have already sent their donations through online/cheque and applications for membership. Others can download the application form containing details of membership and send in their applications.

Naavi