FDPPI is your Privacy Companion

The Fourth Annual General Meeting of FDPPI was held on 24th September 2022 at The Chancery, 10/6, Lavelle Rod, Bangalore to approve the annual accounts and to discuss other issues.

After welcome by Mr Nagendra Javagal, Naavi presented the accounts and Ramesh Venkataraman presented a review of the activities of the year 2021-22.

A discussion on the road ahead ensued and there were many suggestions that were discussed during the meeting on how FDPPI should proceed in the coming year.

We thank all the participants who attended on site and on the zoom.

Naavi

FDPPI is an organization of the data protection professionals and by the data protection professionals. The organization is supported by the aggregation of activities of its members.  For practical reasons some members are designated as “Supporting Members” so that they act as divisions of FDPPI for generation of revenue through their activities. But all other members are like flesh and blood of the organization. If they are active, FDPPI is active.

This concept extends to the conduct of IDPS 2022 the flagship event of FDPPI. We would like to make this event the flagship event of the Data Protection Community in India of which FDPPI is a part.

The event is being conducted as a 3 day virtual event between 11th, 12th and 13th November 2022 between 2.00 pm and 8.00 pm (IST) or 8.30 am GMT to 2.30 pm GMT.

During this time and day, the event would be live. During these 18 hours we can accommodate perhaps 6-8 keynotes and another 6-8 panel discussions.  This  means that we can listen to around 30 -35 speakers and share their thoughts with the audience.

The canvas of discussion is “Privacy and Data Protection” and the theme is “Shape of Things to Come”. We therefore need to discuss the current laws in India and elsewhere, the technology of protecting Privacy and data, the Governance of Data for protection and monetization and many other related issues.

We are fully aware that the number of available speakers and the amount of knowledge they can contribute are much more than what we can present in 3 days. We cannot accommodate them all despite our best intentions.

We are also aware that this is a dilemma that is faced by every organizer of such programs world over. There are too many deserving speakers who ought to be heard. But either the organizers cannot reach out to them or the speakers are not available at the required time and place for the event. This often results in losing an opportunity to hear the experts and some times disappointing speakers who are eager to share their knowledge.

FDPPI therefore has opened it’s doors for speaking opportunities during the IDPS 2022 to the community so that IDPS 2022 is to be an event of the Data Protection Professionals by the data protection professionals and for the data protection professionals.

We therefore invite data protection professionals who would like to contribute their thoughts to the “Shape of things to come” in the domain of Privacy and Data Protection in the IDPS 2022 to send us recorded video clips preferably of less than 5 minutes. These recorded videos would be broadcast on the IDPS 2022 platform during the time 6.00 am (IST) to 12.00 noon (IST). This will ensure that the content would be available for the US-Australia time zone as an extension of the live sessions which are more suitable for the India-Gulf-EU time zones.

The video may be kindly recorded if possible with the background setting of the image provided above. Naavi would be available for checking the topic of discussion as well as for a participative recording of the views as a conversation if it is preferred.

The end objective of this exercise is to ensure that IDPS 2022 becomes an event of the community of data protection professionals.

We hope that we will also be able to show case the professionals who would otherwise miss participation in the event. For the upcoming speakers this is an opportunity to be present on this platform.

I request all professionals to make this concept a success.

Naavi

FDPPI is conducting IDPS 2022 which is a flagship event of FDPPI and an apex national event. During the three day virtual event that is taking place this year between November 11-13, about 30-40 speakers would be taking part.

We are aware that there are many more experts in the domain not all of whom can be identified by us and invited for the program. In fact FDPPI has over 200 members each of whom are decorated professionals and could contribute to the society with their knowledge. But we cannot accommodate all of them as speakers in this prestigious event.

However, we now have an alternative. We would like to collect both text and video messages from experts around the world and publish it as pre-recorded videos or messages during the IDPS 2022.

We therefore invite experts to contribute text or video messages by email  if they have a view on Privacy and Data Protection or related areas.

One of the features of this year’s IDPS  would be the awards  to be provided to different category of persons recognizing their contribution to the Privacy and Data Protection eco system in India.

(Download the flyer with all information on the awards)

Naavi

FDPPI is now planning to conduct IDPS 2022 on November 11^th and 12^th, 2022 as a virtual event.

The program will be conducted between 2.00 pm IST to 8.00 pm IST for the convenience of the global audience.

In the event the Government of India comes up with a new version of Data Protection Bill for public comments, IDPS 2022 may be conducted over three days and will conduct a special discussion on the draft law for one full day.

In such an event the program would be conducted on November 11,12 and 13.

Sponsorship opportunities are available for interested organizations.

Contact for details

Naavi

Foundation of Data Protection Professionals in India, which is the premier organisation in India dedicated to Privacy and Data Protection has come out with its latest issue of Data Protection Journal of India (www.dpji.in).

DPJI is presently a journal published on internet and its issues are available at www.dpji.in. The current issue is the 7th issue in the series. The earlier issues covered different aspects of Data Protection

In the past issues several interesting topics such as the Valuation of Data, the PDPSI framework (Now renamed as DPCSI framework), the need for compliance culture to be developed in India have been discussed.

In the current issue an important aspect of Data Protection namely the role of people have been discussed.

By focussing on the concept of “Human Firewall” a focus has been brought to the use of humans to develop a security cover to combat the risk of privacy and information security. Just as technology tools such as encryption, firewall and Intrusion detection systems are used to combat technology risks, this concept envisages that human skills have to be used for risk mitigation.

The involvement of humans as part of the security posture is important both because insider frauds constitute a large percentage of cyber risks and cannot be mitigated by policies, procedure and technology. Also even the technology or policy controls have to be implemented by the humans only and motivating them to be “Security Champions” is necessary.

This concept has been well ingrained in our earlier discussions on “Vulnerabilities in human space” and “Theory of Information Security Motivation” etc.

We had also incorporated several principles of using human resources in the unique indigenous framework for Privacy and Data Protection, namely the DPCSI (Data Protection Standard of India). In particular, we had introduced a standard titled

“Distributed Responsibility, along with implementations for Augmented HR policy which included incentivisation and dis incentivisation for motivational purpose. Further the “Augmented Whistle-blower policy” extended the concept to a “Human IDS system”.

Naavi.org has also been discussing from time to time, concepts such as the “Human Bomb”, “Deviant Minds in Workforce”, “Technology Intoxication” etc all revolving around the concept of “Mitigating human Risks” in Cyber Crime prevention.

It was therefore a pleasure to observe that Dr Anirban Ghosh, a professional working in BT group had actually worked on a research thesis on the topic of “Human Firewall” and with his permission the entire thesis has been reproduced in the July issue of the  journal.

We hope that professionals interested in the field of Cyber Psychology, Human Resource Management  and related topics would find the issue worth going through.

Kindly do share the copy within your organization as a part of your knowledge management.

Any queries on any of the topics are welcome.

Naavi

The IT community has gone through the phase of discussing the need for building an “Information Security” culture in the organization. There after we also went through the phase of building a “Privacy Culture”.

In both these phases, we focussed on the people in the organization and tried to educate them on security issues and privacy issues.

While the efforts for building an information security culture and privacy culture continue, they are now being subsumed by the new requirement of building a “Compliance Culture” in organizations.

This requirement is  typical of the Indian market where we always stretch the compliance requirement till we are forced to comply.

The time has therefore come now to build a “Compliance Culture” in an organization. In this context, an “Organization” is the aggregation of the senior executives who have gone through the implementation of measures in their respective work places to ensure that their subordinates are impregnated with the importance of information security and privacy and why they all need to change their attitudes to work and attitudinally re-orient themselves to practice better security and privacy ethics and technology in their day to day work.

FDPPI is now embarking on leading Indian organizations into this phase through its program.. “Data Trust Score, the future of Privacy Protection”.

“Data Trust Score” or DTS, is the suggested measure of “Maturity of Data Protection Law Compliance” in India. It is a suggested deliverable of a data auditor who audits the data protection practices of a company in India. It works like the “Credit Rating” assigned for financial instruments by Credit rating agencies such as CRISIL or ICRA.

FDPPI which has created an eco-system for certified Data protection audits based on the indigenously developed framework of DPCSI (Data Protection Compliance Standard of India) is adopting the DTS-DPCSI, as  model for calculation of DTS on the DPCSI framework.

DTS-DPCSI is the first of its kind concept and would be the forerunner of similar assessment yardsticks that will emerge in future for other frameworks also.

The life of a Data Protection Professional will not be complete without understanding the concept of DTS and how it can be applied in their work environment.

Let us start our journey in understanding the concept of DTS through a virtual presentation to be made by Naavi on 10th July 2022 at 11.00 am.

For registration, contact Naavi through email at : dts@ujvala.com

Naavi

FDPPI would like to form a group of professionals interested in NeuroTech and Neuro Rights to take the study further.

This will be  an exploratory group to identify the requirements of developing Neuro Rights legislation in India and application of Privacy laws in the Neuro tech context.

Interested persons may contact Naavi.

Naavi

FDPPI, which is often referred to as the “Dada of Data Protection” in India has been publishing a quarterly journal (presently in e-form) in the name of “Data Protection Journal of India”.

The journal started in January 2021 has now seen six editions and they are available at www.dpji.in.

While we are partially proud of the achievement, we are fully aware that we have miles to go in terms of making DPJI more useful and better looking.

FDPPI believes that it is like a start up and we will not hesitate in doing things even if there could be shortcomings to start with. We shall accept our shortcomings and try to improve further.

However, in order for a project like DPJI to succeed, we need valuable contributions from the community. FDPPI has more than 200 senior professional members in its community but not more than five or six have so far contributed to the journal. This is a surprise given the enormous cumulative experience that the team possesses. Obviously, there is a hesitancy amongst the professionals in putting their thoughts in to writing.

FDPPI believes that ability to communicate through writing and through making presentations to the peers is part of the skills required by a DPO and the Jnaanavardhini as well as DPJI are opportunities available to the members to hone their skills.

I therefore wish that more members try to use these opportunities to present their views to the public and at the same time sharpen their own understanding of the subject.

Presently Mr M G Kodandaraman is in charge of the DPJI content management  and Ms T C Manju is in charge of the Jnaanavardhini Sessions. Those of you who would like to contribute articles to DPJI and also to speak in any of the Jnaana Vardhini sessions.

The next DPJI issue is scheduled for July 2022. Last quarter, the release was delayed but we want to be back on our time schedule for the next issue. We want to also add one section exclusively on “Technology” in our next issue where we want to discuss issues of technology relevant to Privacy Professionals. Since this is the familiar domain for most of our members, we hope members will take up this opportunity and contribute more articles in this domain.

In the Jnaana Vardhini sessions, soon we want to introduce “Members only sessions” at least one per month.  We conducted two such “Star Jnaana Vardhini sessions” in the past and there after continued with free sessions. It is time we re-introduce these Monthly Star Sessions which will be aimed at covering some special topics that will add value to the membership. Watch out for announcements in this regard.

I invite members as well as non members to contribute articles of relevance to the DPJI and send speaking proposals. The requests may be sent by email to fdppi and it will be directed to the relevant persons for further follow up.

Students from educational institutions are also invited to present their papers through DPJI on relevant topics.

FDPPI members may kindly spread this word around so that we can start getting more contributions to the Journal and for Jnaana Vardhini sessions.

Naavi