FDPPI to Propose a Bill for Data Valuation and Inheritance

FDPPI has presently constituted wo internal committees one on “Deceased Data Principal’s Assets” and another on “Data Valuation”. The committee on the Deceased Data Principal’s asset under the chairmanship of Dr Mahendra Limaye is submitting an internal report shortly.  The “Data Valuation Committee” is in the process of engaging other external institutions in a discussion to establish consensus on the need to value data and present it as part of the published accounts.

As a follow up to the activities of these two groups, it is recognized that there is a need for a proper legislation and FDPPI should take the discussion to the logical end by drafting a proposed legislation and try getting it as a Private MP bill in the Parliament.

The Proposed  “Digital Valuation and Succession Act” may include

1) Defining Data as a new class of asset and not necessarily to be compared with the known asset classes such as movable, immovable, actionable claims etc.

2) Defining a method of valuation of Data

3) Defining the a means of  disclosure of data value in an organization to the public

4) Defining the ownership rights and means of transfer

5) Possibility of “Nomination” of Data

6) Possibility of “Joint ownership of data” (eg: Either or survivor or Former or Survivor of data held with data processors like Twitter or Facebook)

7) An established methodology for recognizing handling of data of deceased data principals, without automatic deletion  or automatic appropriation by the data fiduciary

8) An established methodology for the legal heirs of a deceased to “Claim” data assets in the hands of intermediaries.

9) An established methodology for the Government to appropriate “Unclaimed Data Assets” after classifying them as “Unclaimed” through a process similar to branding a data asset as “Dormant” and “Inoperative”.

10) Establishment of a  “Uniform Data Disputes Resolution Policy” (UDDRP) to be adopted voluntarily by Data Fiduciaries on the lines of UDRP/INDRP to facilitate data disputes resolution through an ADR process.

and Any other aspect relevant to data valuation, data value disclosure.

Such a law should be compatible with  the current data related laws such as Information Technology Act 2000, Personal Data Protection Act (as proposed),  Non Personal Data Governance Act (As envisaged) and any other laws likely to be considered in the meantime.

FDPPI has been described as the “Dada of Data Protection Agencies in India” and therefore has the responsibility to take constructive steps in finding a solution to these problems of the industry.

In this direction FDPPI shall constitute a special committee to draft a bill on “Data Valuation and Succession Act”, deliberate on the issue in consultation with other academic institutions such as law colleges and professional bodies who may be interested.

A proposal will also be sent to the Government of India if it would be interested in setting up such a committee in which case FDPPI may withdraw its committee.

Naavi

Posted in Uncategorized | 1 Comment

FDPPI-DNV Certification Program for PDPCMS Auditors

After ISMS and PIMS, it is the time for PDP CMS or Personal Data Protection Compliance Management System to be implemented in organizations. PDP CMS is inclusive of PIMS  and ISMS but is more focused on either of them. ISMS focus rests on technical security across all information in an organization while PDP-CMS is focused on Personal Data. PIMS is focused on Privacy related to one specific data protection law leaving the security to a supporting ISMS system. On the other hand PDP-CMS is a unified system that takes into account all applicable data protection laws in an organization and incorporates Information Security along with Privacy controls as required for compliance.

After conducting three separate modules, Module I, Module G and Module A over the last 18 months, FDPPI is now launching an integrated module of training for professionals who could be consultants for data processing organizations or undertake audits for certification with a calculation of Data Trust Score as envisaged in the proposed Indian law.

The first such program is being inaugurated today at 10.30 AM and would be conducted online over 36 hours spread over six week ends.

FDPPI is happy to welcome DNV the globally renowned Certification agency which has joined hands with FDPPI as a Certification partner for this course.

SPOT REGISTRATION

Pay Rs 40000/- through this link 

and Contact Ramesh Venkataraman for the session link


Posted in Uncategorized | Leave a comment

FDPPI’s Certification Program for Data Protection Officers will start on June 19, 2021

The much awaited comprehensive Certification Program for DPOs in India from FDPPI is set to commence on June 19, 2021 as per the following tentative schedule.

The program consists of 36 hours of online training covering the Data Protection laws of India in full detail, GDPR in reasonable detail and laws of several other countries.

The sessions would be primarily conducted by Naavi, a veteran who started virtual education way back in the year 2000 through Cyber Law College and is the founder of www.naavi.org, as well as Chairman of FDPPI.

The discussion on Indian law will be on the basis of PDPB 2019 and ITA 2000/8. As and when the Bill is passed, a free bridging session will be offered to all the participants to discuss the changes so that the participants would be fully aware of the Indian Law.

The focus of the program will be to equip a Data Protection Officer with relevant knowledge required to take on the responsibility . The participants will get a certificate as
“Certified PDP-CMS Auditor” or “Certified PDP-CMS Consultant” depending on their performance in the examination.

The online examination will consist of 3 papers which will be held  on July 31st (Paper 1 and Paper 2) and August 1st 2021. (paper 3)

PDP-CMS audit is an audit for “Personal Data Protection Compliance Management System” which will be mandatory to be implemented  by every organization in India handling personal data. Those organizations which are classified as Significant Data Fiduciaries would be required to mandatorily get an audit conducted annually by an external auditor.

The PDP-CMS audit will include Evaluation of “Data Trust Score” (DTS) which is a unique proposition of the Indian Law.

The Evaluation of DTS will be based on a unique system established by FDPPI under the Personal Data Protection Standard of India (PDPSI).

In view of the  collaboration between FDPPI and DNV, the globally recognized organization which is known for Management audits, the Certificates would be issued under the joint names of FDPPI-DNV.

The online examination will consist of thee separate online multiple choice examination for 90 minutes each. There will be two cutoff marks for certification. Participants who clear the higher cutoff would be provided the certificate as PDP-CMS Auditor. Participants who clear a lower cutoff would be provided the certificate as PDP-CMS Consultant.

Certified PDP-CMS auditors would be accredited by FDPPI under their PDPSI audit program and will be eligible to conduct audits in association with Certification Bodies who are organizations accredited with FDPPI. PDP-CMS consultants would be able to provide consultancy to organizations to prepare themselves for audit and also upgrade themselves to the auditor grade based on experience.

The total fees for the program would be Rs 40,000/- (Or approximately US$ 575/-)

The application can be completed here

The Fees may be paid here.

(Registration is now closed)


 P.S: It may be noted that the Minister of Law and IT, honourable Mr Ravi Shankar Prasad in an interview on 28th May 2021 with Times now has indicated that the Government will push the passage of PDPB 2019 in the next Parliamentary session. Excerpts from this interview is available here.

It is likely that the Government would provide some time for implementation and will require around 3 months to set up the Data Protection Authority. However it appears that Jurisprudence has already developed in India to consider the principles of Personal Data Protection  discussed in the PDPB 2019 as  “Due Diligence” under ITA 2000/8. (Refer court judgements referred to in this article) .

Professionals are also aware that implementation of a comprehensive privacy program for an organization is not as simple as drafting a Privacy Policy for the website. It involves establishment of a Privacy culture in the organization which requires time. Hence prudent professionals and organizations need to  start early to retain a competitive advantage.

FDPPI hopes that professionals would take advantage of this opportunity.

For more information contact fdppi@fdppi.in.

Naavi

Posted in Uncategorized | Leave a comment

Working Group for Data Valuation invites submissions from professionals

FDPPI has set up a working group to develop a code of practice to bring data value into the financial statements of companies. The main objective is to bring “Visibility” to the value of assets held by an organization in the form of Data which needs to be secured. It may also help in the proper valuation of the organization in times of Mergers and Acquisitions and when insolvency petitions are considered by NCLT.

The suggestion is to develop a methodology for valuation acceptable to the larger sections of the society including the Government and the community of accountants. Hence FDPPI invites suggestions from the public on how data can be valued.

Presently we are focusing on Personal Data and the same methodology with suitable modifications would be extended to Non Personal Data when the new law as suggested by the Kris Gopalakrishnan committee is near finalization.

In order to trigger the thoughts we are making the initial version of suggestions placed before the committee by Naavi 

Comments can be sent to the Committee to reach them before May 31st 2021, through e-mail fdppi@fdppi.in with the subject line marked “Data Valuation”.

Please do contribute your thoughts.

Naavi

 

Posted in Uncategorized | 3 Comments

FDPPI-DNV project for Certification of professionals launched

FDPPI has been conducting different training programs to build the skill sets required to be a competent Data Protection Professional in India. Currently three programs have been launched namely the Module I, Module G and Module A. These three modules cover the Indian Data Protection laws, Important Global Data Protection laws and also the knowledge necessary for conducting Data audits as required in the compliance scenario.

FDPPI is now launching a combined training program which incorporates the content in all these three modules over a 36 hour online program. The program is conceived as a week end program with 3 hour sessions on each Saturday and Sunday starting from June 19. The program is scheduled to go upto July 25th. Sessions will be between 10.00 am to 1.00 pm each day.

There will be three part examination at the end of the program. Each will be a 90 minute online examination.

On successful completion of the examination the participants will be issued a certificate either as “Certified Global Privacy and Data Protection Consultant” (CG-PDP-C) or “Certified Global Privacy and Data Protection Auditor ” (CG-PDP-A).

This program will be the first of the projects being undertaken under the co-branding arrangement with DNV.

At this point of time this is the most comprehensive training program available for Privacy and Data Protection Professionals in India.

More details are available here.

Posted in Uncategorized | 3 Comments

FDPPI-DNV Collaboration

FDPPI is the leading organization in India focusing on development of systems and best practices  for “Privacy and Personal Data Compliance Management System” (PDP-CMS) and DNV is one of the oldest Management Certification organizations in the world.

The two organizations have come together in a collaboration that offers to the Indian industry co-branded services for building a Privacy and Data Protection Culture in the country and prepare the industry and professionals for the forthcoming Personal Data Protection Act in India through

a) FDPPI-DNV Certification program for Data Protection Professionals

b) FDPPI-DNV Certification of organizations for implementation of  for PDP-CMS (Personal data protection compliance management system)

c) FDPPI-DNV  DTS (Data Trust Score) evaluation

Mr Rajeev Panicker, head ICT business vertical for  Det Norske Veritas GL for India & Middle East Region. (DNV) addressed the FDPPI members on 12th May 2021, during the Jnaana Vardhini session and highlighted the essence of the collaboration between FDPPI and DNV.

Recognizing the value of the complimentary nature of the activities of the two organizations FDPPI and DNV have decided to make co-branded offers for the benefit of the community.

Accordingly, both organizations will offer services of each other to their clients and also execute projects by sharing their resources.

FDPPI has about 37 supporting members of which several members represent organizations which provide their services through revenue sharing arrangements with FDPPI. All of them will now be able to expand their services portfolio with the addition of the FDPPI-DNV co-branded services.

The arrangement is expected to expand the reach of both organizations and benefit the community at large.

Naavi

 

Posted in Uncategorized | Leave a comment

FDPPI sets up Personal Data Protection Advisory Board

FDPPI (Foundation of Data Protection Professionals in India) is an organization dedicated to the empowerment of the Data Processing community in India.

The four dimensions in which FDPPI is working today are

a) Knowledge enhancement

b) Implementation Support

c) Advisory Services

d) Dispute Resolution

FDPPI started its Certification Courses in end 2019 with a Certification Course covering Privacy and Personal Data Protection Laws in India (Module I). It then introduced a Certification Course covering the Privacy and Personal Data Protection laws at global level by covering GDPR of the EU region, CCPA and HIPAA of the US region along with Singapore PDPA, Dubai DIFC DPL, and Brazil LGPD. (Module G). Towards the beginning of 2021, FDPPI also completed the Certification of Data Audit skills with special focus on the unique PDPSI (Personal Data Protection Standard of India) framework.

Recently FDPPI has embarked on two important activities to provide advisory services. The first was to set up a Data Protection Emergency Response Team (DPERT) which will not only track the data protection incidents world over, but also provide quick guidance to organizations  confronting suspected or confirmed data breach incidents. The second initiative is the development of a “Personal Data Protection Guidance Board” (PGPDP) consisting of experts who can develop “Codes Of Practice” for personal data protection.

The PDP-AB is an ambitious project of FDPPI which should help the community of Privacy and Data Protection Community to come together under one platform and contribute to the cause of Privacy and Data Protection in India.

PDP-CC (PDP Code Committee) is a body of experts who will work towards creating Codes and Practices for adoption towards compliance. It should help  development of  a “Self Regulatory Best Practice Code” without waiting for the Government to pass the Bill and make compliance mandatory.

Indian corporate world has an unsavory reputation that unless some thing is made mandatory, they would not be interested in compliance. Once the PDPB 2019 is passed into an Act, compliance would become mandatory and non compliance expensive. But until then Compliance is still under ITA 2000, mandatory but with low prospect of punishment for non compliance.  FDPPI would however wish that the Indian Corporates would prove the sceptics wrong and start adopting the principles of PDPB 2019 as the due diligence under ITA 2000/8 and be compliant before the mandatory provisions kick in.

PDPAB and PDPCC are therefore likely to be  significant contributors to the development of a self regulated Data Processing industry in India.

The fourth dimension of FDPPI is when disputes arise in the compliance environment and we need to provide dispute resolution support. Such disputes could be between a Data Fiduciary, a Data Processor and a sub contractor or between a Data Principal and the Data Fiduciary.

The Data Principal-Data Fiduciary dispute comes under the powers of adjudication and Appellate Tribunal under PDPB 2019 and hence DDMAC role may be limited in this context to Mediation. But in other cases it may provide arbitration support. Additionally DDMAC would also provide e-Ombudsman services to companies on request.

Under these four different dimensions, FDPPI will be working to serve the PDP community in India in different ways. To support these initiatives, FDPPI also undertakes other ancillary services as may be necessary.

FDPPI is today an aggregation of nearly 200 professionals who work in the space of Privacy, Data Protection and Information Security. As we grow, attempts are being to formalize the operations but it would take some time for FDPPI to come out of its “Start Up” phase and get fully established.

I take this opportunity to invite once again all the professionals who are interested in contributing to the cause of Privacy and Data Protection to join hands with FDPPI and take it forward.

Naavi

 

 

Posted in Uncategorized | Leave a comment

India takes one more step towards establishing Data Privacy Standards

The Bureau of Indian Standards has released the IS 17428 part I and Part II as Data Privacy Assurance Requirements and Guidelines.

FDPPI has already released the PDPSI standards which are inclusive of the ISO 27701 which is a GDPR based Personal Information Management Standard (PIMS).

We welcome the release of IS 17428 and ensure that PDPSI would be inclusive of the best practice indications in IS 17428. However PDPSI will stand out as “Inclusive but Different” and continue to be a unified  “Certifyable Standard” for compliance of data protection  regulations.

PDPSI compliance will therefore be inclusive of the essence of IS17428 compliance while the vice-versa may not be true. However, if there is any conflict between IS17428 and PDPSI, the PDPSI will call out the conflicts.

More information about how the IS 17428 will merge with PDPSI will be provided in due course.

Naavi

Posted in Uncategorized | Leave a comment

FDPPI is now open for Accreditation of Certifying bodies under PDPSI framework

PDPSI or the Personal Data Protection Standard of India was introduced two years back and after continuous evaluation and fine tuning, has been adopted as the framework for certifying compliance of an organization for Data Security.

PDPSI will cover compliance requirements of current ITA 2000 (Section 43A), the proposed (PDPB 2019), GDPR and other global data protection laws applicable to an Indian organization.

PDPSI is therefore a “Unified Framework for Multiple Personal Data Protection Regulations”.

PDPSI incorporates all the best practice requirements of ISO 277001 and extends it further to new areas of data protection requirement.

FDPPI has created two types of trained professionals namely the “Certified Global Privacy and Data Protection Consultant” (CGPDP Consultant) and “Certified Global Privacy and Data Protection Auditor” (CGPDPA) through a rigorous training program covering data protection laws of India, data protection laws of major countries such as EU-GDPR, CCPA,HIPAA, Singapore PDPA, Dubai DFC, Brazil, LGPD etc besides Data Audit skills and the nuances of the PDPSI framework.

The PDPSI framework is also being released as a general guideline for organizations for self implementation. It could be considered as the recommended “Code of Practice” . The CGPDP Consultants will be able to assist the organizations for implementation by developing customized policy templates and technical architecture that may be required for the compliance. CGPDP Auditors would be able to get the organizations “Certified” under the Certification system which has been adopted by FDPPI.

Under this program, FDPPI will be accrediting Certification Bodies which are organizations who would undertake PDPSI based audits and certifying organizations. Every such organizations would be required to engage the services of at least one CGPDP Auditor as a “Lead Auditor” under a contractual binding. Such a Lead auditor associated with the Certification body would guide other professionals under them to conduct the audit leading to Certification.

The PDPSI audits will include DTS evaluation which will also be registered with FDPPI. It will also include a mandatory feedback from the organization to FDPPI along with a consent (or rejection) for publication of DTS. PDPSI auditees will also be provided limited assistance for maintenance of the audit through a mentorship program where a qualified “Mentor” would be available for quarterly consultation on critical issues of compliance.

The Certification bodies will be free to charge their fee for conducting the audit but would be paying a nominal registration fee for accreditation and a nominal per assignment fee for registration of DTS and maintenance support given by FDPPI following the audit certification.

At the time of accreditation, the Certifying body would be signing an MOU along with the designated Lead Auditor.

More details can be shared on request.

Naavi

Posted in Uncategorized | Leave a comment

Certified Global Privacy and Data Protection Consultant

At Rs 30000/- FDPPI offers three Certifications modules leading to the coveted “Certified Global Privacy and Data Protection Consultant” .

Online training for 55 hours followed by three online examinations with over 1000 pages of reading material will prepare professionals for taking up the responsibility of a Data Protection Professional.

Top performers may be accredited as PDPSI Certification auditors.

Contact FDPPI today.

Naavi

Posted in Uncategorized | Leave a comment