Conversations around privacy and data security are increasing everyday. The government has tabled a Personal Data Protection bill in the parliament, and a Joint Parliamentary Committee has presented its report on the potential and concerns regarding privacy and personal data.
There is a need to do data privacy across domains and at scale, especially around the following themes:
- Data protection/security practices.
- Consent frameworks tied to purpose use limitations.
- Data rights.
- Encryption practices.
The Privacy Mode Fellowship programme is set in this context. The goal of the programme is to work with practitioners to document practices that can be widely adopted across the industry, and innovated upon. The programme is particularly interested in showcasing:
- Privacy-related challenges that practitioners are solving, and the context around these.
- Solutions, and evidence of how these solutions have been implemented in different organizations.
- Results achieved through the solutions - a before and after explanation of what changed, and metrics achieved.
Check out the Best Practices Guides to understand the type of topics that the Fellowship is looking at.
If this is you, apply to be a Privacy Mode fellow today.
Duration of the fellowship programme: 3 months - from February to 30 April. Applications can be submitted till 21 February.
Time commitment involved: Part-time. As a Fellow, you will do your Fellowship projects alongside your day job. The programme will require between one and four hours time commitment per week to produce the output. The editorial desk will work with Fellows to set milestones and deadlines.
a. A detailed article of 1,000 to 2,000 words - with illustrations, OR
b. 2-3 videos explaining practice and learnings in sequence.
Compensation: Rs. 1,50,000 - paid in three tranches, upon completion of milestones during the Fellowship period.
Feedback and mentorship from jury: A three-member jury of experts will guide selected applicants through conceptualization and documentation stages. The jury members for the fellowship programme are:
1. Uzma Barlaskar, Head of privacy and growth at WhatsApp.
2. Anand Venkatanarayanan, Independent cybersecurity researcher.
3. Sankarshan Mukhopadhyay, Editor at Privacy Mode.
Other benefits: As a Fellow, you will receive the following infrastructure and support:
- Editorial desk with copy-editing, proof reading and graphic design resources to help you complete your outputs.
- Distribution and elevation of final outputs.
Who can apply:
1. Tech practitioners - senior engineer, product manager, engineering manager, privacy officer - who work on data governance and privacy in their organizations.
2. Individuals from academia who work on data privacy.
3. Individuals working on social impact via data privacy.
Five applicants will be selected to participate in the first batch of the Fellowship Programme.
To apply for the Fellowship, submit the following here:
- A statement of intent and purpose, detailing the following-
- What problem area are you solving and the context around this? As mentioned above, the Fellowship programme will cover the following themes:
A. Data protection/security practices
B. Consent frameworks tied to purpose use limitations
C. Data rights
D. Encryption practices
- A description of the solution and evidence of how it was implemented at your company.
- Results achieved through this.
- The form in which you see the knowledge finally shaping up as - as an article or as a series of two-three explainer videos.
- Two samples of work - written or video.
- Your bio.
Fellows’ will be selected on the basis of innovative approaches and solutions implemented for privacy.
The following criteria will also be applied for selecting fellows:
- Diversity - women, trans and gender non conforming persons and individuals from marginalised social contexts will be given preference.
- Candidates with prior speaking/writing experience.
- Candidates with mid to senior engineering and product leadership roles will be given preference.
Practices to ensure Data Protection and opting for best Security practices to prevent data breaches.
STATEMENT OF PURPOSE
Privacy is recognised as one of the most important rights conferred on the citizens in the present century. In India, Privacy is recognised as a fundamental right well within the contours of Article 21, in the landmark judgement of K.S. Puttaswamy v Union of India. The aftermath of this led to the formation of the Joint Parliamentary Committee headed by Justice Srikrishna for drafting the Personal Data Protection Bill. The Personal Data Protection bill which is now known as Data Protection Bill derives inspiration from the General Data Protection Regulation (“GDPR”). The GDPR is the ace privacy legislation and has acted as a touchstone for almost all the newly drafted Data Privacy Legislation.
We see the project becoming tangible in the form of a 2000 words article which shall be completed in accordance with the Milestones prescribed as under :
Milestone 2:- Adoption of a Proper Access Control Policy within the Organisation. [By 15th March 2022] As an Open source Enterprise Resource Planning (“ERP”) Solutions Company, we face a deep challenge providing proper and adequate access controls in our Systems. Access control plays a vital role in preventing data breaches and is opted as an important security practice among companies. Under the project, we will try to address the issue of access control within the company and try to opt for the best industry practice to ensure data security and prevent data breaches within the company.
Milestone 3:- Adoption of a Data Retention Policy within the Organisation. [By 30th March 2022] As an ERP Solutions Company, we provide ERP in our Cloud services which entitles us to retain a large amount of data of our customers and our customer’s customers for which we are devising a proper data retention policy within the Company. This policy shall be an internal document that the company has to abide by if the Customer requests for the deletion of their account or any of the data that we are withholding from them. Under the project, we will draft the data retention policy (i.e. within how many days we shall be deleting a particular kind of data and related details) which is adopted by the company and devise a mechanism within the company to ensure that all the departments are aware that such a request has been generated by the Customer. The project will enumerate the step by step procedure adopted as per this policy for dealing with such Customer requests.
Milestone 4:- Opting for a Proper Backup Policy. [By 10th April 2022] To devise a proper backup policy and conduct backup regularly is one of major the major courses of action to prevent loss of data. Since we provide ERP on our Cloud services it is pertinent to devise a proper backup policy that puts out the process of carrying out backups that can be used to restore lost or corrupted data, which can ultimately lessen the financial blow to your organization. In this project, we will try to highlight the measures we have adopted in our Backup policy so that we minimise the loss of data as much as possible.
Milestone 5:- Data Portability. [By 20th April 2022] Data portability is an important requirement for many SaaS companies. It means the ability to move data between different environments and software applications. Very often, data portability means the ability to move data between on-premises data centres and the public cloud, and between different cloud providers. In this project, we will try to highlight how we offer the right to data portability to our customers.
Milestone 6:- Final conclusion and findings [By 30th April 2022]
The project will conclude with suggestions from our end as to what can be improved and where and how the legal lacunas can be dealt with for a holistic data privacy regime.