Organizations desire to adopt best practices around data which are aligned with the risk management approaches they have in place. With increasing complexity around privacy and data security, it is necessary to gain deep understanding of the strategic directions adopted at some of leading organizations in India. With this intent, the Privacy Mode Fellowship programme was put together to work with practitioners who document easily adopted practices that are flexible and are based on well understood design principles. The Best Practices Guides provides a quick introduction to some of the topics which receive a lot of attention.
The Privacy Mode Fellowship programme considered the following themes while publishing the Call for Submissions:
- Data protection/security practices.
- Consent frameworks tied to purpose use limitations.
- Data rights.
- Encryption practices.
- Ankita Roychoudhury and Yashodhara Shukla , Frappe Technologies Private Ltd.
- Pratyush Pullela, Doosra, Ten20 Infomedia Pvt. Ltd.
- Rohan Verma, Zerodha Broking Ltd.
- Sathish KS, Zeotap
The following abstracts provide an insight into the topics covered by them. The abstracts are linked to the complete reports:
- Frappe: GDPR Compliance for ERP
- Doosra: Protecting your mobile number
- Zerodha: Data protection, security and privacy practices
- Zeotap: Privacy in Data as a Service (DaaS) business
- Anwesha Sen - Programme Coordinator
- Shakthi Kannan - Technical Writer
- Anish T P - Illustrations
- Stephanie Browne - Product Support
- David Timethy - Administration
View acceptance criteria for the fellowship program 👉 here
Practices to ensure Data Protection and opting for best Security practices to prevent data breaches.
STATEMENT OF PURPOSE
Privacy is recognised as one of the most important rights conferred on the citizens in the present century. In India, Privacy is recognised as a fundamental right well within the contours of Article 21, in the landmark judgement of K.S. Puttaswamy v Union of India. The aftermath of this led to the formation of the Joint Parliamentary Committee headed by Justice Srikrishna for drafting the Personal Data Protection Bill. The Personal Data Protection bill which is now known as Data Protection Bill derives inspiration from the General Data Protection Regulation (“GDPR”). The GDPR is the ace privacy legislation and has acted as a touchstone for almost all the newly drafted Data Privacy Legislation.
We see the project becoming tangible in the form of a 2000 words article which shall be completed in accordance with the Milestones prescribed as under :
Milestone 2:- Adoption of a Proper Access Control Policy within the Organisation. [By 15th March 2022] As an Open source Enterprise Resource Planning (“ERP”) Solutions Company, we face a deep challenge providing proper and adequate access controls in our Systems. Access control plays a vital role in preventing data breaches and is opted as an important security practice among companies. Under the project, we will try to address the issue of access control within the company and try to opt for the best industry practice to ensure data security and prevent data breaches within the company.
Milestone 3:- Adoption of a Data Retention Policy within the Organisation. [By 30th March 2022] As an ERP Solutions Company, we provide ERP in our Cloud services which entitles us to retain a large amount of data of our customers and our customer’s customers for which we are devising a proper data retention policy within the Company. This policy shall be an internal document that the company has to abide by if the Customer requests for the deletion of their account or any of the data that we are withholding from them. Under the project, we will draft the data retention policy (i.e. within how many days we shall be deleting a particular kind of data and related details) which is adopted by the company and devise a mechanism within the company to ensure that all the departments are aware that such a request has been generated by the Customer. The project will enumerate the step by step procedure adopted as per this policy for dealing with such Customer requests.
Milestone 4:- Opting for a Proper Backup Policy. [By 10th April 2022] To devise a proper backup policy and conduct backup regularly is one of major the major courses of action to prevent loss of data. Since we provide ERP on our Cloud services it is pertinent to devise a proper backup policy that puts out the process of carrying out backups that can be used to restore lost or corrupted data, which can ultimately lessen the financial blow to your organization. In this project, we will try to highlight the measures we have adopted in our Backup policy so that we minimise the loss of data as much as possible.
Milestone 5:- Data Portability. [By 20th April 2022] Data portability is an important requirement for many SaaS companies. It means the ability to move data between different environments and software applications. Very often, data portability means the ability to move data between on-premises data centres and the public cloud, and between different cloud providers. In this project, we will try to highlight how we offer the right to data portability to our customers.
Milestone 6:- Final conclusion and findings [By 30th April 2022]
The project will conclude with suggestions from our end as to what can be improved and where and how the legal lacunas can be dealt with for a holistic data privacy regime.