INBA-IAPP Privacy Summit 2015 – an insightful beginning to an informative innings for privacy in India

INBA-IAPP Privacy Summit 2015 – an insightful beginning to an informative innings for privacy in India

With the lighting of lamp began one of India’s long awaited summit on the subject of privacy. On 23^rd September, 2015, Indian National Bar Association (‘INBA’) represented by Kaviraj Singh, Secretary General and S.Ramaswamy Chairman, General Counsel Section and International Association of Privacy Professionals (‘IAPP’) represented by Rajesh Kumar and Kavitha Gupta, Co-Chairs of the Bangalore KnowledgeNet Chapter, who came together to host the first ‘Privacy, Data Protection and Cyber Security’ summit at ITC Gardenia, Bengaluru.  The event started with a Welcome Address note from Hon’ble Mr. Justice M. Chinnappa (Retd), Chairman, State Police Complaint Authority, on the recent technological evolutions and the increasing amount of cybercrimes that are compromising individual rights to privacy. This was followed by thoughts shared by Mr. Kaviraj Singh, Secretary General, INBA, V. Rajesh Kumar, Co-Chair of Bangalore KnowledgeNet Chapter of International Association of Privacy Professionals and S.Ramaswamy Chairman, General Counsel Section. This set the stage for thought-provoking multiple sessions that followed, graced by several stalwarts from the industry and legal profession.

The First Technical Session was on a panel topic titled “IoT and Big Data – Evolving growth of new technologies and potential challenges to Security and Privacy,” chaired by Srinivas Poosarla, VP & Global Head, Privacy & Data Protection, Infosys, who gave an  overview of the pace and scale at which  IoT is growing. Our dependence on technology and lowering cost of bandwidth, hardware and processing power has led to never-before innovation in business process and use cases.. Srinivas emphasized, how in our everyday lives we tend to make Internet connected ‘things’ work for us to handle otherwise mundane tasks. Toi illustrate how IoT will transform the way we make use of devices and information, he took the example of an simple alarm clock which instead of setting wake-up call time, can be programed to wake you up for an early morning flight at a time, that depends on weather conditions reported by meteorological dept., flight delay reported by airliner, and accordingly reset the cab arrival time.  This would allow us to make optimum use of our available time with minimum effort.  However, in absence of a policy & regulations on the adoption and use of such emerging information sharing devices, he highlighted three key focus areas that need to be addressed for IoT: security, privacy and reliability. He let the co-panelists share their thoughts and deep-dive on each of these areas for IoT and Big-Data Sunil Varkey, Head – Information Risk Management & Policy Compliance, Wipro Limited, brought forth his personal experiences with big data aggregators and their invasive reach into sensitive financial information which one would prefer to keep to oneself.  This was very well substantiated by Ramesh Kauta, CISO, General Electric with few experiences on the way.   Vipul Kharbanda, Centre for Internet and Society, informed the panel about various existing laws available on the subject. A majority of the panelists including Maria Bellarmine P, CISO, Tech Mahindra, and Ramesh Kauta agreed that more is to be done to bring in trust.  Self-regulation came out as a universally acceptable way ahead.

Taking forward the discussion, the second panel topic of the day was “Privacy in Doldrums – Adapting to an Information Age,” a practical issue faced by citizens and businesses in India, demanding the need for an omnibus Privacy legislation.  The panel was moderated by V. Rajesh Kumar, Lead Manager- Privacy and Data Protection, Infosys, who brought together his expertise in the field with a brief note on Digital India initiatives set forth by our Honorable Prime Minister Shri. Narendra Modi. Hard hitting topics like Adhaar scheme, Right to Privacy Bill and India’s preparedness towards the long awaited EU General Data Protection Regulation (GDPR) were dissected and analyzed to the core. N. Vijayshankar, Cyber Law Specialist, and N. S. Nappinai’s (Advocate & Founder, Technology Law Forum)had critical assessment of Adhaar, They questioned the very existence of privacy in such mass personal information collection initiatives. It was agreed that in absence of accountability and transparency the Adhaar scheme could remain a loose cannon. However, by making Right to Privacy a statutory right by passing the relevant legislation, it can bring reliability and protection to the data gathered for the purpose, it was agreed. In a rather emotional tone, N. Vijayshankar, on another query, asserted that scrapping of Section 66A by the honorable Supreme Court of India was unfortunate ‘since along with it offences such as phishing, spamming, cyber Stalking, cyber bullying etc. were also dropped.’ Indranil Choudhary, Founder and CEO of Lexplosion, without identifying any specific names, shared few areas where organizations have failed to understand the essence of IT Act and its subsequent rules in 2011. The question of Corporate India’s readiness towards GDPR was also discussed. Suchinto Chatterji’s (Advocate & Cross Border Transaction Advisory, 5E Legal) assessment of the present data protection regime being only catering to offshoring business is a living fact. The point was very ably supported by Kavitha Babu, Senior Attorney, Microsoft and later significant references were made to the new encryption policy which was published and withdrawn by authorities.  At the end of the session, the moderator made reference to the need of ‘Corporate Privacy Rules’ within each organization, which would bring MNCs in terms with local regulations. Presently, companies run hither and thither to remain compliant with local laws of various jurisdictions where they have offices. By having a standardized set of rules, corporates would be in a better position to apply one set of rules in all their offices.

The penultimate session on the topic “Data Privacy and Data Protection in the context of Outsourcing Contracts,” was moderated by Kavitha Gupta, Senior Legal Counsel, Hitachi Consulting, focused on the regulatory frameworks across the globe and highlighted the key challenges and impacts in the context of outsourcing contracts, particularly driven by the onset of new regulations, particularly as it relates to the in-house practitioner. Representatives and General Counsel from large MNC IT companies gave their thoughts on success factors and challenges, and on elements of their organizations’ programs they consider to be leading practices. Mr. Anand Bhushan, General Counsel, APAC, Cognizant Technology Solutions highlighted the importance of data protection in the context of outsourcing for companies and  discussed some of the contractual terms to look out for and the road blocks, risks, and costs associated with implementing an enterprise wide privacy program from scratch. On the other hand, Mr. Sivaram Nair, Executive Vice President & Company Secretary, General Counsel and Ethics Officer, Mphasis, shared his thoughts on some of the current “hot topics” and focus areas in the privacy and data security arena, and recommendations on leading practices and tips for practitioners. 

Mr. Joginder Yadav, General Counsel India, Cisco Systems, touched upon outsourcing compliance checklist /standards that a company needs to follow when it comes to cloud computing and discussed about Cisco white paper on cloud security at length with regard to global privacy and data security programs.  Ms. Sunita Jagtiani, General Counsel, Mahindra Comviva, described practices and approaches for working through the matrix of varying and changing requirements across multiple jurisdictions, and developing and integrating policies and practices with systems and security features. Mr. Vipin Agarwal, Senior Attorney, Microsoft India and Chair of Business Software Alliance shared his insights about data localization and how companies are responding to these requests and  its impact on companies’ compliance. In addition, the panelist outlined the importance of implementing proactive practices to help ensure that privacy and data security considerations are included as part of business process evaluations. Overall, the session provided a practical information with regard to global privacy and data security programs.

The Sessions ended with active participation by the audience through Q & A.

Overall there were more than 135 participants and attendees who had registered for the Summit including General Counsels from many established Companies, CIPs, Infosec, CISO Professionals, Law Firms, ISACA Members, Law Interns etc. 

Shri Raghu , President ISACA on Cyber Security  gave a 10 minute in-depth presentation where he highlighted  many statistical numbers much to the appreciation of the receptive audience. .In his thanking and closing address to the attendees and participants, V. Rajesh Kumar reasserted the importance of the inviolable urge of every human being to have his/her personal space. He shared his experiences of how individuals in their respective role of an employee, a citizen or head of a family should be matured enough to understand privacy implications and commit to value othersprivacy.   In response to a question from the audience on the importance of awareness, he said , ‘a person would respect others privacy only as much as he would want others to respect his own.’  Thus, within organizations, training and awareness about the sacred right of privacy is the only way to ensure that the right is protected and respected. 

The day ended up with a note from Kavitha Gupta who also expressed sincere thanks to all esteemed speakers, attendees, legal interns, and gave special thanks to Organizing Committee Members:

1.      Kaviraj Singh, Secretary General , INBA

2.   S. Ramaswamy, Ex-EVP and Group General Counsel, Escorts Group, Founder of Medha Advisors Knowledge Partner of this event;

3.      Garry Singh, Managing Director, iirus Consulting.

Isaac Watts once said, I quote, “Learning to trust is one of life's most difficult tasks”. As technology grows, distrust also grows. Until and unless we put our efforts towards giving an individual the power to control his personal information, technology will always suffer from being inherently distrustful. This event may have set some wheels rolling, some minds thinking, but it’s just the beginning of a long journey towards creating a trustworthy technology which caters to the needs of individuals in a respectful manner without affecting any personal rights.

The Summit ended with a networking Dinner.