India's 2015 Data Privacy AgendaDSCI's Bajaj on How Sectors Must Put Privacy into Practice
Ever since the 2012 release of the AP Shah Committee report looking into privacy issues in India, thought-leaders have been increasingly focused on the topic. Nevertheless, it's unlikely that India will go the way of the European Union with a central data protection authority, says Kamlesh Bajaj, CEO of the Data Security Council of India.
"The report does not recommend a European-style data protection authority," Bajaj says, "although some regulator will have to be there - likely sector-wise, like the RBI has done for the banking sector. Self-regulation within verticals is also a possibility."
The idea is to ensure flexibility, so that as technology moves forward, the law can keep pace by focusing on the principles rather than by getting prescriptive and compliance oriented, stymieing effectiveness, Bajaj says. Open-ended flexibility will go a long way in incubating genuine privacy programmes in organizations.
Bajaj, who was a member of the AP Shah Committee on Privacy, says organizations need to be encouraged to do privacy impact assessments, and should not depend on a chief regulator sitting in Delhi.
In this exclusive interview conducted at DSCI's Annual Information Security Summit 2014, Bajaj discusses:
- The future of data breach legislation;
- The effectiveness of ISACs in India;
- The security challenges in the Indian government's ambitious National e-Governance Plan
Bajaj was the founding director of the Indian Computer Emergency Response Team (CERT-In) at the Ministry of Communications and IT and served as deputy director general, National Informatics Centre. He was deputy controller of certifying authorities; and was the global head, information risk management practice, at Tata Consultancy Services. He serves on various government committees on cybersecurity and ICT, and contributes to the activities of global bodies, including the Organization for Economic Cooperation and Development and the East-West Institute.