The average cost of a data breach in India reached ₹17.9 crore in 2023, an all-time high and almost 28% increase since 2020, according to a 3rd Party Data Breach Report. At nearly 22%, the most common attack type in India was phishing, followed by stolen or compromised credentials (16%). Social engineering & malicious insider threats.
Amidst this alarming landscape, a physical seminar is organized by Sister Nivedita University & Infosec Foundation with the theme “Data Privacy & Beyond” to understand the gravity of Data privacy. With distinguished Speakers, Panellists, and Subject matter experts, the idea was to decode the present DPDP Bill in India, its co-relation with global norms, impacts, benefits, and consequences.
The event was held at “Techno India Centre of Excellence, 2nd Floor, DN 25, Sector V, Salt Lake, Kolkata 700091 on 31st August, 4.30 pm – 7.30 pm.
A three-hour window was power-packed with an engaging audience, speakers, dignitaries, and industry stakeholders. After the Welcome address by Mr.Sushobhan Mukherjee, Chairman, Infosec Foundation, and Ms.Ina Bose, Director- Industry Relations, Sister Nivedita University, the august gathering witnessed the Keynote address “Decoding DPDP Bill 2023” by Mr.Supratim Chakraborty, Partner, Corporate and M&A Practice Group, Khaitan & Co. The keynote was followed by a Panel Discussion on “Data Privacy Concerns & Roadmap in Enterprises”. The panel was moderated by Mr. Sushobhan Mukherjee, Chairman, Infosec Foundation & CEO-Prime Infoserv LLP. The panel was graced by industry veterans like Mr.Avijit Patra, PWC & CSA Kolkata Chapter, Mr. Shomak Som, LT Mindtree, Mr.Anupam Agarwal, TCS and Mr.Tathagata Datta, Ex-Additional Director, National Critical Information Infrastructure Protection Centre (NCIIPC), GOI.
In August 2023, India’s Lok Sabha and Rajya Sabha passed the “Digital Personal Data Protection Bill-2023” aiming to establish the country’s primary privacy law for digital personal data. The bill aims to balance individual data rights with organizational data processing needs, replacing existing data protection laws enforced through the IT Act, of 2000.
The Intent is to regulate the processing of digital personal data in a manner that respects individual’s right to safeguard their personal information while also acknowledging the legitimate purposes for data processing. This bill is applicable to Personal Data, collected in digital form & non-digital form which is digitized subsequently. The bill coverage includes children’s data as well. Digital Data of an individual can be an identifier like Names, Phone Numbers, Aadhaar, PAN, etc.
The bill defines territories of applicability, Stakeholders, and Data Principals with their rights, duties & obligations. Furthermore, it focuses on strong enforcement and penalties against non-adherence or non-compliance.
A few key takeaways for the audience were as follows:
• Familiarise with the law.
• Conduct a comprehensive data inventory using data discovery techniques.
• Develop mechanisms to provide notices to data principals for personal data collected previously and going forward.
• Implement a consent management mechanism to collect, maintain, track, and update consent from individuals.
• Establish and maintain reasonable technical and organisational security measures to protect personal data.
• Conduct a gap assessment to evaluate readiness with the Bill.
• Prepare and deploy mechanisms to respond to data principal rights requests.
• Ensure valid contracts are maintained with data processors.
• Monitor changes or updates to data protection laws and regulations.
The event has witnessed the august gathering from Kolkata industry stakeholders including CIO, CISO, IT head, and other decision-makers from various enterprises. The enthusiasm and engagement were really encouraging for building awareness, adoption, and governance of data privacy.
The organizers committed to having further follow-up sessions, events, works, trainings to keep up the momentum. Overall a wonderful event to conclude with many takeaways to strengthen our state, community & ecosystem to fight against cyber demons.