Data security and privacy protection are the current watchwords globally and India is no exception. What is the role of DSCI in making data protection an important enabler for the IT/BPO industry?
The Nasscom-McKinsey report has clearly identified the various enablers required to achieve the target of USD 225 billion in the next 10 years or so from the present level of USD 75 billion and security is one of them. The whole world is concerned about data security and all countries have laws on data protection, which include both data security as well as privacy protection. Therefore in India, it is necessary that we take a step, which should not only secure data and engage in privacy protection but also demonstrate to the world that we have initiated these steps. It is for this reason that the industry decided to focus on data protection as one of the key initiatives and hence DSCI was created.
Our mandate is to create awareness on data security, privacy practices and work with not only clients abroad, but also with the service providers in India. We help raise their awareness levels, develop an adequate security as well as privacy practices, which can then be developed into standards and implemented by our organisation. These steps help in showcasing to the world that these practices will actually achieve compliance with their regulations. We do public advocacy — we work with the government in raising an adequate data protection environment in the country in terms of a legal regime.
We also conduct annual surveys to understand data security and privacy issues in different industry verticals and compare them to benchmark and understand how we stand with respect to practices followed globally. We also conduct research in specific areas such as cloud computing. We look at how other governments are treating an emerging technology like the cloud. We also try to understand the different types of laws that different governments are trying to bring about to protect information about their citizens.
DSCI is also trying to enhance the data protection culture in India by conducting conferences and seminars while simultaneously engaging with privacy regulators and clients abroad on a continuous basis.
What should organisations do to mitigate the challenges, posed by social networking websites?
I think the potential of social networking has to be fully understood. Look at the way Twitter, Facebook, Orkut and MySpace have changed the concept of networking. If you look at Facebook as a country, it has more than 700 million residents, and so one can’t just wish it away.
While social networking can cause harm, one has to understand that there is also lots of wisdom, knowledge and understanding in it too. To mitigate the risks, we have to increase awareness. Companies must also formulate and implement a social media policy. Simultaneously, they must educate and spread awareness among employees everywhere that they have to be careful at work. While they can have freedom, they must act with responsibility. Some of these messages should be aimed at the youngsters that they should not get into trouble five years later for having said something earlier.
