Privacy is for safekeeping

428 views
312 views

Published on

Telcos across market are called upon to strengthen their privacy protection standards in the wake of increasing legal compliance burden and customer awareness.

There are some fundamental issues around data privacy, especially in the telecom sector. With user awareness around data privacy being high, it is essential for all industries to be cognizant of the challenges involved and to implement the appropriate enterprise-wide policy framework.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
428
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Privacy is for safekeeping

  1. 1. Privacy is for Safekeeping Accuracy, Storage & Disclosure of Personal Data1 © 2012 WIPRO LTD | WWW.WIPRO.COM
  2. 2. HIGHLIGHTS Accuracy, Storage & Disclosure of Personal Data Telcos across market are called upon to strengthen their privacy protection standards in the wake of increasing legal compliance burden and customer awareness. . There are some fundamental issues around data privacy, especially in the telecom sector. With user awareness around data privacy being high, it is essential for all industries to be cognizant of the challenges involved and to implement the appropriate enterprise-wide policy framework.2 © 2012 WIPRO LTD | WWW.WIPRO.COM
  3. 3. Privacy Vs. Confidentiality There are 2 schools of thought here: Privacy is covered under the confidentiality aspect of the security triad and is governed by the classification of information. This makes confidentiality a bigger umbrella under which privacy requirements are addressed and Confidentiality is an extension of remains the responsibility of the privacy. This school argues for chief security officer. protecting identifiable private information by making its access and disclosure strictly governed by an agreement with the person whose information is involved.3 © 2012 WIPRO LTD | WWW.WIPRO.COM
  4. 4. Indian Telecom Scenario IT Act Amendment 2008  43 A of the ITA 2008 necessitates that corporate bodies protect all personal data and information they possess, deal with or handle in a computer resource. If an enterprise is negligent in implementing a reasonable information security procedure, it is liable to pay damages to the affected party  72 A of the ITA 2008 now explicitly provides recourse against dissemination of personal information obtained through an intermediary or under a services contract, without the individual’s consent, with intent to cause wrongful loss or wrongful gain Telecom License (UASL) Requirements  UASL License Requirements Par t VI Security Conditions – Various clauses such as 39.1, 39.2, 39.3, 40.4, 40.5, 41.4, 41.14, 41.19 (iv) mandate the licensee (telecom operator) to ensure confidentiality and privacy of customer information The Telecom Unsolicited Commercial Communication Regulation 2007  Mandates requirements for setting up a National Do Not Call Registry, with implicit requirements for ensuring customer privacy4 © 2012 WIPRO LTD | WWW.WIPRO.COM
  5. 5. Processes where Privacy is Involved 1 • These are 5 steps a telecom service provider follows for customer life cycle management. Within each of these steps, there are touch points where PII is originated, handled and managed • These touch points cover both the physical records (the customer application form that contains most of the personal information along with the payment options) as well as the data in the business and operations support systems applications5 © 2012 WIPRO LTD | WWW.WIPRO.COM
  6. 6. Processes where Privacy is Involved 2 • It is vital to consider employee personal information as equally sensitive as customer personal information. Therefore, all the sensitive touch points should be examined to assess the PII details • Not only the HR department of the organization but also the outsourced agencies hold a lot of PII during the recruitment and hiring process. The PII in online systems also poses the same privacy risks6 © 2012 WIPRO LTD | WWW.WIPRO.COM
  7. 7. The Approach Essentially there are four critical things to do. Carry out an impact assessment and determine critical Enforcement through Create the PII processes, their It is important to policy and framework inventor y to map boundaries and touch define the privacy and to comply with the business processes points. This PII elements as well impacting regulation and underlying assessment will as to identify the will remain central to applications and enable to assess and drivers. the solutions infrastructure. refine the existing approach. controls and to determine the level of protection required. The short answer is a risk-based approach to do an impact assessment7 © 2012 WIPRO LTD | WWW.WIPRO.COM
  8. 8. The Challenges Implementing the appropriate enterprise-wide privacy framework and adopting the right technology are critical Discover the PII data within the systems and then build the technical options for data protection User awareness and training as well as privacy enhancing technologies End-user entitlements, data storage at rest and in transit Third-party agreements driven through the procurement and vendor relationship cells should not be overlooked8 © 2012 WIPRO LTD | WWW.WIPRO.COM
  9. 9. Conclusion  Maintaining privacy and protecting customer and employee personal information is a risk- management issue for all organizations  It goes beyond the regulatory requirements because customers expect their data to be protected to avoid identity thefts  It impacts an organization’s reputation and leads to financial loss due to lost revenue and litigation  Above all, customer confidence in the brand is impacted if there is no framework to deal with customer privacy9 © 2012 WIPRO LTD | WWW.WIPRO.COM
  10. 10. For more details please visit the link below: http://www.wipro.com/Documents/insights/Privacy_is_for_S afekeeping.pdf10 © 2012 WIPRO LTD | WWW.WIPRO.COM
  11. 11. About Wipro Council for Industry Research Wipro set up the Council for Industry Research, comprised of domain and technology experts from the organization, to address the needs of customers. It specifically surveys innovative strategies that will help customers gain competitive advantage in the market. The Council, in collaboration with leading academic institutions and industry bodies, studies market trends to help equip organizations with insights to facilitate their IT and business strategies. For more information on the Research Council visit www.wipro.com/insights or mail wipro.insights@wipro.com11 © 2012 WIPRO LTD | WWW.WIPRO.COM
  12. 12. About Wipro Technologies Wipro Technologies, the global IT business of Wipro Limited (NYSE:WIT) is a leading Information Technology, Consulting and Outsourcing company, that delivers solutions to enable its clients do business better. Wipro Technologies delivers winning business outcomes through its deep industry experience and a 360 degree view of “Business through Technology” – helping clients create successful and adaptive businesses. A company recognised globally for its comprehensive portfolio of services, a practitioner’s approach to delivering innovation and an organization wide commitment to sustainability, Wipro Technologies has over 135,000 employees and clients across 54 countries. For more information, please visit www.wipro.com12 © 2012 WIPRO LTD | WWW.WIPRO.COM
  13. 13. Thank You ©Wipro Limited, 2012. All rights reserved. For more information visit www.wipro.com No part of this document may be reproduced in whole or in part without the written permission of the authors. Wipro is not liable for any business outcome based on the views presented in this document. For specific implementation clients should take advise from their client engagement manager.13 © 2012 WIPRO LTD | WWW.WIPRO.COM

×