A presentation on data protection by Dr. Kalyan Kankanala
Contact Us for Intellectual Property Services
BananaIP Counsels
Regd Office
No.40,3rd Main Road,JC Industrial Estate,
Kanakapura Road,Bangalore – 560 062.
Email: contact@bananaip.com
Telephone: +91-80-26860414 /24/34
Data protection - Presentation by Dr. Kalyan Kankanala
1. Copyright BananaIP
DATA PROTECTION IN INDIA
Dr. Kalyan C. Kankanala
kalyan@bananaip.com
Books: www.kalyankankanala.com
Blog: www.bananaip.com/sinapse-blog
2. Copyright BananaIP
Data Protection
Right to Privacy
Private Data/Information
Constitution
Information Technology Act/Rules
RTI Act
Other Laws
3. Copyright BananaIP
Privacy Obligations
Personal Information
Sensitive
Non-Sensitive
Privacy Policy
Collection and Use
Disclosure
Consent
Measures - Policy/Audit
Transfer - Consent or Agreement
5. Copyright BananaIP
Case Example
Banasch designs automotive components and software for
luxury cars. Fifty percent of the company's team are direct
employees, and the rest are placed by staffing companies. HR
team of Banasch collects information from all personnel before
issuing access cards. The information includes:
a. Educational qualifications, Permanent Address, Mobile number,
Email address, Emergency Contacts;
b. PAN details, Passport details;
c. Blood group, Relevant medical history for employment;
d. Fingerprint, Retina info;
e. Bank details, Legal history, etc.
Obligations from privacy perspective?
6. Copyright BananaIP
Example Contd.
During a Dengue epidemic, Banasch wishes to help its
affected employees by facilitating blood donation. For
the said purpose, the HR team compiles a list of
employees interested in donating, based on blood
groups, and publishes their information on an internal
bulletin board. Their mobile numbers and residential
areas are also listed. The information is also supplied to
hospitals partnering with Banash in supporting Dengue
victims.
A new recruit files a privacy violation complaint.
Liable?
7. Copyright BananaIP
Example Contd.
Wife of X, a senior employee of Banasch
requests the HR team for a statement of bank
transfers made to her husband. X is on travel, and
she needs the information for making a loan
application. HR team provides fund transfer
statements, pay slips and tax deduction
documents.
X claims violation of privacy. Liable?
8. Copyright BananaIP
Example Contd.
Banasch provides corporate cell phones to its senior
employees. X gives this cell phone number in his
salary bank account, and transacts through it for tele-
banking. When X is on a trip to Germany for six
months, Banasch's receptionist, who learns about the
trip from HR Manager, applies for a duplicate SIM
Card and transfers funds to a fake bank account from
X's account. The money is immediately withdrawn
and disposed.
X goes after Banasch, Cell phone company and
Bank. Liable?
9. Copyright BananaIP
Business and Privacy
Agreement - Employees, Customers, etc
Policy - Privacy/Security Officer
Privacy for Business