SlideShare a Scribd company logo
Data Protection & Aadhaar Act
Nanda Mohan Shenoy D
CAIIB,DBM-Part I,, NSE Certified Market Professional Level-1 ,P G Diploma in IRPM, PG Diploma in
EDP and Computer Management, DIM,LA ISO 9001,LA ISO 27001 NISM empanelled CPE Trainer
Director
1
Agenda
• Information Technology Act 2000
• Aadhaar Data protection
• Data Protection Framework
• Question & Answers
2
2000 Vs 2008Vs FA2017
3
Sec-43 A
• A body corporate, possessing, dealing or handling any
• sensitive personal data or information in a computer
resource which it owns, controls or operates, is negligent in
implementing and maintaining
• reasonable security practices and procedures and
thereby causes wrongful loss or wrongful gain to any
person, such body corporate shall be liable to pay damages
by way of compensation, to the person so affected.
(Change vide ITAA 2008)
How much is not defined in the Act which means
unlimited
4
What Constitutes SPDI ?
(i) Password
(ii) Financial information such as bank account, credit
card, debit card or other payment details
(iii) Physical, physiological and mental health condition
(iv) Sexual orientation
(v) Medical records and history
(vi) Biometric information
– Finger prints
– Eye retina and irises
– Voice patterns
– Facial patterns
– Hand measurement
– DNA
Rules &
Regulations
5
Banks & SPDI
• Banks handle SPDI across the customer,
employee and vendor process
• Right from the Physical forms at
Branches to the Data in private Cloud as
well as in-house
• Tomorrow if you adopt voice recognition
then protecting that also becomes
important
• Till last year before implementation of RD
Services by UIDAI Biometric information
was also very critical
• Employee attendance through Biometrics
• Data Exchange with CIBIL and other
bodies
7
Privacy Policy & Consent
(1) Privacy policy for handling of or dealing
in personal information including
sensitive personal data
• Publish on website of body corporate
or any person on its behalf
(2) Consent
• in writing through letter or fax or email
from the provider of the sensitive
personal data or information regarding
purpose of usage before collection of
such information
• This is also applicable also to Aadhaar
Information
8
Impact on banks
Banks have to identify
– SPDI
• Customers
• Vendors
• Employees
– Implement controls
• Encryptions
• Define and device policies for the same
• Have ISO 27001: Standards implemented
and audited
– Consent to be taken from customers as well
as employees
Risk of compensation
9
Incident Management
• Wannacry attack
is a Cyber Security
Incident
• Mandatory
Reporting as per
Sec 70 B
– shall be
punishable with
imprisonment
for a term which
may extend to
one year or with
fine which may
extend to one
lakh rupees or
with both
10
Imprisonment Fines
Agenda
• Information Technology Act 2000
• Aadhaar Data protection
• Data Protection Framework
• Question & Answers
11
Act, Sections & Regulations
Chapter Sections Regulations
I-PRELIMINARY 1-2(2) --------------------NA-----------------------
II Enrolment 3-6(4) Aadhaar (Enrolment and Update) Regulations 2016
Aadhaar (Enrolment and Update) (First Amendment
)Regulations 2017
III Authentication 7-10(4) Aadhaar (Authentication) Regulations 2016
Aadhaar (Sharing of Information) Regulations 2016
IV UIDAI 11-23(13) --------------------NA-----------------------
V Grants ,Accounts and audit
and annual report
24-27(4) --------------------NA-----------------------
VI Protection of Information 28-33(6) Aadhaar (Data Security) Regulations 2016
VII Offences & penalties 34-47(14) --------------------NA-----------------------
VIII Miscellaneous 48-59(12) --------------------NA-----------------------
12th July 2016- Sec 11-20 ,22 to 23, 48-59
12th Sep 2016 –Sec 1-10 and 24-47
12
Aadhaar Compliances
• Need to comply to the Acts and
regulations as mentioned
• Non compliance leads
–Financial Disincentives
–Penalties
–Cancellation of Licenses
13
Disincentives
14
Latest Trends in Data Protection
• Tokenisation
–PCI
–Aadhaar Data
• Data Vault
15
Aadhaar Ecosystem & Banks
• Permeating the entire banking system
• Financial as well a Non Financial
transaction
16
Securing Aadhaar Data
Aadhaar
number must
be stored in a
vault in an
encrypted
manner whose
key should be
in a FIPS 140-
2 compliant
device
17
Talk of the Town
• New ideas of
tokenisation
• Virtual Id for customers
• So no Aadhaar number
gets stored in the system
– Global AUA
– Local AUA
• Lot of rework in the
existing data flow due to
this requirement
18
Impact on banks
Banks have to identify
–Financial Burden
• Fees of Rs 20 Lacs for two years
• Bank Guarantee for 10 Lacs
–Implement controls
• Encryptions using HSM (20-30 Lacs
for HSM in HA )
–Undertake a separate Aadhaar
Compliance Assessment (Annual Audit
not sufficient in our view)
19
Agenda
• Information Technology Act 2000
• Aadhaar Data protection
• Data Protection Framework
• Question & Answers
20
Data Protection Framework-India
• Committee of Experts under the
Chairmanship of Justice B N
Srikrishna, Former Judge, Supreme
Court of India, to identify key data
protection issues in India and
recommend methods of addressing
them.
• Released for Public Comments on 27th
Nov 2017 (243 pages)
• Last date for public comments was
31st Dec 2017
• Heavily borrowed from GDPR
21
Contents
• Part-I Context Setting
• Part-II Scope and exemptions
• Part-III Grounds of Processing
• Part-IV Regulation and enforcement
22
Part-II Scope and exemptions
• Ch 3- What is personal Data?
• Ch 4- SPDI
– Further broadened to include caste religion etc
• Ch 5- What is processing?
• Ch 6- Data Controller and Processor
– Banks will be Controllers as well as processors
– If outsourced then service provider will be processor
• Ch 9- Data Localisation
– Keeping data within the country
23
Part-III Grounds of Processing
• Ch1-Consent
• Ch 2- Child’s Consent
• Ch 3- Notice
• Ch 6- SPDI Processing
• Ch 7- Storage Limitation and Data Quality
24
Part-IV Regulation and
enforcement
• Ch 2-Accountability & enforcement tools
–Code of Practice
–Personal Data Breach notification
–Categorisation of Data Controllers
–Data Protection Authority
• Ch 4- Remedies
–Penalties
–Compensation
–Offences
25
nmds@bestfitsolutions.in, 09820409261
nநன்றி
ध यवाद
27

More Related Content

What's hot

Digital-India.ppt
Digital-India.pptDigital-India.ppt
Digital-India.ppt
Janmesh6
 
Management information system
Management information systemManagement information system
Management information system
Anil Chaurasiya
 
Cyber laws in india
Cyber laws in indiaCyber laws in india
Cyber laws in india
Nikhil Naren
 
Role and impact of Information Technology on Indian Banks
Role and impact of Information Technology on Indian BanksRole and impact of Information Technology on Indian Banks
Role and impact of Information Technology on Indian Banks
DrAbhinavSharma1
 
Core banking
Core bankingCore banking
Mis in banking sector
Mis in banking sectorMis in banking sector
Mis in banking sector
Tapan143M
 
dss
 dss dss
Chap12 Developing Business/IT Solutions
Chap12 Developing Business/IT SolutionsChap12 Developing Business/IT Solutions
Chap12 Developing Business/IT Solutions
Aqib Syed
 
Real time gross settlement (rtgs)
Real time gross settlement (rtgs)Real time gross settlement (rtgs)
Real time gross settlement (rtgs)
Dharmik
 
Demonetization and its impact on banking sector
Demonetization and its impact on banking sectorDemonetization and its impact on banking sector
Demonetization and its impact on banking sector
vura Sairam
 
Mis lecture ppt
Mis lecture pptMis lecture ppt
Mis lecture ppt
Vandana Agrawal
 
It act 2000
It act 2000It act 2000
It act 2000
Rishav Mishra
 
ppt on aadhar card project
ppt on aadhar card projectppt on aadhar card project
ppt on aadhar card project
Pooja Verma
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
Kimberly Simon MBA
 
Aadhaar
AadhaarAadhaar
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection Presentation
IBM Business Insight
 
RBI : Payment & Settlement Systems
RBI : Payment & Settlement SystemsRBI : Payment & Settlement Systems
RBI : Payment & Settlement Systems
Rahul Deka
 
Consumer Oriented Application, Mercantile process and Mercantile models
Consumer Oriented Application, Mercantile process and Mercantile modelsConsumer Oriented Application, Mercantile process and Mercantile models
Consumer Oriented Application, Mercantile process and Mercantile models
Rabin BK
 
Unified Payments Interface (UPI) - Introduction
Unified Payments Interface (UPI) - Introduction Unified Payments Interface (UPI) - Introduction
Unified Payments Interface (UPI) - Introduction
indiastack
 
Ban of chinese apps
Ban of chinese appsBan of chinese apps
Ban of chinese apps
Rishabh878689
 

What's hot (20)

Digital-India.ppt
Digital-India.pptDigital-India.ppt
Digital-India.ppt
 
Management information system
Management information systemManagement information system
Management information system
 
Cyber laws in india
Cyber laws in indiaCyber laws in india
Cyber laws in india
 
Role and impact of Information Technology on Indian Banks
Role and impact of Information Technology on Indian BanksRole and impact of Information Technology on Indian Banks
Role and impact of Information Technology on Indian Banks
 
Core banking
Core bankingCore banking
Core banking
 
Mis in banking sector
Mis in banking sectorMis in banking sector
Mis in banking sector
 
dss
 dss dss
dss
 
Chap12 Developing Business/IT Solutions
Chap12 Developing Business/IT SolutionsChap12 Developing Business/IT Solutions
Chap12 Developing Business/IT Solutions
 
Real time gross settlement (rtgs)
Real time gross settlement (rtgs)Real time gross settlement (rtgs)
Real time gross settlement (rtgs)
 
Demonetization and its impact on banking sector
Demonetization and its impact on banking sectorDemonetization and its impact on banking sector
Demonetization and its impact on banking sector
 
Mis lecture ppt
Mis lecture pptMis lecture ppt
Mis lecture ppt
 
It act 2000
It act 2000It act 2000
It act 2000
 
ppt on aadhar card project
ppt on aadhar card projectppt on aadhar card project
ppt on aadhar card project
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
 
Aadhaar
AadhaarAadhaar
Aadhaar
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection Presentation
 
RBI : Payment & Settlement Systems
RBI : Payment & Settlement SystemsRBI : Payment & Settlement Systems
RBI : Payment & Settlement Systems
 
Consumer Oriented Application, Mercantile process and Mercantile models
Consumer Oriented Application, Mercantile process and Mercantile modelsConsumer Oriented Application, Mercantile process and Mercantile models
Consumer Oriented Application, Mercantile process and Mercantile models
 
Unified Payments Interface (UPI) - Introduction
Unified Payments Interface (UPI) - Introduction Unified Payments Interface (UPI) - Introduction
Unified Payments Interface (UPI) - Introduction
 
Ban of chinese apps
Ban of chinese appsBan of chinese apps
Ban of chinese apps
 

Similar to Data Protection & Aadhaar Act

Senior Management Awareness presetnation
Senior Management Awareness presetnationSenior Management Awareness presetnation
Senior Management Awareness presetnation
Nanda Mohan Shenoy
 
New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management
Jerika Phelps
 
New Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS ManagementNew Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS Management
Black Duck by Synopsys
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
Precisely
 
New Security Legislation & It's Implications for OSS Management
New Security Legislation & It's Implications for OSS Management New Security Legislation & It's Implications for OSS Management
New Security Legislation & It's Implications for OSS Management
Black Duck by Synopsys
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
Precisely
 
2016_07_22_can_you_protect_my_cc_data
2016_07_22_can_you_protect_my_cc_data2016_07_22_can_you_protect_my_cc_data
2016_07_22_can_you_protect_my_cc_data
Kelvin Medina, CISSP, PA-QSA, QSA, GCIH, CISA, ITIL
 
Isaca new delhi india privacy and big data
Isaca new delhi india   privacy and big dataIsaca new delhi india   privacy and big data
Isaca new delhi india privacy and big data
Ulf Mattsson
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance Readiness
Al Abbas, PMP, CISSP, MBA, MSc
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
Precisely
 
EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...
Erik Vollebregt
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
IT Governance Ltd
 
INFORMATION Communication Technology (ICT) ACT
INFORMATION Communication Technology (ICT) ACTINFORMATION Communication Technology (ICT) ACT
INFORMATION Communication Technology (ICT) ACT
Jahid Khan Rahat
 
2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment
Raffa Learning Community
 
2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment
Rachel Caldwell
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
Ulf Mattsson
 
E-comm PPT Team-4.pptx
E-comm PPT Team-4.pptxE-comm PPT Team-4.pptx
E-comm PPT Team-4.pptx
DivyaHinduja2
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
Roy Biakpara, MSc.,CISA,CISSP,CISM,ISO27KLA
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
Ulf Mattsson
 

Similar to Data Protection & Aadhaar Act (20)

Senior Management Awareness presetnation
Senior Management Awareness presetnationSenior Management Awareness presetnation
Senior Management Awareness presetnation
 
New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management
 
New Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS ManagementNew Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS Management
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
New Security Legislation & It's Implications for OSS Management
New Security Legislation & It's Implications for OSS Management New Security Legislation & It's Implications for OSS Management
New Security Legislation & It's Implications for OSS Management
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
 
2016_07_22_can_you_protect_my_cc_data
2016_07_22_can_you_protect_my_cc_data2016_07_22_can_you_protect_my_cc_data
2016_07_22_can_you_protect_my_cc_data
 
Isaca new delhi india privacy and big data
Isaca new delhi india   privacy and big dataIsaca new delhi india   privacy and big data
Isaca new delhi india privacy and big data
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance Readiness
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
 
INFORMATION Communication Technology (ICT) ACT
INFORMATION Communication Technology (ICT) ACTINFORMATION Communication Technology (ICT) ACT
INFORMATION Communication Technology (ICT) ACT
 
2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment
 
2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
E-comm PPT Team-4.pptx
E-comm PPT Team-4.pptxE-comm PPT Team-4.pptx
E-comm PPT Team-4.pptx
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 

More from Nanda Mohan Shenoy

Srimadbhagavata_parayanam_v3.pdf
Srimadbhagavata_parayanam_v3.pdfSrimadbhagavata_parayanam_v3.pdf
Srimadbhagavata_parayanam_v3.pdf
Nanda Mohan Shenoy
 
D07_SVCMahatmyam_v1.pdf
D07_SVCMahatmyam_v1.pdfD07_SVCMahatmyam_v1.pdf
D07_SVCMahatmyam_v1.pdf
Nanda Mohan Shenoy
 
D06_SVCMahatmyam_v1.pdf
D06_SVCMahatmyam_v1.pdfD06_SVCMahatmyam_v1.pdf
D06_SVCMahatmyam_v1.pdf
Nanda Mohan Shenoy
 
D05_SVCMahatmyam_v1.pdf
D05_SVCMahatmyam_v1.pdfD05_SVCMahatmyam_v1.pdf
D05_SVCMahatmyam_v1.pdf
Nanda Mohan Shenoy
 
D04_SVCMahatmyam_v1.pdf
D04_SVCMahatmyam_v1.pdfD04_SVCMahatmyam_v1.pdf
D04_SVCMahatmyam_v1.pdf
Nanda Mohan Shenoy
 
D03_SVCMahatmyam_v1.pdf
D03_SVCMahatmyam_v1.pdfD03_SVCMahatmyam_v1.pdf
D03_SVCMahatmyam_v1.pdf
Nanda Mohan Shenoy
 
D02_SVCMahatmyam_v1.pdf
D02_SVCMahatmyam_v1.pdfD02_SVCMahatmyam_v1.pdf
D02_SVCMahatmyam_v1.pdf
Nanda Mohan Shenoy
 
D01_SVCMahatmyam_v1.pdf
D01_SVCMahatmyam_v1.pdfD01_SVCMahatmyam_v1.pdf
D01_SVCMahatmyam_v1.pdf
Nanda Mohan Shenoy
 
09_Sundara Kandam_v3.pdf
09_Sundara Kandam_v3.pdf09_Sundara Kandam_v3.pdf
09_Sundara Kandam_v3.pdf
Nanda Mohan Shenoy
 
08_Sundara Kandam_v3.pdf
08_Sundara Kandam_v3.pdf08_Sundara Kandam_v3.pdf
08_Sundara Kandam_v3.pdf
Nanda Mohan Shenoy
 
07_Sundara Kandam_v3.pdf
07_Sundara Kandam_v3.pdf07_Sundara Kandam_v3.pdf
07_Sundara Kandam_v3.pdf
Nanda Mohan Shenoy
 
06_Sundara Kandam_v3.pdf
06_Sundara Kandam_v3.pdf06_Sundara Kandam_v3.pdf
06_Sundara Kandam_v3.pdf
Nanda Mohan Shenoy
 
05_Sundara Kandam_v3.pdf
05_Sundara Kandam_v3.pdf05_Sundara Kandam_v3.pdf
05_Sundara Kandam_v3.pdf
Nanda Mohan Shenoy
 
04_Sundara Kandam_v3.pptx
04_Sundara Kandam_v3.pptx04_Sundara Kandam_v3.pptx
04_Sundara Kandam_v3.pptx
Nanda Mohan Shenoy
 
03_Sundara Kandam-v3.pdf
03_Sundara Kandam-v3.pdf03_Sundara Kandam-v3.pdf
03_Sundara Kandam-v3.pdf
Nanda Mohan Shenoy
 
02_Sundara Kandam_v3.pdf
02_Sundara Kandam_v3.pdf02_Sundara Kandam_v3.pdf
02_Sundara Kandam_v3.pdf
Nanda Mohan Shenoy
 
01_Sundara Kandam_v3.pdf
01_Sundara Kandam_v3.pdf01_Sundara Kandam_v3.pdf
01_Sundara Kandam_v3.pdf
Nanda Mohan Shenoy
 
CEPAR Conference _20230204.pdf
CEPAR Conference _20230204.pdfCEPAR Conference _20230204.pdf
CEPAR Conference _20230204.pdf
Nanda Mohan Shenoy
 
Digitial Personal Data Bill 2022 feedback
Digitial Personal Data Bill 2022 feedbackDigitial Personal Data Bill 2022 feedback
Digitial Personal Data Bill 2022 feedback
Nanda Mohan Shenoy
 
IS17428_ISACA_Chennai_20220910.pptx
IS17428_ISACA_Chennai_20220910.pptxIS17428_ISACA_Chennai_20220910.pptx
IS17428_ISACA_Chennai_20220910.pptx
Nanda Mohan Shenoy
 

More from Nanda Mohan Shenoy (20)

Srimadbhagavata_parayanam_v3.pdf
Srimadbhagavata_parayanam_v3.pdfSrimadbhagavata_parayanam_v3.pdf
Srimadbhagavata_parayanam_v3.pdf
 
D07_SVCMahatmyam_v1.pdf
D07_SVCMahatmyam_v1.pdfD07_SVCMahatmyam_v1.pdf
D07_SVCMahatmyam_v1.pdf
 
D06_SVCMahatmyam_v1.pdf
D06_SVCMahatmyam_v1.pdfD06_SVCMahatmyam_v1.pdf
D06_SVCMahatmyam_v1.pdf
 
D05_SVCMahatmyam_v1.pdf
D05_SVCMahatmyam_v1.pdfD05_SVCMahatmyam_v1.pdf
D05_SVCMahatmyam_v1.pdf
 
D04_SVCMahatmyam_v1.pdf
D04_SVCMahatmyam_v1.pdfD04_SVCMahatmyam_v1.pdf
D04_SVCMahatmyam_v1.pdf
 
D03_SVCMahatmyam_v1.pdf
D03_SVCMahatmyam_v1.pdfD03_SVCMahatmyam_v1.pdf
D03_SVCMahatmyam_v1.pdf
 
D02_SVCMahatmyam_v1.pdf
D02_SVCMahatmyam_v1.pdfD02_SVCMahatmyam_v1.pdf
D02_SVCMahatmyam_v1.pdf
 
D01_SVCMahatmyam_v1.pdf
D01_SVCMahatmyam_v1.pdfD01_SVCMahatmyam_v1.pdf
D01_SVCMahatmyam_v1.pdf
 
09_Sundara Kandam_v3.pdf
09_Sundara Kandam_v3.pdf09_Sundara Kandam_v3.pdf
09_Sundara Kandam_v3.pdf
 
08_Sundara Kandam_v3.pdf
08_Sundara Kandam_v3.pdf08_Sundara Kandam_v3.pdf
08_Sundara Kandam_v3.pdf
 
07_Sundara Kandam_v3.pdf
07_Sundara Kandam_v3.pdf07_Sundara Kandam_v3.pdf
07_Sundara Kandam_v3.pdf
 
06_Sundara Kandam_v3.pdf
06_Sundara Kandam_v3.pdf06_Sundara Kandam_v3.pdf
06_Sundara Kandam_v3.pdf
 
05_Sundara Kandam_v3.pdf
05_Sundara Kandam_v3.pdf05_Sundara Kandam_v3.pdf
05_Sundara Kandam_v3.pdf
 
04_Sundara Kandam_v3.pptx
04_Sundara Kandam_v3.pptx04_Sundara Kandam_v3.pptx
04_Sundara Kandam_v3.pptx
 
03_Sundara Kandam-v3.pdf
03_Sundara Kandam-v3.pdf03_Sundara Kandam-v3.pdf
03_Sundara Kandam-v3.pdf
 
02_Sundara Kandam_v3.pdf
02_Sundara Kandam_v3.pdf02_Sundara Kandam_v3.pdf
02_Sundara Kandam_v3.pdf
 
01_Sundara Kandam_v3.pdf
01_Sundara Kandam_v3.pdf01_Sundara Kandam_v3.pdf
01_Sundara Kandam_v3.pdf
 
CEPAR Conference _20230204.pdf
CEPAR Conference _20230204.pdfCEPAR Conference _20230204.pdf
CEPAR Conference _20230204.pdf
 
Digitial Personal Data Bill 2022 feedback
Digitial Personal Data Bill 2022 feedbackDigitial Personal Data Bill 2022 feedback
Digitial Personal Data Bill 2022 feedback
 
IS17428_ISACA_Chennai_20220910.pptx
IS17428_ISACA_Chennai_20220910.pptxIS17428_ISACA_Chennai_20220910.pptx
IS17428_ISACA_Chennai_20220910.pptx
 

Recently uploaded

Dallas Criminal Attorney | Frisco Criminal Attorney- Reggie London
Dallas Criminal Attorney | Frisco Criminal Attorney- Reggie LondonDallas Criminal Attorney | Frisco Criminal Attorney- Reggie London
Dallas Criminal Attorney | Frisco Criminal Attorney- Reggie London
ReggieLondon Lawyer
 
Bank Secrecy Act of the Philippines.pptx
Bank Secrecy Act of the Philippines.pptxBank Secrecy Act of the Philippines.pptx
Bank Secrecy Act of the Philippines.pptx
Cyrish2
 
Occupational Safety and Health Act (Amendment) 2022
Occupational Safety and Health Act (Amendment) 2022Occupational Safety and Health Act (Amendment) 2022
Occupational Safety and Health Act (Amendment) 2022
NguokYingNgu1
 
RUG biyezheng degree offer diploma Transcript
RUG biyezheng degree offer diploma TranscriptRUG biyezheng degree offer diploma Transcript
RUG biyezheng degree offer diploma Transcript
qpeqmso
 
Md_Rahim_Ali_v_State_of_Assam_and_ors-1.pdf
Md_Rahim_Ali_v_State_of_Assam_and_ors-1.pdfMd_Rahim_Ali_v_State_of_Assam_and_ors-1.pdf
Md_Rahim_Ali_v_State_of_Assam_and_ors-1.pdf
bhavenpr
 
The Art Institute of California degree offer diploma Transcript
The Art Institute of California degree offer diploma TranscriptThe Art Institute of California degree offer diploma Transcript
The Art Institute of California degree offer diploma Transcript
qgoomz
 
Wintec biyezheng degree offer diploma Transcript
Wintec biyezheng degree offer diploma TranscriptWintec biyezheng degree offer diploma Transcript
Wintec biyezheng degree offer diploma Transcript
qpeqmso
 
shwetha case hmt.docx human resouce management
shwetha case hmt.docx human resouce managementshwetha case hmt.docx human resouce management
shwetha case hmt.docx human resouce management
ShwethaGy2
 
Sub-contractors Due Diligence Check-List
Sub-contractors Due Diligence Check-ListSub-contractors Due Diligence Check-List
Sub-contractors Due Diligence Check-List
Gediminas Daukša
 
Westminster degree offer diploma Transcript
Westminster degree offer diploma TranscriptWestminster degree offer diploma Transcript
Westminster degree offer diploma Transcript
geesuk
 
Esipf Consultants: Best Epf Consultancy Service In Delhi
Esipf Consultants: Best Epf Consultancy Service In DelhiEsipf Consultants: Best Epf Consultancy Service In Delhi
Esipf Consultants: Best Epf Consultancy Service In Delhi
esipfconsultantsoffp
 
Birmingham degree offer diploma Transcript
Birmingham degree offer diploma TranscriptBirmingham degree offer diploma Transcript
Birmingham degree offer diploma Transcript
pehqgou
 
California Baptist University degree offer diploma Transcript
California Baptist University degree offer diploma TranscriptCalifornia Baptist University degree offer diploma Transcript
California Baptist University degree offer diploma Transcript
qgoomz
 
Law-Commission-Report-267-on-Hate-Speech.pdf
Law-Commission-Report-267-on-Hate-Speech.pdfLaw-Commission-Report-267-on-Hate-Speech.pdf
Law-Commission-Report-267-on-Hate-Speech.pdf
bhavenpr
 
Here's the Latest Todd Rokita Grievance That was Filed
Here's the Latest Todd Rokita Grievance  That was FiledHere's the Latest Todd Rokita Grievance  That was Filed
Here's the Latest Todd Rokita Grievance That was Filed
Abdul-Hakim Shabazz
 
Tech Startups: Expert Advice from Aaron Kelly Arizona
Tech Startups: Expert Advice from Aaron Kelly ArizonaTech Startups: Expert Advice from Aaron Kelly Arizona
Tech Startups: Expert Advice from Aaron Kelly Arizona
Aaron Kelly Lawyer
 
case laws.pdf professional ethics and legal
case laws.pdf professional ethics and legalcase laws.pdf professional ethics and legal
case laws.pdf professional ethics and legal
ALEENAJOSHY5
 
SiebenCarey Sponsors First Social Justice On Tap Fundraiser for the Southern ...
SiebenCarey Sponsors First Social Justice On Tap Fundraiser for the Southern ...SiebenCarey Sponsors First Social Justice On Tap Fundraiser for the Southern ...
SiebenCarey Sponsors First Social Justice On Tap Fundraiser for the Southern ...
Knowyourright
 
PERSONAL INJURY LAW: EVERYTHING YOU NEED TO KNOW IN 2024
PERSONAL INJURY LAW: EVERYTHING YOU NEED TO KNOW IN 2024PERSONAL INJURY LAW: EVERYTHING YOU NEED TO KNOW IN 2024
PERSONAL INJURY LAW: EVERYTHING YOU NEED TO KNOW IN 2024
Paisley Law LLC
 
Trademark Search & Filing LA Secure Brand
Trademark Search & Filing LA Secure BrandTrademark Search & Filing LA Secure Brand
Trademark Search & Filing LA Secure Brand
Trademark Quick
 

Recently uploaded (20)

Dallas Criminal Attorney | Frisco Criminal Attorney- Reggie London
Dallas Criminal Attorney | Frisco Criminal Attorney- Reggie LondonDallas Criminal Attorney | Frisco Criminal Attorney- Reggie London
Dallas Criminal Attorney | Frisco Criminal Attorney- Reggie London
 
Bank Secrecy Act of the Philippines.pptx
Bank Secrecy Act of the Philippines.pptxBank Secrecy Act of the Philippines.pptx
Bank Secrecy Act of the Philippines.pptx
 
Occupational Safety and Health Act (Amendment) 2022
Occupational Safety and Health Act (Amendment) 2022Occupational Safety and Health Act (Amendment) 2022
Occupational Safety and Health Act (Amendment) 2022
 
RUG biyezheng degree offer diploma Transcript
RUG biyezheng degree offer diploma TranscriptRUG biyezheng degree offer diploma Transcript
RUG biyezheng degree offer diploma Transcript
 
Md_Rahim_Ali_v_State_of_Assam_and_ors-1.pdf
Md_Rahim_Ali_v_State_of_Assam_and_ors-1.pdfMd_Rahim_Ali_v_State_of_Assam_and_ors-1.pdf
Md_Rahim_Ali_v_State_of_Assam_and_ors-1.pdf
 
The Art Institute of California degree offer diploma Transcript
The Art Institute of California degree offer diploma TranscriptThe Art Institute of California degree offer diploma Transcript
The Art Institute of California degree offer diploma Transcript
 
Wintec biyezheng degree offer diploma Transcript
Wintec biyezheng degree offer diploma TranscriptWintec biyezheng degree offer diploma Transcript
Wintec biyezheng degree offer diploma Transcript
 
shwetha case hmt.docx human resouce management
shwetha case hmt.docx human resouce managementshwetha case hmt.docx human resouce management
shwetha case hmt.docx human resouce management
 
Sub-contractors Due Diligence Check-List
Sub-contractors Due Diligence Check-ListSub-contractors Due Diligence Check-List
Sub-contractors Due Diligence Check-List
 
Westminster degree offer diploma Transcript
Westminster degree offer diploma TranscriptWestminster degree offer diploma Transcript
Westminster degree offer diploma Transcript
 
Esipf Consultants: Best Epf Consultancy Service In Delhi
Esipf Consultants: Best Epf Consultancy Service In DelhiEsipf Consultants: Best Epf Consultancy Service In Delhi
Esipf Consultants: Best Epf Consultancy Service In Delhi
 
Birmingham degree offer diploma Transcript
Birmingham degree offer diploma TranscriptBirmingham degree offer diploma Transcript
Birmingham degree offer diploma Transcript
 
California Baptist University degree offer diploma Transcript
California Baptist University degree offer diploma TranscriptCalifornia Baptist University degree offer diploma Transcript
California Baptist University degree offer diploma Transcript
 
Law-Commission-Report-267-on-Hate-Speech.pdf
Law-Commission-Report-267-on-Hate-Speech.pdfLaw-Commission-Report-267-on-Hate-Speech.pdf
Law-Commission-Report-267-on-Hate-Speech.pdf
 
Here's the Latest Todd Rokita Grievance That was Filed
Here's the Latest Todd Rokita Grievance  That was FiledHere's the Latest Todd Rokita Grievance  That was Filed
Here's the Latest Todd Rokita Grievance That was Filed
 
Tech Startups: Expert Advice from Aaron Kelly Arizona
Tech Startups: Expert Advice from Aaron Kelly ArizonaTech Startups: Expert Advice from Aaron Kelly Arizona
Tech Startups: Expert Advice from Aaron Kelly Arizona
 
case laws.pdf professional ethics and legal
case laws.pdf professional ethics and legalcase laws.pdf professional ethics and legal
case laws.pdf professional ethics and legal
 
SiebenCarey Sponsors First Social Justice On Tap Fundraiser for the Southern ...
SiebenCarey Sponsors First Social Justice On Tap Fundraiser for the Southern ...SiebenCarey Sponsors First Social Justice On Tap Fundraiser for the Southern ...
SiebenCarey Sponsors First Social Justice On Tap Fundraiser for the Southern ...
 
PERSONAL INJURY LAW: EVERYTHING YOU NEED TO KNOW IN 2024
PERSONAL INJURY LAW: EVERYTHING YOU NEED TO KNOW IN 2024PERSONAL INJURY LAW: EVERYTHING YOU NEED TO KNOW IN 2024
PERSONAL INJURY LAW: EVERYTHING YOU NEED TO KNOW IN 2024
 
Trademark Search & Filing LA Secure Brand
Trademark Search & Filing LA Secure BrandTrademark Search & Filing LA Secure Brand
Trademark Search & Filing LA Secure Brand
 

Data Protection & Aadhaar Act

  • 1. Data Protection & Aadhaar Act Nanda Mohan Shenoy D CAIIB,DBM-Part I,, NSE Certified Market Professional Level-1 ,P G Diploma in IRPM, PG Diploma in EDP and Computer Management, DIM,LA ISO 9001,LA ISO 27001 NISM empanelled CPE Trainer Director 1
  • 2. Agenda • Information Technology Act 2000 • Aadhaar Data protection • Data Protection Framework • Question & Answers 2
  • 3. 2000 Vs 2008Vs FA2017 3
  • 4. Sec-43 A • A body corporate, possessing, dealing or handling any • sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining • reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, to the person so affected. (Change vide ITAA 2008) How much is not defined in the Act which means unlimited 4
  • 5. What Constitutes SPDI ? (i) Password (ii) Financial information such as bank account, credit card, debit card or other payment details (iii) Physical, physiological and mental health condition (iv) Sexual orientation (v) Medical records and history (vi) Biometric information – Finger prints – Eye retina and irises – Voice patterns – Facial patterns – Hand measurement – DNA Rules & Regulations 5
  • 6. Banks & SPDI • Banks handle SPDI across the customer, employee and vendor process • Right from the Physical forms at Branches to the Data in private Cloud as well as in-house • Tomorrow if you adopt voice recognition then protecting that also becomes important • Till last year before implementation of RD Services by UIDAI Biometric information was also very critical • Employee attendance through Biometrics • Data Exchange with CIBIL and other bodies 7
  • 7. Privacy Policy & Consent (1) Privacy policy for handling of or dealing in personal information including sensitive personal data • Publish on website of body corporate or any person on its behalf (2) Consent • in writing through letter or fax or email from the provider of the sensitive personal data or information regarding purpose of usage before collection of such information • This is also applicable also to Aadhaar Information 8
  • 8. Impact on banks Banks have to identify – SPDI • Customers • Vendors • Employees – Implement controls • Encryptions • Define and device policies for the same • Have ISO 27001: Standards implemented and audited – Consent to be taken from customers as well as employees Risk of compensation 9
  • 9. Incident Management • Wannacry attack is a Cyber Security Incident • Mandatory Reporting as per Sec 70 B – shall be punishable with imprisonment for a term which may extend to one year or with fine which may extend to one lakh rupees or with both 10 Imprisonment Fines
  • 10. Agenda • Information Technology Act 2000 • Aadhaar Data protection • Data Protection Framework • Question & Answers 11
  • 11. Act, Sections & Regulations Chapter Sections Regulations I-PRELIMINARY 1-2(2) --------------------NA----------------------- II Enrolment 3-6(4) Aadhaar (Enrolment and Update) Regulations 2016 Aadhaar (Enrolment and Update) (First Amendment )Regulations 2017 III Authentication 7-10(4) Aadhaar (Authentication) Regulations 2016 Aadhaar (Sharing of Information) Regulations 2016 IV UIDAI 11-23(13) --------------------NA----------------------- V Grants ,Accounts and audit and annual report 24-27(4) --------------------NA----------------------- VI Protection of Information 28-33(6) Aadhaar (Data Security) Regulations 2016 VII Offences & penalties 34-47(14) --------------------NA----------------------- VIII Miscellaneous 48-59(12) --------------------NA----------------------- 12th July 2016- Sec 11-20 ,22 to 23, 48-59 12th Sep 2016 –Sec 1-10 and 24-47 12
  • 12. Aadhaar Compliances • Need to comply to the Acts and regulations as mentioned • Non compliance leads –Financial Disincentives –Penalties –Cancellation of Licenses 13
  • 14. Latest Trends in Data Protection • Tokenisation –PCI –Aadhaar Data • Data Vault 15
  • 15. Aadhaar Ecosystem & Banks • Permeating the entire banking system • Financial as well a Non Financial transaction 16
  • 16. Securing Aadhaar Data Aadhaar number must be stored in a vault in an encrypted manner whose key should be in a FIPS 140- 2 compliant device 17
  • 17. Talk of the Town • New ideas of tokenisation • Virtual Id for customers • So no Aadhaar number gets stored in the system – Global AUA – Local AUA • Lot of rework in the existing data flow due to this requirement 18
  • 18. Impact on banks Banks have to identify –Financial Burden • Fees of Rs 20 Lacs for two years • Bank Guarantee for 10 Lacs –Implement controls • Encryptions using HSM (20-30 Lacs for HSM in HA ) –Undertake a separate Aadhaar Compliance Assessment (Annual Audit not sufficient in our view) 19
  • 19. Agenda • Information Technology Act 2000 • Aadhaar Data protection • Data Protection Framework • Question & Answers 20
  • 20. Data Protection Framework-India • Committee of Experts under the Chairmanship of Justice B N Srikrishna, Former Judge, Supreme Court of India, to identify key data protection issues in India and recommend methods of addressing them. • Released for Public Comments on 27th Nov 2017 (243 pages) • Last date for public comments was 31st Dec 2017 • Heavily borrowed from GDPR 21
  • 21. Contents • Part-I Context Setting • Part-II Scope and exemptions • Part-III Grounds of Processing • Part-IV Regulation and enforcement 22
  • 22. Part-II Scope and exemptions • Ch 3- What is personal Data? • Ch 4- SPDI – Further broadened to include caste religion etc • Ch 5- What is processing? • Ch 6- Data Controller and Processor – Banks will be Controllers as well as processors – If outsourced then service provider will be processor • Ch 9- Data Localisation – Keeping data within the country 23
  • 23. Part-III Grounds of Processing • Ch1-Consent • Ch 2- Child’s Consent • Ch 3- Notice • Ch 6- SPDI Processing • Ch 7- Storage Limitation and Data Quality 24
  • 24. Part-IV Regulation and enforcement • Ch 2-Accountability & enforcement tools –Code of Practice –Personal Data Breach notification –Categorisation of Data Controllers –Data Protection Authority • Ch 4- Remedies –Penalties –Compensation –Offences 25