With the advent of technology, the opportunity in data has been tremendous. This opportunity is well established in NASSCOM-McKinsey Project wherein it is seen as $500 Billion opportunities till 2025. In line to same, an attempt to provide insightful article recording in detail the legal and business prospect of the non-Personal Data Governance Framework issued by the Government on 12 July 2020.
The document summarizes key aspects of data protection law in India, including the Data Protection Rules under the Information Technology Act, which impose obligations on companies that process personal data. It discusses concepts like sensitive personal data, consent requirements, data retention, complaints procedures, penalties for non-compliance, and sector-specific regulations. It also provides an overview of the European Union's General Data Protection Regulation and obligations it places on controllers and processors of personal data.
The document discusses data protection in India as the country transitions to a digital economy. It notes that India has over 450 million internet users and the government has launched a "Digital India" initiative. However, with increased data collection and use, protection of personal data has become important. The government has drafted a white paper that outlines key principles for a data protection law, including technology neutrality, informed consent, data minimization, and accountability. The white paper was released for public consultation to help shape India's comprehensive data protection law and ensure privacy protections are balanced with enabling innovation.
With the submission of SriKrishna Committee report on data protection, the final countdown for India’s own Data Protection Regime has finally begun. A detailed legal framework on data protection is to be implemented in the coming days.
Purpose of Data Protection Bill 2018- To protect the autonomy of individuals in relation with their personal data, to specify where the flow and usage of personal data is appropriate, to create a relationship of trust between persons and entities processing their personal data, to specify the rights of individuals whose personal data are processed, to create a framework for implementing organizational and technical measures in processing personal data, to lay down norms for cross-border transfer of personal data, to ensure the accountability of entities processing personal data, to provide remedies for unauthorized and harmful processing, and to establish a Data Protection Authority for overseeing processing activities.
“Data localisation or data residency laws require data about a nations' citizens or residents be collected, processed, and/or stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws, such as giving the user notice of how the information will be used and obtaining their consent.” - Wikipedia
Information governance a_necessity_in_toAnne ndolo
1) Information governance is becoming a necessity for businesses today as they operate in an environment dominated by information. IG helps businesses improve operations, compliance, risk management, and customer service.
2) Implementing IG presents challenges for businesses, including issues with roles and responsibilities, policy implementation, information security, and compliance. Flexible IG systems and automated information management can help address these challenges.
3) Measuring the effectiveness of IG policies through evaluation allows businesses to ensure objectives are met and policies remain up to date with changing needs. Flexible policies that involve employees lead to more effective long-term governance.
The document discusses data protection laws in India. It provides definitions of data and databases. India does not have specific data protection legislation, but data can be protected through various acts like the Constitution, Information Technology Act 2000, and Copyright Act 1957. The Information Technology Act 2000 defines data and provides some penalties for damaging computers or disclosing private information without consent. However, it does not define what constitutes "reasonable security practices and procedures" or address territorial applicability of these laws. The document also discusses approaches to data protection in the US, UK, and some cases involving data issues in India. It notes that when data is transferred outside India, it receives no legal protection.
Put your left leg in, put your left leg out: the exclusions and exemptions of...Werksmans Attorneys
This document summarizes the key aspects of South Africa's Protection of Personal Information Bill, including its objectives to protect privacy rights, regulate data processing, and provide legal remedies. It outlines the bill's exclusions and exemptions for certain data and entities. It also discusses the concepts of "public interest" and the bill's application in relation to the country's constitution. The overall summary is that the bill aims to balance privacy rights with other interests like national security, research, and media reporting through a framework of principles, exemptions, and regulatory oversight.
The document summarizes key aspects of data protection law in India, including the Data Protection Rules under the Information Technology Act, which impose obligations on companies that process personal data. It discusses concepts like sensitive personal data, consent requirements, data retention, complaints procedures, penalties for non-compliance, and sector-specific regulations. It also provides an overview of the European Union's General Data Protection Regulation and obligations it places on controllers and processors of personal data.
The document discusses data protection in India as the country transitions to a digital economy. It notes that India has over 450 million internet users and the government has launched a "Digital India" initiative. However, with increased data collection and use, protection of personal data has become important. The government has drafted a white paper that outlines key principles for a data protection law, including technology neutrality, informed consent, data minimization, and accountability. The white paper was released for public consultation to help shape India's comprehensive data protection law and ensure privacy protections are balanced with enabling innovation.
With the submission of SriKrishna Committee report on data protection, the final countdown for India’s own Data Protection Regime has finally begun. A detailed legal framework on data protection is to be implemented in the coming days.
Purpose of Data Protection Bill 2018- To protect the autonomy of individuals in relation with their personal data, to specify where the flow and usage of personal data is appropriate, to create a relationship of trust between persons and entities processing their personal data, to specify the rights of individuals whose personal data are processed, to create a framework for implementing organizational and technical measures in processing personal data, to lay down norms for cross-border transfer of personal data, to ensure the accountability of entities processing personal data, to provide remedies for unauthorized and harmful processing, and to establish a Data Protection Authority for overseeing processing activities.
“Data localisation or data residency laws require data about a nations' citizens or residents be collected, processed, and/or stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws, such as giving the user notice of how the information will be used and obtaining their consent.” - Wikipedia
Information governance a_necessity_in_toAnne ndolo
1) Information governance is becoming a necessity for businesses today as they operate in an environment dominated by information. IG helps businesses improve operations, compliance, risk management, and customer service.
2) Implementing IG presents challenges for businesses, including issues with roles and responsibilities, policy implementation, information security, and compliance. Flexible IG systems and automated information management can help address these challenges.
3) Measuring the effectiveness of IG policies through evaluation allows businesses to ensure objectives are met and policies remain up to date with changing needs. Flexible policies that involve employees lead to more effective long-term governance.
The document discusses data protection laws in India. It provides definitions of data and databases. India does not have specific data protection legislation, but data can be protected through various acts like the Constitution, Information Technology Act 2000, and Copyright Act 1957. The Information Technology Act 2000 defines data and provides some penalties for damaging computers or disclosing private information without consent. However, it does not define what constitutes "reasonable security practices and procedures" or address territorial applicability of these laws. The document also discusses approaches to data protection in the US, UK, and some cases involving data issues in India. It notes that when data is transferred outside India, it receives no legal protection.
Put your left leg in, put your left leg out: the exclusions and exemptions of...Werksmans Attorneys
This document summarizes the key aspects of South Africa's Protection of Personal Information Bill, including its objectives to protect privacy rights, regulate data processing, and provide legal remedies. It outlines the bill's exclusions and exemptions for certain data and entities. It also discusses the concepts of "public interest" and the bill's application in relation to the country's constitution. The overall summary is that the bill aims to balance privacy rights with other interests like national security, research, and media reporting through a framework of principles, exemptions, and regulatory oversight.
The document discusses Botswana's efforts to develop data legislation and policy. It outlines how Botswana established a National ICT Policy in 2007 to guide the use of ICT. It is now working to develop a legal framework, including enacting laws around electronic transactions, cybercrime, and personal data protection. A draft Data Protection Bill has been completed that establishes principles for processing personal data and would create a Data Protection Commissioner and Tribunal. While progress has been made, Botswana is still working to finalize and enact this legislation to regulate data use.
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
This document provides an overview of the Protection of Personal Information Act (POPI) in South Africa, outlining its key purposes and definitions. The POPI Act introduces 8 key principles for lawful personal data processing: accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, and data subject participation. It also covers provisions around consent requirements for direct marketing and penalties for non-compliance. The overall aim of the POPI Act is to protect personal information and establish requirements for its lawful processing.
Example Association Internal GDPR PolicyLen Murphy
Example Association Internal GDPR Policy. This example policy contains citations to the Articles and Recitals in the European Union's General Data Protection Regulation. The example contains references to other resources that will help drafters design their own policies while being able to examine the precise wording of the law and helpful reference sources.
The document provides an overview of ethics, legislation, and privacy issues related to big data. It discusses the necessity of regulating big data and the differences between privacy and data protection. It also provides details on the General Data Protection Regulation (GDPR), including its goals, requirements for companies, and individual rights it aims to protect.
This document provides information about information governance standards and responsibilities in the NHS. It discusses key topics like the Caldicott principles for handling patient information, the Data Protection Act, Freedom of Information Act, and NHS Constitution. The main points are that everyone in the NHS has a responsibility to maintain confidentiality and handle information securely and ethically according to legal and best practice standards. This includes following guidelines on access, disclosure, records management, staff training, and reporting security breaches.
Guide to-the-general-data-protection-regulationN N
The document provides a guide to the General Data Protection Regulation (GDPR), which takes effect in May 2018. It highlights several key changes and requirements of the new law, including: tightening the rules for consent; making the appointment of a data protection officer mandatory for some organizations; introducing mandatory privacy impact assessments and data breach notification; and expanding individuals' rights to access and delete their personal data. The guide is intended to help organizations assess their GDPR readiness and comply with the new requirements.
How to implement GDPR for the health sector, February 2018Browne Jacobson LLP
The document discusses the key aspects of implementing the General Data Protection Regulation (GDPR) for organizations in the health sector. It covers definitions of important terms like genetic data and biometric data. It also summarizes the GDPR's data protection principles, lawful bases for processing personal data and special categories of personal data, individual rights for data subjects, and contractual requirements for data processors.
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
This document summarizes key aspects of India's proposed Personal Data Protection Bill, 2019. It discusses the bill's applicability, categories of protected data, data controller obligations, rights of data subjects, provisions around children's data, and penalties. It also outlines rules for data localization and cross-border data transfers, noting sensitive personal data must stay in India unless an exception applies. The bill aims to strengthen data protection for Indian citizens and regulate how their personal information is collected and used.
This Slide is based on a presentation on Nigeria Data Protection Regulation to management of Cavidel Limited presented during management meeting held in the company office in Nigeria. It gives a summary and details of the key essentials of the data protection regulation released by NITDA for Nigeria.
The presentation aims to educate management on the Nigerian Data Protection Regulation, its direct and indirect impacts on businesses, legal and financial implications, punishment for failure to comply, steps to compliance and data security.
Second Verse, Different from the First. Judy Selby
This document provides a summary of the key requirements and differences between the California Consumer Privacy Act (CCPA) and the European Union's General Data Protection Regulation (GDPR). It outlines and compares major provisions around who and what data is regulated, consumer rights and choices, response requirements to consumer requests, when data deletion can be refused, and required privacy notices. The CCPA and GDPR both aim to give individuals more control over their personal data, but they differ in their scope and specific rights and obligations provided.
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Andrea Omicini
Large-scale socio-technical systems (STS) inextricably inter-connect individual – e.g., the right to privacy –, social – e.g., the effectiveness of organisational processes –, and technology issues —e.g., the software engineering process. As a result, the design of the complex software infrastructure involves also non-technological aspects such as the legal ones—so that, e.g., law-abidingness can be ensured since the early stages of the software engineering process. By focussing on contact centres (CC) as relevant examples of knowledge-intensive STS, we elaborate on the articulate aspects of anonymisation: there, individual and organisational needs clash, so that only an accurate balancing between legal and technical aspects could possibly ensure the system efficiency while preserving the individual right to privacy. We discuss first the overall legal framework, then the general theme of anonymisation in CC. Finally we overview the technical process developed in the context of the BISON project.
Project presentation @ DMI, Università di Catania, Italy, 25 July 2016
The document provides an overview of Singapore's Personal Data Protection Act (PDPA). It discusses the PDPA's nine obligations relating to the collection, use and disclosure of personal data by organizations. These include obtaining consent, limiting use to the purpose for which the data was collected, providing access to correct data, ensuring accuracy, protecting data, limiting retention, and restricting transfers. It also outlines the Do Not Call registry requirements and penalties for non-compliance. In conclusion, it notes that the registry and PDPA will come into force in 2014.
The document provides an overview of key aspects of data protection and GDPR compliance, including:
- Definitions of key terms like personal data, data subject, and processor.
- The legal bases for processing different types of personal data and the additional protections for special categories of data.
- Steps in the "data lifecycle" including collection, storage, usage, sharing, and disposal of personal data.
- Examples of common types of personal data and requirements for demonstrating compliance through policies and procedures for areas like privacy notices, data breaches, and data subject access requests.
Data protection law in India is currently facing many problem and resentments due the absence of proper legislative framework. There is an ongoing explosion of cyber crimes on a global scale. The theft and sale of stolen data is happening across vast continents where physical boundaries pose no restriction or seem non-existent in this technological era. India being the largest host of outsourced data processing in the world could become the epicentre of cyber crimes this is mainly due absence of the appropriate legislation
Slides dr farah jameel's gdpr presentation april 2018amirhannan
The document provides an introduction to the General Data Protection Regulation (GDPR) for general practitioners in the UK. It summarizes the key aspects of GDPR, including the new rights it provides individuals over their personal data, such as rights to access, rectify, and erase personal data. It outlines the lawful bases for processing personal data and special categories of health data. It also discusses the requirements under GDPR for responsibilities, documentation, security, and appointments of Data Protection Officers.
Complying with Singapore Personal Data Protection Act - A Practical GuideDaniel Li
The document provides guidance on complying with Singapore's Personal Data Protection Act (PDPA) which obliges organizations to take specific responsibilities regarding the protection of personal information. It outlines five key elements in Microsoft's data governance and access control framework that can help organizations meet their obligations under the PDPA: secure infrastructure, identity and access control, data encryption, document protection, and auditing and reporting. The document recommends organizations engage IT departments and experts to develop processes for personal data management, conduct assessments to identify compliance gaps, and deploy relevant tools and technologies to automate control over private information.
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
This document provides an overview of practical steps organizations can take to prepare for compliance with South Africa's Protection of Personal Information Bill (POPI). It discusses defining personal information and processing under POPI, differentiating responsible parties from operators, identifying key internal and external stakeholders, conducting an audit and due diligence, creating a project plan and questionnaire, and addressing issues around cross-border data transfer. The goal is to help organizations understand POPI's requirements and properly regulate their processing of personal information through comprehensive policies.
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment Priyanka Aash
Identity Payments and Data Empowerment Addressing Different challenges, Solving the Challenges, Payment challenges, Data Sharing and Privacy Challenges.
Putting in perspective: Innovation in digital age.
This document outlines a presentation on privacy and data protection. It discusses key topics like personally identifiable information (PII) and its scope, data protection laws and regulations globally, practical implications of privacy regulations like the General Data Protection Regulation (GDPR), and best practices for compliance. The presentation covers objectives of privacy rules, rights of data subjects, organizational requirements, frameworks for assessment and controls, and achieving compliance.
The objective of this module is to gain an overview of the ethics surrounding big data and the legislation that governs it.
Upon completion of this module you will:
- Gain knowledge on how to recognize the necessity of regulating big data
- Obtain an understanding of the difference between privacy and data protection
- Understand the need to implement data protection actions into your own business
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)ProductNation/iSPIRT
We believe that India is at a unique tipping point where only a fraction of its users have gone online, and a majority are yet to do so. Therefore, it is critical that we build the right set of protections and empowerments for these users as they enter the digital world.
It is equally important not to limit our thinking to simply “protection” of data. We must also question how we can “empower” individuals, who will be data rich before they are economically rich, with better access to their own healthcare data such that they can become more engaged participants and managers of their health care.
We welcome the proposed DISHA Act that seeks to Protect and Empower Individuals in regards to their electronic health data - we have provided our feedback on the DISHA Act and have also proposed technological approaches in this response
iSPIRT’s Response- White Paper on Data Protection Framework for IndiaProductNation/iSPIRT
It is widely known that the amount of data generated daily worldwide is rising at an incredibly exponential rate. Yet, what remains shrouded is how this data, particularly those data types concerning or generated by us, as individuals, are being used and stored by both the public and private sector. As we move into a data-driven world, it is crucial that the laws developed around Data center on the premise of both empowering and protecting the individual. In fact, the main purpose of the 4th layer of India Stack, the “consent layer”, is just this: to provide for a set of tools and utilities, as part of the Data Empowerment and Protection Architecture (DEPA), that empower citizens to assert control over their data.
The Justice Srikrishna led committee of experts has released a White Paper articulating their provisional thoughts on the Data Protection Framework, and are seeking public comments on the subject. iSPIRT has submitted a formal response to the White Paper. You can also read the blog post lays out our current views regarding Data Protection here: http://pn.ispirt.in/india-in-a-digital-world/
The document discusses Botswana's efforts to develop data legislation and policy. It outlines how Botswana established a National ICT Policy in 2007 to guide the use of ICT. It is now working to develop a legal framework, including enacting laws around electronic transactions, cybercrime, and personal data protection. A draft Data Protection Bill has been completed that establishes principles for processing personal data and would create a Data Protection Commissioner and Tribunal. While progress has been made, Botswana is still working to finalize and enact this legislation to regulate data use.
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
This document provides an overview of the Protection of Personal Information Act (POPI) in South Africa, outlining its key purposes and definitions. The POPI Act introduces 8 key principles for lawful personal data processing: accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, and data subject participation. It also covers provisions around consent requirements for direct marketing and penalties for non-compliance. The overall aim of the POPI Act is to protect personal information and establish requirements for its lawful processing.
Example Association Internal GDPR PolicyLen Murphy
Example Association Internal GDPR Policy. This example policy contains citations to the Articles and Recitals in the European Union's General Data Protection Regulation. The example contains references to other resources that will help drafters design their own policies while being able to examine the precise wording of the law and helpful reference sources.
The document provides an overview of ethics, legislation, and privacy issues related to big data. It discusses the necessity of regulating big data and the differences between privacy and data protection. It also provides details on the General Data Protection Regulation (GDPR), including its goals, requirements for companies, and individual rights it aims to protect.
This document provides information about information governance standards and responsibilities in the NHS. It discusses key topics like the Caldicott principles for handling patient information, the Data Protection Act, Freedom of Information Act, and NHS Constitution. The main points are that everyone in the NHS has a responsibility to maintain confidentiality and handle information securely and ethically according to legal and best practice standards. This includes following guidelines on access, disclosure, records management, staff training, and reporting security breaches.
Guide to-the-general-data-protection-regulationN N
The document provides a guide to the General Data Protection Regulation (GDPR), which takes effect in May 2018. It highlights several key changes and requirements of the new law, including: tightening the rules for consent; making the appointment of a data protection officer mandatory for some organizations; introducing mandatory privacy impact assessments and data breach notification; and expanding individuals' rights to access and delete their personal data. The guide is intended to help organizations assess their GDPR readiness and comply with the new requirements.
How to implement GDPR for the health sector, February 2018Browne Jacobson LLP
The document discusses the key aspects of implementing the General Data Protection Regulation (GDPR) for organizations in the health sector. It covers definitions of important terms like genetic data and biometric data. It also summarizes the GDPR's data protection principles, lawful bases for processing personal data and special categories of personal data, individual rights for data subjects, and contractual requirements for data processors.
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
This document summarizes key aspects of India's proposed Personal Data Protection Bill, 2019. It discusses the bill's applicability, categories of protected data, data controller obligations, rights of data subjects, provisions around children's data, and penalties. It also outlines rules for data localization and cross-border data transfers, noting sensitive personal data must stay in India unless an exception applies. The bill aims to strengthen data protection for Indian citizens and regulate how their personal information is collected and used.
This Slide is based on a presentation on Nigeria Data Protection Regulation to management of Cavidel Limited presented during management meeting held in the company office in Nigeria. It gives a summary and details of the key essentials of the data protection regulation released by NITDA for Nigeria.
The presentation aims to educate management on the Nigerian Data Protection Regulation, its direct and indirect impacts on businesses, legal and financial implications, punishment for failure to comply, steps to compliance and data security.
Second Verse, Different from the First. Judy Selby
This document provides a summary of the key requirements and differences between the California Consumer Privacy Act (CCPA) and the European Union's General Data Protection Regulation (GDPR). It outlines and compares major provisions around who and what data is regulated, consumer rights and choices, response requirements to consumer requests, when data deletion can be refused, and required privacy notices. The CCPA and GDPR both aim to give individuals more control over their personal data, but they differ in their scope and specific rights and obligations provided.
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Andrea Omicini
Large-scale socio-technical systems (STS) inextricably inter-connect individual – e.g., the right to privacy –, social – e.g., the effectiveness of organisational processes –, and technology issues —e.g., the software engineering process. As a result, the design of the complex software infrastructure involves also non-technological aspects such as the legal ones—so that, e.g., law-abidingness can be ensured since the early stages of the software engineering process. By focussing on contact centres (CC) as relevant examples of knowledge-intensive STS, we elaborate on the articulate aspects of anonymisation: there, individual and organisational needs clash, so that only an accurate balancing between legal and technical aspects could possibly ensure the system efficiency while preserving the individual right to privacy. We discuss first the overall legal framework, then the general theme of anonymisation in CC. Finally we overview the technical process developed in the context of the BISON project.
Project presentation @ DMI, Università di Catania, Italy, 25 July 2016
The document provides an overview of Singapore's Personal Data Protection Act (PDPA). It discusses the PDPA's nine obligations relating to the collection, use and disclosure of personal data by organizations. These include obtaining consent, limiting use to the purpose for which the data was collected, providing access to correct data, ensuring accuracy, protecting data, limiting retention, and restricting transfers. It also outlines the Do Not Call registry requirements and penalties for non-compliance. In conclusion, it notes that the registry and PDPA will come into force in 2014.
The document provides an overview of key aspects of data protection and GDPR compliance, including:
- Definitions of key terms like personal data, data subject, and processor.
- The legal bases for processing different types of personal data and the additional protections for special categories of data.
- Steps in the "data lifecycle" including collection, storage, usage, sharing, and disposal of personal data.
- Examples of common types of personal data and requirements for demonstrating compliance through policies and procedures for areas like privacy notices, data breaches, and data subject access requests.
Data protection law in India is currently facing many problem and resentments due the absence of proper legislative framework. There is an ongoing explosion of cyber crimes on a global scale. The theft and sale of stolen data is happening across vast continents where physical boundaries pose no restriction or seem non-existent in this technological era. India being the largest host of outsourced data processing in the world could become the epicentre of cyber crimes this is mainly due absence of the appropriate legislation
Slides dr farah jameel's gdpr presentation april 2018amirhannan
The document provides an introduction to the General Data Protection Regulation (GDPR) for general practitioners in the UK. It summarizes the key aspects of GDPR, including the new rights it provides individuals over their personal data, such as rights to access, rectify, and erase personal data. It outlines the lawful bases for processing personal data and special categories of health data. It also discusses the requirements under GDPR for responsibilities, documentation, security, and appointments of Data Protection Officers.
Complying with Singapore Personal Data Protection Act - A Practical GuideDaniel Li
The document provides guidance on complying with Singapore's Personal Data Protection Act (PDPA) which obliges organizations to take specific responsibilities regarding the protection of personal information. It outlines five key elements in Microsoft's data governance and access control framework that can help organizations meet their obligations under the PDPA: secure infrastructure, identity and access control, data encryption, document protection, and auditing and reporting. The document recommends organizations engage IT departments and experts to develop processes for personal data management, conduct assessments to identify compliance gaps, and deploy relevant tools and technologies to automate control over private information.
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
This document provides an overview of practical steps organizations can take to prepare for compliance with South Africa's Protection of Personal Information Bill (POPI). It discusses defining personal information and processing under POPI, differentiating responsible parties from operators, identifying key internal and external stakeholders, conducting an audit and due diligence, creating a project plan and questionnaire, and addressing issues around cross-border data transfer. The goal is to help organizations understand POPI's requirements and properly regulate their processing of personal information through comprehensive policies.
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment Priyanka Aash
Identity Payments and Data Empowerment Addressing Different challenges, Solving the Challenges, Payment challenges, Data Sharing and Privacy Challenges.
Putting in perspective: Innovation in digital age.
This document outlines a presentation on privacy and data protection. It discusses key topics like personally identifiable information (PII) and its scope, data protection laws and regulations globally, practical implications of privacy regulations like the General Data Protection Regulation (GDPR), and best practices for compliance. The presentation covers objectives of privacy rules, rights of data subjects, organizational requirements, frameworks for assessment and controls, and achieving compliance.
The objective of this module is to gain an overview of the ethics surrounding big data and the legislation that governs it.
Upon completion of this module you will:
- Gain knowledge on how to recognize the necessity of regulating big data
- Obtain an understanding of the difference between privacy and data protection
- Understand the need to implement data protection actions into your own business
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)ProductNation/iSPIRT
We believe that India is at a unique tipping point where only a fraction of its users have gone online, and a majority are yet to do so. Therefore, it is critical that we build the right set of protections and empowerments for these users as they enter the digital world.
It is equally important not to limit our thinking to simply “protection” of data. We must also question how we can “empower” individuals, who will be data rich before they are economically rich, with better access to their own healthcare data such that they can become more engaged participants and managers of their health care.
We welcome the proposed DISHA Act that seeks to Protect and Empower Individuals in regards to their electronic health data - we have provided our feedback on the DISHA Act and have also proposed technological approaches in this response
iSPIRT’s Response- White Paper on Data Protection Framework for IndiaProductNation/iSPIRT
It is widely known that the amount of data generated daily worldwide is rising at an incredibly exponential rate. Yet, what remains shrouded is how this data, particularly those data types concerning or generated by us, as individuals, are being used and stored by both the public and private sector. As we move into a data-driven world, it is crucial that the laws developed around Data center on the premise of both empowering and protecting the individual. In fact, the main purpose of the 4th layer of India Stack, the “consent layer”, is just this: to provide for a set of tools and utilities, as part of the Data Empowerment and Protection Architecture (DEPA), that empower citizens to assert control over their data.
The Justice Srikrishna led committee of experts has released a White Paper articulating their provisional thoughts on the Data Protection Framework, and are seeking public comments on the subject. iSPIRT has submitted a formal response to the White Paper. You can also read the blog post lays out our current views regarding Data Protection here: http://pn.ispirt.in/india-in-a-digital-world/
This document discusses ethics in data warehousing and data mining. It notes that data mining can discover new patterns and relationships but also raises ethical issues when used to discriminate against groups for things like loans or special offers. The project manager is responsible for ensuring ethical use of data and establishing access controls and qualifications for users. Small data sets can also raise ethical concerns if users learn information they should not. The project manager must decide what public data is integrated and ensure end users, testing practices, and data mining applications comply with ethical standards and legal regulations.
This document discusses the opportunities and risks associated with big data for legal departments. It provides a cheat sheet on big data that includes mitigating privacy risks by implementing standard security protocols like anonymizing data and obtaining consent. It also notes the risks of uncontrolled data breaches and how algorithms can lead to issues like discrimination if not monitored closely. The document then provides further discussion of the implications of big data for legal departments, including navigating numerous privacy laws and regulations. It emphasizes the importance of understanding what data the organization has, establishing policies and procedures, and proactively addressing privacy and security to leverage big data's advantages while avoiding risks.
The objective of this module is to gain an overview of the ethics surrounding big data and the legislation that governs it.
Upon completion of this module you will:
- Gain knowledge on how to recognize the necessity of regulating big data
- Obtain an understanding of the difference between privacy and data protection
- Understand the need to implement data protection actions into your own business
The objective of this module is to gain an overview of the ethics surrounding big data and the legislation that governs it.
Upon completion of this module you will:
- Gain knowledge on how to recognize the necessity of regulating big data
- Obtain an understanding of the difference between privacy and data protection
- Understand the need to implement data protection actions into your own business
This document discusses responsible data practices. It emphasizes balancing responsible data use, transparency and accountability, and data privacy and security. It outlines key areas like the data lifecycle, risks, and privacy laws like GDPR. Examples are given of challenges organizations like CARE, Girl Effect and Grameen face around data strategy, governance, consent and protecting vulnerable groups. The last section focuses on responsible data, including a maturity model and details on consent, lawful bases for processing data, and clearly communicating data practices to individuals.
Noggin - World's first marketplace for Personal DataNoggin Asia
Direct marketing is expensive; and customer details are usually unknown. Customer on other hand is worried about personal data. Noggin is a marketplace to connect these two. Discover us at www.nogginasia.com. Consumers can earn by sharing personal data
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
The document discusses the rise of data ethics and security. It begins with an introduction of the speaker and their background. It then covers various topics related to data ethics including the data lifecycle, implementation of data ethics through vision, strategy, governance and more. Big data security is also discussed as it relates to data governance, challenges, and approaches to building a security program. Regulatory requirements and their impact on data scientists is covered as it relates to privacy. Techniques for privacy control like data masking and tokenization in ETL processes are presented.
Consumers rely on businesses to keep their personal information safe. Too few of those businesses are actively protecting that data. Here’s what’s gone wrong, and how businesses should be responding. Full blog here: http://bit.ly/1Jtzym5
The objective of this module is to gain an overview of the ethics surrounding big data and the legislation that governs it.
Upon completion of this module you will:
- Gain knowledge on how to recognize the necessity of regulating big data
- Obtain an understanding of the difference between privacy and data protection
- Understand the need to implement data protection actions into your own business
The document analyzes data breach records from 2005-2015 to examine trends by industry. It finds that healthcare, education, government, retail, and finance were most commonly affected, accounting for over 80% of breaches. Personal information was the most frequently stolen record type, compromised through various methods like device loss, insider leaks, and hacking. The analysis also looks specifically at breach trends in the healthcare industry, where loss of portable devices like laptops was a primary source of compromises.
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
The Data Protection Act 2019, was enacted on November 8th, 2019, ushering a new era of accountability and responsibility with regard to processing of personal data and information. Naturally, there has been a resurrection of the chatter around data protection in increasingly data-driven social and economic settings. The question on everyone’s mind being what does this mean for me?
The document summarizes India's Personal Data Protection Bill from 2018. It discusses key aspects of the bill such as its similarities to Europe's GDPR, definitions of personal data and actors like data principals and fiduciaries. It also outlines obligations of fiduciaries, grounds for processing data, requirements around data localization and cross-border transfers. Rights of individuals and penalties for non-compliance are also summarized. In conclusion, it discusses how the bill was influenced by a recent Supreme Court decision establishing privacy as a fundamental right and that data protection law in India is currently transitioning.
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014UsmanMAmeer
This slide dive into Nigeria Data Protection Act 2014 to understand the right and roles of people that deals with Data, from Data Subject, Data Protection Officer to Data Compliance Officers.
GDPR Is Coming – Are Search Marketers Ready?MediaPost
The EU’s General Data Protection Regulation (GDPR) is the most significant change to consumer privacy laws in decades and the enforcement date is approximately 1 month away. The standards for data collection and use in the EU will significantly differ from those in the United States. This session will breakdown the differences and discuss methods for compliance going forward.
PRESENTER
Gary Kibel, Partner, Davis & Gilbert LLP @GaryKibel
This document provides an overview of data privacy for governmental organizations. It discusses what data privacy is, the risks associated with it such as identity theft, and common laws around data privacy including California state laws. It recommends that organizations take an inventory of their data, develop privacy policies and training, and ensure proper system monitoring and controls. The document emphasizes being proactive on data privacy issues.
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
Presented on PHPID Online Learning 35.
Komunitas PHP Indonesia
Title: Enabling Data Governance - The Journey through Data Trust, Ethics, and Quality
Eryk B. Pratama
Global IT & Cybersecurity Advisor
ISACA Journal Data Protection Act (UK) and GAPP AlignmentMohammed J. Khan
This document discusses aligning data privacy frameworks between different jurisdictions. It summarizes the UK Data Protection Act of 1998 and the American Institute of Certified Public Accountants' Generally Accepted Privacy Principles. It then provides an example of how to map the 8 principles of the UK Data Protection Act to the 10 principles outlined in the Generally Accepted Privacy Principles, to help global companies comply with regulations in both the US and UK. This mapping establishes a baseline for assessing a company's current privacy compliance capabilities.
Similar to Insight on Non-Personal Data Governance Framework (20)
Receivership and liquidation Accounts
Being a Paper Presented at Business Recovery and Insolvency Practitioners Association of Nigeria (BRIPAN) on Friday, August 18, 2023.
The Future of Criminal Defense Lawyer in India.pdfveteranlegal
https://veteranlegal.in/defense-lawyer-in-india/ | Criminal defense Lawyer in India has always been a vital aspect of the country's legal system. As defenders of justice, criminal Defense Lawyer play a critical role in ensuring that individuals accused of crimes receive a fair trial and that their constitutional rights are protected. As India evolves socially, economically, and technologically, the role and future of criminal Defense Lawyer are also undergoing significant changes. This comprehensive blog explores the current landscape, challenges, technological advancements, and prospects for criminal Defense Lawyer in India.
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Massimo Talia
This guide aims to provide information on how lawyers will be able to use the opportunities provided by AI tools and how such tools could help the business processes of small firms. Its objective is to provide lawyers with some background to understand what they can and cannot realistically expect from these products. This guide aims to give a reference point for small law practices in the EU
against which they can evaluate those classes of AI applications that are probably the most relevant for them.
This document briefly explains the June compliance calendar 2024 with income tax returns, PF, ESI, and important due dates, forms to be filled out, periods, and who should file them?.
Genocide in International Criminal Law.pptxMasoudZamani13
Excited to share insights from my recent presentation on genocide! 💡 In light of ongoing debates, it's crucial to delve into the nuances of this grave crime.
Business law for the students of undergraduate level. The presentation contains the summary of all the chapters under the syllabus of State University, Contract Act, Sale of Goods Act, Negotiable Instrument Act, Partnership Act, Limited Liability Act, Consumer Protection Act.
Matthew Professional CV experienced Government LiaisonMattGardner52
As an experienced Government Liaison, I have demonstrated expertise in Corporate Governance. My skill set includes senior-level management in Contract Management, Legal Support, and Diplomatic Relations. I have also gained proficiency as a Corporate Liaison, utilizing my strong background in accounting, finance, and legal, with a Bachelor's degree (B.A.) from California State University. My Administrative Skills further strengthen my ability to contribute to the growth and success of any organization.
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee
Presentation slides for a session held on June 4, 2024, at Kyoto University. This presentation is based on the presenter’s recent paper, coauthored with Hwang Lee, Professor, Korea University, with the same title, published in the Journal of Business Administration & Law, Volume 34, No. 2 (April 2024). The paper, written in Korean, is available at <https://shorturl.at/GCWcI>.
सुप्रीम कोर्ट ने यह भी माना था कि मजिस्ट्रेट का यह कर्तव्य है कि वह सुनिश्चित करे कि अधिकारी पीएमएलए के तहत निर्धारित प्रक्रिया के साथ-साथ संवैधानिक सुरक्षा उपायों का भी उचित रूप से पालन करें।
1. Non-Personal Data Governance Framework:
Decoding sensitive anonymous character
and its impact on start-up ecosystem
2. Non-Personal Data Governance Framework
Privileged & Confidential Page | 1
DISCLAIMER:
This Primer is a work of Associates of AAS Regina Legal giving there insight on recommendation
provided by committee of experts by developing a new legislation and regulatory authority to
govern non-personal data and its impact on start up ecosystem. The views expressed herein are
only for harnessing knowledge and information. Nothing herein shall be deemed or construed to
constitute a legal or business advice.
Author
Shifali Singh
Ankita Singh
QUERIES
In case you have any query or need any clarification with respect to the information provided in
this Primer, please write to shifali@aasreginalegal.com, ankita@aasreginalegal.com,
shubham@aasreginalegal.com or yashvardhan@aasreginalegal.com.
3. Non-Personal Data Governance Framework
Privileged & Confidential Page | 2
“The goal is to turn data into information, and information into insight.”
– Carly Fiorina, former executive, president, and chair of Hewlett-Packard Co.
BACKGROUND
A Committee of Experts (the “Committee”) was constituted in September 2019 by The Ministry of
Electronics & Information Technology (the “MeitY”) which was headed by Infosys co-founder Kris
Gopalakrishnan to examine issues relating to non-personal data (the “NPD”) and to end the fuse
revolving around NPD by providing specific suggestion on regulation of NPD.
Committee after conducting numerous meetings with various sectors representative(s) from
domestic and Global market, deliberate discussion with several expertsand upon literature review
on the topic, submitted its report to the government. The report lays down recommendations to
define ®ulate NPD, setting up of a new authority which would be empowered to monitor the
use & mining of such NPD, unveiling a road map to unlock the true economic potential of data. On
July 12, 2020, MeiTy published the said report for public feedback, which issolicited by 13 August,
2020.
WHY REGULATION ON NPD?
The world is awash with data. With the wide spread adoption of the digitalization it is estimated
that the world will generate about 90 zettabytes (approximately a billion terabytes) of data in this
year (2020) and By 2025, worldwide data is expected to grow to 175 zettabytes, with much of the
data residing in the cloud. Sharing of Personal and Non Personal data has potential to create
currency out of it. Unfortunately, Imbalance of data accumulation has only benefited digital
industry i.e social media, map-based services, online retail, digital healthcare, credit rating, etc.
which has resulted into outsized and unbeatable techno-economic first mover advantages. To
unlock the immense potential in that unregulated data which has potential in creating certainty
and incentives for innovation and new products / services and increase the success rate of start-
ups and MSMEs in India by obtaining data’s which doesn’t identify the identity and not abuse the
privacy of person. The Government believed that said data should be non-personal data and rules
and regulations framed to manage such data achieves in manner that the benefits accrue to India
and its communities and businesses.
4. Non-Personal Data Governance Framework
Privileged & Confidential Page | 3
KEY HIGHLIGHTS
DEFINATION AND CATEGORIES OF NPD
The Committee under Framework had define Non-Personal Data as (i) Data which is not ‘Personal
Data’1
(as defined under the Personal Data Protection Bill, 2019 (PDP Bill), or (ii) any set of data
which does not contain personally identifiable information. This in essence means that no individual
or living person can be identified by looking at such data.
The Committee has distinguished the data into two head, one on the basis of Origin & Source and
other on its sensitivity, The Committee has recommended classification on the basis of origin and
source of NPD into three main categories, namely public non-personal data, community non-
personal data and private non-personal data, which are broadly defined hereunder:-
1
Personal Data is defined under Section 3(28) of the PDP Bill as data about or relating to a natural person who is directly
or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of
such natural person, whether online or offline, or any combination of such features with any other information,
including any inference drawn from such data for the purpose of profiling.
Public non-personal
data
• It involves all the data
collected by the
government and its
agencies during
execution of all publicly
funded works.
• E.g. census, data
collected by municipal
corporations on the
total tax receipts.
Community non-
personal data
• It involves any data
identifiers about a set
of people who have
either the same
geographic location,
religion, job, or other
common social
interests.
• E.g. The metadata
collected by ride-hailing
apps, telecom
companies, electricity
distribution companies.
Private non-personal
data
• It can be defined as
those which are
produced by individuals
which can be derived
from application of
proprietary software
or knowledge.
• E.g data generated by
companies like Google,
Amazon etc
5. Non-Personal Data Governance Framework
Privileged & Confidential Page | 4
The Committee for its other head has further categorized NPD into a) Non-Sensitive NPD and b)
Sensitive NPD.
The Committee obtaining its concept from PDP Bill on Personal Data sensitivity spectrum wherein
personal data was categorized into three categories, in line to same, the Committee has defined
a new concept of ‘sensitivity of Non-Personal Data’ under this framework. As per Committee even
Non-Personal Data could be sensitive data if – 1) It relates to national security or strategic interests;
2) It is business sensitive or confidential information; 3) It is anonymised data that bears a risk of
re-identification.
ANONYMISED DATA
The Committee also recognized that even after Personal Data is anonymised into Non-Personal
Data, the possibilities of harm to the original data subject(s) is not totally gone, as it is being
increasingly recognised that no anonymization technique provides perfect irreversibility. Hence
flagging the possibility of re-identification of anonymized data, the Non-Personal Data arising from
such sensitive Personal Data may be considered as sensitive Non-Personal Data. Also to curb this
Committee recommended obtaining of Consent from data principals even for anonymization.
KEY ROLES
As a means of developing a robust Non Personal Data eco-system, Committee recommended a set
of roles/stake-holders and data infrastructures. The Key roles defined as per the recommendation
are :
Data Principal - In the case of Personal Data, the term Data Principal refers to a natural person
only. But in the context of NPD, the definition of a data principal is related to the type of Non-
Personal Data - Public, Community and Private data, as well as based on different possible kinds of
subjects of data.
Accordingly, Government, Companies and organizations can also be considered as “Data Principals”
under recommended NPD regulation.
Data Custodian - Data Custodian is an entity that undertakes collection, storage, processing, use
etc of data in a manner that is in the best interest of the data principal. They have a 'duty of care'
to the concerned community in relation to handling NPD related to it.
Data Trustees - The data principal group/community will exercise its data rights through an
appropriate community data trustee. In the case of community data, unlike personal data where
an individual can directly exercise control over her data, the concept of trustee for community
data comes in, who would exercise such rights on the behalf of the community.
Data Trusts - In addition to Data Trustees, an institutional structure identified as “Data Trust”
comprising of specific rules and protocols for containing and sharing a given set of data is also
recommended.
6. Non-Personal Data Governance Framework
Privileged & Confidential Page | 5
While Data Trustees are appointed by Data Principals, the Data Trusts may be managed by public
authorities constituted by the Government to which Data Principals may voluntarily share data.
OWNERSHIP OF DATA
The Committee articulated a legal basis for establishing rights over “Data”. Apart from recognizing
the “Data Sovereignty” concept where the Indian State has a primary right of ownership of assets
collected in/from India which applies to NPD also. The term “Ownership” holds full meaning only
in terms of physical assets and in respect of knowledge and data, it should be applied to the set of
primary “Economic” and “Statutory rights” over the intangible asset. Hence the notion of
“Beneficial Ownership/interest” has been adopted by the Committee as regards NPD.
As a result the committee recommended that:-
a) In case of Non Personal Data derived from the personal data of an individual, the data principal
for personal data will continue to be the data principal of the NPD, which should be utilized in
the best interest of that individual.
b) The rights over community NPD collected in India should vest with the trustee of that data
community, with the community being the beneficial owner and such data should be utilized in
the best interest of that community.
This recommendation will create a slight conflict of concept since, NPD which is “Anonymized” is
not “Personal Data” and there is no way it can be or should be linked to the Data Principal whether
it is for his benefit or not.
In line to intend behind the ownership of data, our view is that the process of anonymization should
cut the umbilical cord between the Data Principal’s identity associated with the data and the
anonymized data set should be left free to be harnessed by the industry. Any attempt to link it with
the beneficiary will defeat the very purpose of anonymization.
DATA BUSINESS
This recommendation by Committee is game changer for business entity as it introduces a new line
of business activity. To put it simply, while every business uses data for it’s internal purpose, over
a period some companies acquire so much of data where data management itself can become a
business opportunity and this new category / taxonomy of business is called “Data Business”. It is
not an independent industry/ sector but rather a horizontal classification cutting across different
industry sectors. The Committee recommended an obligation on Data Business to register as a ‘Data
Business’ once it reaches a certain data-related threshold, also voluntary basis of registration is
also allowed. All entities that collect / process NPD, above a threshold level, will be subject to an
institutional authority(ies) that will both enable and regulate various aspects of data.The Data
Business companies will be required to share some data with the Government and negotiate with
the Government if any price can be extracted.
IT companies, Start up and service sector organizations will have a wealth of data which can be
packaged and converted into value products, as they would no longer be depended on traditional
way of collecting data, Since conceptualizing the data business will widen the arena of fetching
relevant raw data.
7. Non-Personal Data Governance Framework
Privileged & Confidential Page | 6
DATA SHARING
The essential part of the recommendations by Committee is to ensure an effective “Data Sharing”
mechanism in which “Non Personal Data” is recognized for its potential value and harnessed for the
benefit of the people.
Data sharing refers to the provision of “controlled access” to private sector data, public sector
data and community data to individuals and organisations for “defined purposes” and
with “appropriate safeguards” in place. The Committee has preferred an “Open Access” to “Meta
data” and “Regulated access” to underlying data of Data Businesses with establishment of
appropriate mechanisms to support data requests and data sharing.
One of the key recommendations therefore is the definition of the Data Sharing purpose. The
Committee recognizes three purposes namely:
a) Sovereign Purpose: Under this concept, data may be requested for national security, law
enforcement, legal or regulatory purposes.
b) Core Public Interest Purpose: Under this concept, data may be requested for Community
uses/benefits for public goods, research and innovation, for policy development, better delivery
of public-services, etc. It is recognized that certain data held with the private sector, when
combined with public sector data or otherwise, may be useful for policy making, improving
public service, devising public programs, infrastructure etc which needs to be enabled through
law. It is recommended that the Country should specify a new class of data at a national level
“High -Value Dataset” like health, geospatial and/or transport data and such data should be
used for research purposes. The Committee has specifically mentioned that Health Sector is a
pilot use-case for Non-Personal Data Governance Framework and anonymized health data should
be shared for the specified purposes.
c) Economic Purpose : Committee recommend that Data may be requested in order to encourage
competition and provide a level playing field or encourage innovation through start-up activities
(economic welfare purpose), or for a fair monetary consideration as part of a well-regulated
data market, etc.
DATA SHARING MECHANISMS
The Committee recommended the implementation of sharing mechanism would require setting up
data and cloud innovation labs and research centres to develop, test and implement new digital
solutions, which should be an attractive thought for IT companies. It is recommended that such
data should be available as training data for AI/ML systems. The Data Sharing Mechanisms are
expected to provide access to meta data about data collected by different Data Businesses. This is
expected to help identification of opportunities to develop innovative solutions, products and
services. Such a mechanism has to involve a “Data Request Mechanism”, “Data Custodian”, “Data
Disclosure Mechanism” ,“Safeguards” ,“Handling of complaints of non-disclosure by data
custodians”, “Appropriate Checks and Balances” etc as part of a new regulation. It is expected that
“Experts” would be recognized to evaluate data probing tools, and guide the industry regulation.
They would focus on Cloud vulnerabilities, Cloud security systems etc.
8. Non-Personal Data Governance Framework
Privileged & Confidential Page | 7
NON PERSONAL DATA REGULATORY AUTHORITY
One of the key recommendations of Committee is set up a separate regulator namely “Non-Personal
Data Regulatory Authority” (NPDRA). The NPDRA will be focussing on how to harness the NPD for
national benefit. Hence the kind of persons who manage this authority has to be more “Progress
oriented” than “Caution oriented”. They need to be more “Technology Oriented” than “Legal
Oriented”. The regulator should be able to effectively implement the measures to register and
regulate Non Personal Data Fiduciaries, Processors, Data Trustees, Data Trusts etc. It will have to
work in harmony with other regulators like DPA and CCI as well as other sectoral regulators.
It will have both the “Enabling role” and the “Enforcement Role”.
TECHNOLOGY ARCHITECTURE
The Committee has also added key guiding principles on technology that can be used for creating
and functioning of shared data directories, data bases and for digital implementation of rules and
regulations related to data sharing briefly indicated below.:-
Mechanisms for accessing data
All sharable NPD and datasets created or maintained should have a REST (Representational State
Transfer) API for accessing the data. Data sandboxes can be created where experiments can be run,
algorithms can be deployed and only output being shared, without sharing the data.
Distributed for Data Security
Data storage in a distributed format so that there is no single point of leakage; sharing to be
undertaken using APIs only, such that all requests can be tracked and logged; all requests for data
must be operated after registering with the company for data access etc. Even when data is stored
in a distributed or federated form, as appropriate, there could be coordinated management of
them like would be required for data trusts and data infrastructures for important NPD in different
sectors. Creating a standardized data exchange approach for data collation and exchange. Prevent
de-anonymization by using the best of the breed differential privacy algorithm.
KICK START FOR START-UP ECOSYSTEM
From above overview and analysis it is aptly clear that the opportunity in data is huge and if India
is able to grasp this first mover advantage then we can leverage this opportunity at low cost. If
figures taken from NASSCOM-McKinsey study projects is to be considered, this could be $500 Billion
opportunity over the next five years i.e by 2025. Micro, small and medium enterprises (MSMEs) as
well as small start-ups will be benefited more than the larger companies from the government’s
new plan of allowing sharing of NPD. Regulating, mining and distribution of raw data if processed
into quality data in true sense will promote innovation and research. The more obtaining of raw
data will led to better analysis and generation of new ideas which in turn would help MSMEs and
other small businesses including start-ups in providing better service and expansion. These
regulations will open new avenues for IT Sector as they will be well suited in developing data
security for sharing and monitoring data and prevent leakage of NPD.
9. Non-Personal Data Governance Framework
Privileged & Confidential Page | 8
The formulation of the framework dealing with sharing of NPDs is a step in the right direction. The
government should now move ahead with formulating the regulations regarding the NPD which is
complementary to the personal data protection regulations and other allied regulations in order to
avoid conflict in the future.
10. Non-Personal Data Governance Framework
Privileged & Confidential Page | 9
IMPORTANT LINKS:
Office Memorandum No. 24(4)/2019-CLES dated 13.09.2019 for constitution of Committee for
NPD:
https://www.meity.gov.in/writereaddata/files/constitution_of_committee_of_experts_to_delibera
te_on_data_governance_framework.pdf
Draft recommendation laid down in its report titled 'Report by the Committee of Experts on
Non-Personal Data Governance Framework:
https://static.mygov.in/rest/s3fs-public/mygov_159453381955063671.pdf
Share Your Inputs on Draft Non-Personal Data Governance Framework on below link:
https://www.mygov.in/task/share-your-inputs-draft-non-personal-data-governance-
framework/
Mckinsey & Co. Podcast transcript on open data and its sharing dated June 9, 2020
https://www.mckinsey.com/business-functions/mckinsey-analytics/our-insights/how-to-make-
the-most-of-ai-open-up-and-share-data#
11. Non-Personal Data Governance Framework
Privileged & Confidential Page | 10
A: Office No. 8, First Floor
Atmaram Mansion (Scindia House)
KG Marg, Connaught Place
New Delhi 110001, India
T: +91 11 2332 0152 / +91 88267 18554
E:info@aasreginalegal.com
W:www.aasreginalegal.com