This document summarizes regulatory compliance under the Information Technology Act, 2000 regarding data protection in India. It discusses key cases related to data protection, the liability of companies under Section 85 of the act, and compensation for failure to protect data under Section 43A. It also examines what constitutes sensitive personal data, reasonable security practices and procedures, roles of adjudicating officers and courts, and guidelines around collection, use and transfer of personal information. Overall, the document provides an overview of the IT Act's provisions for data protection in India.
Have you ever felt confused by HIPAA’s complex regulations? Even if you are well versed in the laws, there are still many headache inducing intricacies. In this webinar, an experienced HIPAA auditor will highlight the basics of HIPAA, its regulations, what you need to know about it, and how it may affect you, especially with a new wave of HHS audits looming. The webinar is designed for HIPAA novices and experts alike, and all questions are encouraged in this interactive session.
While the Health Insurance Portability and Accountability Act (HIPAA) is best known for its multitude of requirements that govern the way health care providers can use, disclose, and safeguard protected health information (PHI), its reach goes far beyond that to health plans and business associates that only handle PHI on a limited basis. HIPAA implementation in these environments creates unique challenges—for example, which provisions actually need to be addressed—but with 2016 marking an all-time high for HIPAA enforcement cases, it may be more important now than ever to address HIPAA compliance.
Have you ever felt confused by HIPAA’s complex regulations? Even if you are well versed in the laws, there are still many headache inducing intricacies. In this webinar, an experienced HIPAA auditor will highlight the basics of HIPAA, its regulations, what you need to know about it, and how it may affect you, especially with a new wave of HHS audits looming. The webinar is designed for HIPAA novices and experts alike, and all questions are encouraged in this interactive session.
While the Health Insurance Portability and Accountability Act (HIPAA) is best known for its multitude of requirements that govern the way health care providers can use, disclose, and safeguard protected health information (PHI), its reach goes far beyond that to health plans and business associates that only handle PHI on a limited basis. HIPAA implementation in these environments creates unique challenges—for example, which provisions actually need to be addressed—but with 2016 marking an all-time high for HIPAA enforcement cases, it may be more important now than ever to address HIPAA compliance.
In depth and exhaustive ISO 27001 Checklist covers compliance requirements on ISO 27001 Clause 9.2 w.r.t. Internal Audit. ‘Contains downloadable file of 4 Excel Sheets having 59 checklist Questions, 7 dynamic Analytical Graphs, complete list of Clauses, list of 114 Information Security Controls, 35 Information Security control objectives, and 14 Information Security domains. . To obtain your copy of the ISO 27001 Checklist, click on the url link below:-
https://www.isocertificationtrainingcourse.org/online-store/ISO-27001-Checklist-ISO-27001-Audit-Checklist-ISO-27001-Compliance-checklist-c28241136
Personal Data Protection Act - Employee Data PrivacylegalPadmin
Speech by Pn Adlin Abdul Majid, Advocate & Solicitor from Lee Hishamuddin, given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 9, 2015
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
The Data Protection Act 2019, was enacted on November 8th, 2019, ushering a new era of accountability and responsibility with regard to processing of personal data and information. Naturally, there has been a resurrection of the chatter around data protection in increasingly data-driven social and economic settings. The question on everyone’s mind being what does this mean for me?
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Jim Brashear
Presentation for the North Carolina State Bar seminar on Real Estate Hot Topics on February 20, 2015. This presentation focuses on email security and its role in complying with the ALTA Best Practice on Privacy and Protection of Non-Public Personal Information.
In depth and exhaustive ISO 27001 Checklist covers compliance requirements on ISO 27001 Clause 9.2 w.r.t. Internal Audit. ‘Contains downloadable file of 4 Excel Sheets having 59 checklist Questions, 7 dynamic Analytical Graphs, complete list of Clauses, list of 114 Information Security Controls, 35 Information Security control objectives, and 14 Information Security domains. . To obtain your copy of the ISO 27001 Checklist, click on the url link below:-
https://www.isocertificationtrainingcourse.org/online-store/ISO-27001-Checklist-ISO-27001-Audit-Checklist-ISO-27001-Compliance-checklist-c28241136
Personal Data Protection Act - Employee Data PrivacylegalPadmin
Speech by Pn Adlin Abdul Majid, Advocate & Solicitor from Lee Hishamuddin, given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 9, 2015
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
The Data Protection Act 2019, was enacted on November 8th, 2019, ushering a new era of accountability and responsibility with regard to processing of personal data and information. Naturally, there has been a resurrection of the chatter around data protection in increasingly data-driven social and economic settings. The question on everyone’s mind being what does this mean for me?
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Jim Brashear
Presentation for the North Carolina State Bar seminar on Real Estate Hot Topics on February 20, 2015. This presentation focuses on email security and its role in complying with the ALTA Best Practice on Privacy and Protection of Non-Public Personal Information.
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Vijay Dalmia
REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION RULES, 2011
Under
The (Indian) Information Technology Act, 2000
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
In the shadow of the global pandemic and the associated economic downturn, organizations are focused on cost optimization, which often leads to impulsive decisions to deprioritize compliance with all nonrevenue programs.
Regulators have evolved to adapt with the notable increase in data subject complaints and are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine while Equifax agreed to pay a minimum of $575 million for its breach. The US Federal Trade Commission, the US Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories sued over the company’s failure to take “reasonable steps” to secure its sensitive personal data.
Privacy and data protection are enforced by a growing number of regulations around the world and people are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today, according to Gartner. There is a convergence of data privacy principles, standards and regulations on a common set of fundamental principles.
The opportunities to use data are growing exponentially, but so too are the business and financial risks as the number of data protection and privacy regulations grows internationally.
Join this webinar to learn more about:
- Trends in modern privacy regulations
- The impact on organizations to protect and use sensitive data
- Data privacy principles
- The impact of General Data Protection Regulation (GDPR) and data transfer between US and EU
- The evolving CCPA, the new PCI DSS version 4 and new international data privacy laws or regulations
- Data privacy best practices, use cases and how to control sensitive personal data throughout the data life cycle
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014UsmanMAmeer
This slide dive into Nigeria Data Protection Act 2014 to understand the right and roles of people that deals with Data, from Data Subject, Data Protection Officer to Data Compliance Officers.
Data Privacy and consent management .. .ClinosolIndia
Data privacy and consent management are critical aspects of ensuring that individuals' personal information is handled responsibly and ethically, particularly in healthcare settings where sensitive medical data is involved. Data privacy refers to the protection of personal information from unauthorized access, use, or disclosure, while consent management involves obtaining and managing individuals' permissions for the collection, storage, and processing of their data.
In healthcare, patients entrust providers with their sensitive medical information, expecting that it will be kept confidential and used only for legitimate purposes related to their care. Robust data privacy measures include encryption, access controls, and anonymization techniques to safeguard patient data from unauthorized access or breaches. Additionally, healthcare organizations must adhere to regulatory standards such as HIPAA in the United States or GDPR in the European Union, which outline specific requirements for the protection of patient information and impose penalties for non-compliance.
Consent management plays a crucial role in ensuring that individuals have control over how their data is used. Patients should be informed about the purposes for which their data will be collected and processed, as well as any potential risks or benefits associated with its use. Obtaining informed consent involves providing individuals with clear and transparent information about their privacy rights and giving them the opportunity to consent to or decline the use of their data for specific purposes. Consent management systems help healthcare organizations track and manage patients' consent preferences, ensuring that data is used in accordance with their wishes and legal requirements.
Effective data privacy and consent management practices not only protect individuals' privacy rights but also foster trust and transparency in healthcare relationships. By implementing robust security measures, respecting patients' autonomy, and promoting informed decision-making, healthcare organizations can uphold the principles of data privacy and consent while leveraging data responsibly to improve patient care and outcomes.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022PECB
In recent years, there has been a significant number of data privacy laws and regulations which have impacted business in different areas.
In this regard, many organizations are training their staff in order to avoid heavy penalties that are coming as a result of noncompliance.
Amongst others, the webinar covers:
• Some of the points that this webinar will cover:
• Privacy history - United Nations, EU/APAC/NA
• The GDPR and implications for global companies
• Practical Guide for Privacy Governance
• How Security and Privacy intersect
Presenters:
Ken Fishkin, CISSP, CIPT, CIPP/US, CIPM, ISO/IEC 27001 Lead Implementer, leads Lowenstein Sandler’s information security and data privacy programs, and mitigates their security and privacy risks to comply with client and regulatory requirements. He has more than 20 years of experience implementing and supporting secure, complex information technology infrastructures. Ken’s detailed knowledge of security and network methodologies, techniques, and best practices enables him to thoroughly assess and remediate cybersecurity threats and vulnerabilities.
He is President of the New Jersey Chapter of (ISC)2, a charitable, nonprofit organization focused on disseminating knowledge, exchanging ideas, and encouraging community outreach efforts in an effort to advance information security practice and awareness.
Ken is also on the Executive and Threat Intelligence Committees of the Legal Services Information Sharing and Analysis Organization (LS-ISAO), a member-driven community providing a secure framework for sharing actionable threat intelligence and vulnerability information.
Alfonso (Al) is currently the Vice President of Data Privacy & Security at a public SaaS-based real estate management firm based in California. Prior to this role, he was the Head of IT Risk & Privacy and Data Protection Officer (DPO) for a global Fortune 500 luxury retailer responsible for protecting $6Bn in annual revenue from traditional brick and mortar and e-Commerce channels. He has also been the Chief Information Security Officer (CISO) for a private consulting firm specialized in regulatory advisory services, and held various Governance, Risk, Compliance, and Privacy leadership roles in Energy, Financial Services, Security and Insurance industries.
Alfonso holds a Masters in Information Systems from Stevens Institute of Technology in Hoboken, New Jersey, and a Bachelor’s degree in Computer Science & Engineering from New York University, Tandon School of Engineering, Polytechnic Institute in Brooklyn, New York.
-------------------------------------------------------------------------------
YouTube video: https://youtu.be/UdE3aaZKCH8
Website link: https://pecb.com/
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
2. CASES
Nadeem Kashmiri and HSBC
Karan Bahree and Mphasis
My case - Hyundai
3. ISSUES
Liability of Company (Sec. 85)
Protection of data – Concern for outsourcing
industry
Privacy of data – Individual’s concern
4. SEC. 43A – COMPENSATION FOR FAILURE TO
PROTECT DATA
If body corporate, possessing, dealing or
handling any sensitive personal data or
information in a computer resource which it
owns, controls or operates, is negligent in
implementing and maintaining reasonable
security practices and procedures and
thereby causes wrongful loss or wrongful
gain to any person
Liability
– Damages by the way of
compensation
6. WHO IS LIABLE?
Sec.85: Offences by companies
• The company itself, being a legal person;
• The top management including directors; and
• The managers (persons directly responsible for the data)
If it is proved that -
• they had knowledge of contravention; or
• they have not used due diligence
• that it was caused due to their negligence
7. ISSUES
Whatis Sensitive Personal data or
Information?
Whatare Reasonable Security
Practices and Procedures?
8. THE SOLUTION
The Information Technology (Reasonable
security practices and procedures and sensitive
personal data or information) Rules, 2011
Enforceable from 11th April, 11
To be read with Sec. 43A
9. SENSITIVE PERSONAL DATA OR
INFORMATION
Passw
ord
Financ Health
ial info
condition
SP
DI
Bio-
metric Health
s Sexual records
orientati
on
Rule 3 - IT (Reasonable security practices and procedures and sensitive personal data or information)
Rules, 2011
10. REASONABLE SECURITY PRACTICES
Implementing comprehensive documented
information security programme and information
security policies
Containing –
Managerial, technical, operational and physical
security control measures commensurate with the
information assets held by the person.
Rule 8 - IT (Reasonable security practices and procedures and sensitive personal data or
information) Rules, 2011
11. REASONABLE SECURITY PRACTICES
The International Standard IS/ISO/IEC 27001 on
“Information Technology – Security Techniques –
Information Security Management System – Requirements”
is one such standard OR
If following other than IS/ISO/IEC codes of best practices
for data protection, shall get it duly approved and notified
by the Central Government OR
An agreement between the parties regarding protection of
“Sensitive Personal Information”
12. AUDITING
Necessary to get the codes or procedure certified or
audited on regular basis
Needs to be done by the Government Certified Auditor
Will be known as “Govt. Certified IT Auditor”
Not appointed yet
CERT-IN has empanelled IT Auditors
14. COLLECTION OF INFORMATION
About obtaining consent of the information provider
Consent in writing through letter/fax/email from the provider
of the SPDI regarding purpose of usage before collection of
such information
Need to specify –
Fact that SPDI is being collected
What type of SPDI is collected?
How long SPDI will be held?
Rule 5 - IT (Reasonable security practices and procedures and sensitive personal data or
information) Rules, 2011
15. COLLECTION OF INFORMATION
Provider should know –
Purpose of collection
Intended recipients
Details of the agency collecting the information and agency
retaining the information
Body Corporate not to retain information longer than required
Option should be given to withdraw the information provided
SPDI shall be used only for the purpose for which it has been
collected
Shall appoint “Grievance Officer” to address any discrepancies
and grievances about information in a timely manner – Max. time
– One month
16. PRIVACY AND DISCLOSURE OF
INFORMATION POLICY
Policy about handling of SPDI
Shall be published on website or should be available to view/inspect @
any time
Shall provide for –
Type of SPDI collected
Purpose of collection and usage
Clear and easily accessible statements of IT Sec. practices and policies
Statement that the reasonable security practices and procedures as provided
under rule 8 have been complied
Rule 4 - IT (Reasonable security practices and procedures and sensitive personal data or information)
Rules, 2011
17. DISCLOSURE
Disclosure –
Prior permission of provider necessary before disclosure
to third party OR
Disclosure clause needs to be specified in the original
contract OR
Must be necessary by law
Third party receiving SPDI shall not disclose it
further
Rule 6 - IT (Reasonable security practices and procedures and sensitive personal data or information)
Rules, 2011
18. TRANSFER OF INFORMATION
Transfer to be made only if it is necessary for
performance of lawful contract
Disclosure clause should be a part of Privacy and
Disclosure Policy
Transferee to ensure same level of data
protection is adhered while and after transfer
Details of transferee should be given to provider
Rule 7 - IT (Reasonable security practices and procedures and sensitive personal data or information)
Rules, 2011
19. SEC 72(A) (CRIMINAL OFFENCE)
Punishment for Disclosure of information in
breach of lawful contract -
Knowingly or intentionally disclosing “Personal
Information" in breach of lawful contract
IMP – Follow contract
Punishment - Imprisonment upto 3 years or fine
up to 5 lakh or with both (Cognizable but Bailable)
20. GRAMM–LEACH–BLILEY ACT (GLBA,
USA)
Focuses on finance
Safeguards Rule - Disclosure of Nonpublic Personal
Information
It requires financial institutions to develop a written information
security plan that describes how the company is prepared for, and
plans to continue to protect clients’ nonpublic personal
information.
This plan must include –
Denoting at least one employee to manage the safeguards,
Constructing a thorough risk analysis on each department handling
the nonpublic information,
Develop, monitor, and test a program to secure the information, and
Change the safeguards as needed with the changes in how
information is collected, stored, and used.
21. THE FEDERAL INFORMATION SECURITY
MANAGEMENT ACT OF 2002 (FISMA, USA)
Focus on economic and national security interests of
the United States
Emphasized on “risk-based policy for cost-effective
security”
Responsibility attached to federal agencies, NIST and
the Office of Management and Budget (OMB) to
strengthen information system security
Not mandatory
No penalty for non-compliance
22. DATA PROTECTION DIRECTIVE (EU)
European Union directive regulating the processing of
personal data within the EU
Protection of individual’s personal data and its free
movement
Coming soon - European Data Protection Regulation
Not mandatory
No penalty for non-compliance
23. PREAMBLE OF THE IT ACT
Purpose behind enacting IT Act –
To provide legal recognition to e-commerce
To facilitate e-governance
To provide remedy to cyber crimes
To provide legal recognition to digital evidence
o Preamble doesn’t specify that the Act aims @
establishing IT Security framework in India
24. BENEFITS
Compliance with legislation
No liability on organisation
Increased reliability and security of systems
Systems rationalization
Improved management controls
Improved risk management and contingency
planning