Privacy Expert: Organizations Ill-Prepared for Data Protection BillArrka CEO Says Organizations Still Confuse Privacy and Security
"I don't think most organizations are prepared for the personal data protection and privacy bill, that has been approved by the cabinet, as most people still confuse privacy and security and think that it is just an add-on to security," says Privacy Expert, Shivangi Nadkarni, CEO, Arrka Consulting, that helps organizations in managing their information risk, security and privacy. .
"Those organizations who have complied with India's law or maybe the Singapore Act or any other law have been a few steps ahead, as the focus of their compliance has been with respect to the exposure they have had with GDPR," says Nadkarni, in an interview with Information Security Media Group.
"There's a long way to go in terms of the perception of understanding what is involved in the data protection Act," says Nadkarni,
The first thing they have to realize in terms of privacy or law is that it is only related to personal data and understand the definition of personal data and build the personal data map, she argues.
In this interview, Nadkarni notes that the first challenge for organizations is to build the data map and that takes time and that typically is the first step in implementing a data privacy program.
Nadkarni also explains how structured standards of compliance frameworks such as ISO, PCIDSS, BS10012 or NIST need to be applied to do a gap analysis against whichever law or sets of laws the organizations need to comply with to understand the gaps, before implementing the data privacy program.
She offers insights on:
- Mechanism of classifying the data to analyze gaps;
- Contractual agreements required in analyzing cross-border data;
- How to evolve a structured privacy program;
Nadkarni is CEO at Arrka Consulting, an organization that helps companies manage their information risks, data security and data privacy functions. Nadkarni has over 22 years of experience in information risk and privacy, e-commerce, and networks. She previously headed the global application security and identity management practice at Wipro and established India's first licensed certifying authority for digital signatures in collaboration at Sify.