Model Data Breach Notification Policy from CLCC

Naavi’s Cyber Law Compliance Center (CLCC) has so far announced a program to build a Society of Cyber Law Compliant  Netizens/Organizations in India which requires a code of conduct to be developed. We intend suggesting the code of conduct through a series of policy documents published through CLCC which can be adopted as a “Standard”. We have already released a WhatsApp Group Administration Policy” which may be adopted  by any WhatsApp group admin subject to a free registration of the group to the CLCC.

A question has been raised by one Admin if there is any way of getting a legally valid evidentiary confirmation for the users having adopted the policy. It has been suggested that at present the policy is notified by reference to the link to the document at the CLCC at the time a member joins the group.

However, it has been suggested that CLCC can act in conjunction with ceac.in to provide a “Certified E Mail Delivery Service” through which the notices can be served to the users. This may however be offered at a fee and details can be discussed when there is a specific enquiry.

In the meantime, CLCC has also worked on a Voluntary “Data Breach Notification Policy”. Such a policy is often mandated by regulators in many countries. In India there is no Privacy law for the time being and the reference to data breach notification as a policy is available in ITA 2000/8 but not very specific.

We however consider that such a policy is part of the recommended “Good Practice” for all entities which want to build a trust with its customers before picking up their data for any service. We also feel that such a practice will instill a sense of discipline amongst the Information Security Professionals in an organization. It is also envisaged that having a data breach notification practice  will also create a short circuiting of liabilities before they accumulate and blow up on a later day and hence should be of interest to Cyber Insurance Companies to suggest it as a mandatory practice.

Since Data Breach Notification Policy will be only of commercial interest, we intend to make it available on request at this point of time. Requests may be sent by email to Naavi indicating the organization for which it is expected to be used.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.