I refer to the earlier article on this forum “Measure your data, Treasure your data” A movement for the year 2026.
This was followed by many articles on Data Valuation. (Data Valuation methods 1, Data Valuation Methods-2 and Data Valuation Methods 3). We also discussed Business Model Maturity Index Model and Data Valuation as a Service.
These highlighted the need for PSUs to adopt a Data Valuation model since CAG has given a direction to the Auditors to answer the query “whether the Company has identified its data assets and whether it has been valued appropriately”.
This meant that PSUs needed to identify their data assets and also give a fair valuation thereof. This left most PSUs intrigued on how to value data assets and had to turn to the discussions we have made since a long time on this issue.
To add to this intrigue, now the petition in the Supreme Court on Section 44(3) has raised an issue whether the Public Information officers (PIO) of public authorities who have an obligation to disclose information under the RTI act are able to make an assessment of whether the requested release of information infringes privacy of any individual and if so whether the harm caused thereof outweighs the public benefit or not.
Assuming that most requested release would involve personal information disclosure, all PIOs therefore need to be proficient on DPDPA and be capable of creating a judicially sustainable internal note on whether the disclosure is or is not violative of the DPDPA.
If the PIO makes any error, the organization will be exposed to the risk of a data principal raising a claim for damages and the DPB considering a penalty on the organization.
The twin challenges of data valuation and DPDPA impact on RTI disclosures will require all PSUs to quickly start evaluating the “DPDPA Risk on their RTI obligation”.
FDPPI would like to advise all PSUs to start taking measures to assess their risks on the above two aspects and how to mitigate them.
Naavi
