Naavi’s Cyber Law Compliance Center (CLCC) has so far announced a program to build a Society of Cyber Law Compliant Netizens/Organizations in India which requires a code of conduct to be developed. We intend suggesting the code of conduct through a series of policy documents published through CLCC which can be adopted as a “Standard”. We have already released a “WhatsApp Group Administration Policy” which may be adopted by any WhatsApp group admin subject to a free registration of the group to the CLCC.
A question has been raised by one Admin if there is any way of getting a legally valid evidentiary confirmation for the users having adopted the policy. It has been suggested that at present the policy is notified by reference to the link to the document at the CLCC at the time a member joins the group.
However, it has been suggested that CLCC can act in conjunction with ceac.in to provide a “Certified E Mail Delivery Service” through which the notices can be served to the users. This may however be offered at a fee and details can be discussed when there is a specific enquiry.
In the meantime, CLCC has also worked on a Voluntary “Data Breach Notification Policy”. Such a policy is often mandated by regulators in many countries. In India there is no Privacy law for the time being and the reference to data breach notification as a policy is available in ITA 2000/8 but not very specific.
We however consider that such a policy is part of the recommended “Good Practice” for all entities which want to build a trust with its customers before picking up their data for any service. We also feel that such a practice will instill a sense of discipline amongst the Information Security Professionals in an organization. It is also envisaged that having a data breach notification practice will also create a short circuiting of liabilities before they accumulate and blow up on a later day and hence should be of interest to Cyber Insurance Companies to suggest it as a mandatory practice.
Since Data Breach Notification Policy will be only of commercial interest, we intend to make it available on request at this point of time. Requests may be sent by email to Naavi indicating the organization for which it is expected to be used.