Naavi.org

We are all aware that insurance companies are aggressive in marketing their policies and are in the forefront of misusing the provisions of law regarding infringing the privacy of individuals. Bigger the company, bigger are the violations.

I recently had an occasion to observe that HDFC life issued a life policy for me though I was not eligible and to make it possible for them to issue the policy they included the name of my son on whose life I had no intention of insuring. But HDFC life created the policy in such a manner that the proposal was from my son though the payment was made out of my account.

Assuming that this is an error that can be ignored though it has caused my investible resources to get stuck for some time now, immediately on receipt of the policy document, I returned it to the Mumbai office of HDFC Life asking for immediate cancellation and followed up several times through email. But HDFC life maintained a stoic silence until a representative of mine physically visited their branch in Bangalore to find out. He was informed that my email address was not registered and hence they were not responding. If I had made the payment, sent a courier and followed up with the email, it was improper for them not to try contacting me. Only when the other joint holder sent the same request they responded only with a request not to cancel.

They are also insisting that the joint holder of the policy has to visit their branch to finalize the cancellation. While issuing the policy there was no need to visit but now they are insisting on this formality, though both the holders

I have now reported the issue to the CEO of HDFC Life as well as IRDAI and waiting for the response.

I have now requested HDFC Life to let me know what process they follow when they receive a courier package containing a policy followed up with a request for cancellation. How can this request remain responded for the technical reason that the email address is not registered though the name and other details are visible in the returned policy.

This would be a classic contravention of the Data Protection Act 2021 which could result in penalty of upto Rs 10 lakhs. If on receipt of such complaint the audit or inspection shows that there is no proper process, then the penalty can be upto 4% of the total worldwide turnover of HDFC life.

The persons handling support@hdfclife.com or service@hdfclife.com need to realize that a request of the type I made is indicating a risk of a penalty that could run into crores of rupees and should log it as an “Incident”. Such incidents are auditable by the Data Protection Authority.

It is clear that HDFC life may not have a DPO at this point of time, but whoever takes up the mantle will have a huge task of repairing the lax attitude of the support/service handlers.

Naavi

It is well known that pensioners are dependent on Banks for disbursal of their pensions. Once the pension is approved by the relevant Government department, the instructions are passed on to the Bank and periodical payments are initiated by the Bank. The pensioner is entirely dependent on the Bank for crediting what is due.

An instance has come to the light where the Dombivli branch of State bank of India has suddenly sent a message to a lady pensioner of advanced age that since 1st February 2011 there was an excess payment of payment in the account (average about 15%) and a total amount of around Rs 502000/- has become recoverable. The Bank has gone ahead to block the SB account of the account holder and left the pensioner in the lurch.

A question has to be raised here about whether the payment made by the Bank and credited in excess to the account holder is recoverable?.

According to Banking law applicable for wrong advice of credit, if the customer has altered his position genuinely on the basis of the advise of the Bank, the amount even if excess cannot be arbitrarily recovered. In the case of payment of pension, it is a full and final settlement by the paying authority and it is legally unfair to recover. If there was an error then the excess has to be recovered from who ever was responsible for the excess payment and the Bank has the right to absorb the loss if it deems fit.

I am bringing this incident to public knowledge here so that the authorities responsible for payment of pension in the Central Government may take suitable steps to advise State Bank of India, Dombivli branch to take appropriate corrective action in respect of the complaint which is with them.

In case the authorities want more details, Naavi.org would be providing the same.

We wish SBI and the Central Government responds to this issue immediately.

Naavi

The recent issue of Sulli deal and Bulli Bai apps being hosted on GitHub has exposed GitHub to liabilities under ITA 2000 as a Significant Social Media Intermediary (It is estimated that there are 5.8 million users from India).

According to Git hub it is primarily a “Repository” of code. At the same time it also provides services for hosting the code on a website which becomes a publishing service.

In the copyright law, software code is considered as “Literature” and an “Expression”. Hence hosting of codes to directly render services from Github servers like the Sulli deal and Bulli Bai can be classified as publishing activity.

Hence Git Hub is liable both under IAT 2000 and the new Intermediary Guidelines of February 25 as well as the new law coming under DPA 2021 applicable for Significant Social Media Platform.

As an Intermediary and a Paltform, GitHub has to provide for identification of the users, appoint a local compliance officer and be accountable. It cannot take excuse that it is not an Indian Company or it’s servers are in India etc even if it is owned by Microsoft.

Microsoft may claim that it is only the owner of the basic platform and each hosted app is a separate service provided by the users. This would mean that Microsoft itself is a cloud service intermediary and would escape direct liability as long as it can identify the wrong doers.

In the Sulli Deal and Bulli Bai cases therefore, the law enforcement has a strong case against  Microsoft to enforce the law and expect them to co-operate beyond just removing the applications, which is the first step. Now Git hub should be able to preserve the evidence under section 65 and 79 about the transactions in the account including IP address information for a minimum period of last 6 months.

I hope the Government and CERT-IN should take steps to ensure that Git Hub does not make it difficult for law enforcement to get necessary information to continue their investigations.

Naavi

It appears that the power of corruption and the criminals have now invaded the security guardians. As per the news report, Norton a well known company in the Anti Virus software business is added to the download of Norton 360. This is a crypto miner that would mine Ethereum which is fungible with Bitcoin and other crypto currencies.

Though Norton claims that it is an opt in feature and can be turned off, in reality it is stated that it is difficult to remove. We all know that all users are not alert enough to filter such unwanted software at the time of downloading.

It is unfortunate that anti virus companies which were identifying Crypto Miners as “Potentially Unwanted Program” have now yielded to the power of the corrupt.  Norton would be collecting 15% mining fee and use the resources of the users in terms of computing power and electricity to generate this revenue.

This is a completely unacceptable behaviour for a security company. For long time, common man as been alleging that anti virus companies themselves spread the virus and then sell removal tools. Norton has gone one step further to join hands with the “Computer Contaminant” manufacturers to promote Computer contaminants.

India is in the verge of declaring Crypto Currencies illegal and ITA 2000 already has a provision under Section 43 read with Section 66 to consider installation of any program without proper consent as a criminal offence. Even the DPA 2021 has introduced a provision for certification of software to ensure any malicious codes to be present in any software.

Hence the Norton Service is a challenge to the “Opt-in” provision and the sanctity of the consents obtained, whether they are truly well informed consent as per the standards of contract under Section 14 of Indian Contract Act (Refer section 11 of DPA 2021).

I urge CERT-IN to send an advisory to the public about the danger of installing Norton 360 and also advise all Government Agencies to refrain from using Norton Services.

By associating with the Currency of the Criminals, Norton has lost the credibility as a trusted security company and it has to be red-flagged for security purposes.

Naavi

The year 2022 is unfolding before us and I wish all of you a happy new year.

The year 2022 is more likely than ever before to see the passing of the Indian Data Protection Act.

Since September 2018 when FDPPI was formed we have been preparing professionals in India  to be aware of the Indian Data protection scenario through our continuous educational activities.

In the process we have conducted Training Programs leading to “Certification”, webinars in the form of “Indian Data Protection Summit” and “Jnaana Vardhini” events.

We have also developed a base framework for compliance for the industry.

The time has now come to upgrade all our efforts to a higher level as the country prepares itself for the full fledged Privacy and Data Protection Era.

In this direction FDPPI will be introducing a FDPPI “Continuing Professional Education Program (FDPPI-CPE Program) similar to other professional organizations.

The FDPPI-CPE program is aimed at not only ensuring that our professionals  will be better placed to meet challenges that they may encounter in the domain of Privacy and Data Protection  in the real world, but also ensure that the industry respects our professionals more than ever before.

It is desired that an FDPPI Certified professional should command a respect as well informed and updated professional in the eyes of the industry and the FDPPI-CPE program has to enable it.

Please watch out for the details of the program that would be shared here in a couple of days.

We may start the program with some simple provisions and introduce more features in the coming days.

Naavi

When I first entered the web space with an email and my first website, I took upon the recognition as “Naavi”. My first book in 1998 was authored under the name Naavi. (Cyber Laws for Every Netizen in India). My first website was naavi.com (Which is now used by an Australian Company). The website naavi.org fortunately continues with me. The first email naavi@vsnl.com became unusable since VSNL sold itself to Tatas and they discontinued the email service.

At this time, I had anticipated issues in the domain space arising out of similar looking domain names and had introduced a service called “Lookalikes.in” which was a voluntary disclosure for one website owner to declare that the domain name is not related to another domain name which may look similar.

When I adopted the name Naavi, the name “Navi” was considered and left out since it was a registered trademark of Nokia in Japan and also in India reminded people of Navi Mumbai.

Naavi on the other hand was a direct english translation of my initials in Kannada and I had genuine trademark rights. (My Name is Vijayashankar Nagaraja Rao, where Na in Nagaraja is spoken as Naa).

When the film Avatar was released, Google started behaving erratically recognizing NaVi as equivalent to Naavi and the google search for Naavi was directed to Navi, since the movie used the term Navi to describe  a clan.

After a while Avatar went to the background as the interest in searches on Avatar the movie receded.

Recently however, Mr Sachin Bansal, the former Flipkart entrepreneur is creating problems for me since he has started his new ventures under the name “NaVi”. This business is in the field of Finance and  Loans which also happens to be my career in the past where I worked with Indian Overseas Bank and Nagarjuna group. I was a consultant in the financial sector and done extensive work with NBFCs in Chennai.

As a result when people look at Navi loans or Navi Mutual funds, there is a natural confusion as to whether these businesses are associated with my activities.

When the Naavi.com was acquired by a cyber squatter, I thought the name Naavi could not be that important and ignored the loss. When it was acquired by an Australian Company which was into training, after some initial correspondence the conflict was ignored.

Unfortunately Mr Sachin Bansal’s venture is in India and is related to Finance and I have been receiving some calls to enquire if these companies belong to me. There are spam complaints also against the Navi companies which may get confused with me.

While I can consider placing a disclaimer under Lookalikes.com to declare that naavi.org is not related to Navi group of Sachin Bansal, it is sad to know that Google does not distinguish between Naavi and Navi and search for Naavi gets diverted to Navi.

Google should be ashamed of its algorithm that blindly considers Naavi and Navi same terms and needs to be retrained.

I also request that the Navi group of Companies provide a disclaimer that it is not related to Naavi.

I am not sure how Navi group will deal with their trademark infringement with Nokia but the confusing similarity with Naavi needs to be amicably settled.

I am taking the proactive step since Navi.com is already in the list of “Confusingly similar websites” listed in the Lookalikes disclaimer which is available under the link About-Legal.

I wish that Sachin Bansal group also displays a disclaimer that Navi websites and activities are not related to Naavi.

Naavi