How to comply with the Bill effectively?

According to the Indian Express, it is high time the country thought about the way of dealing with all the complaints which might be lavished on the authorities with regard to the Personal Data Protection Bill which has been drafted for three years already.

Considering the amount of applications submitted and requests based on individual cases of personal data security violations, the proposed Data Protection Authority (DPA) which is being designed under the Bill, will face problems dealing with a huge number of such requests from entities. It boils down to simple math – the Indian Express offered an example in which 2.6 billion of transactions made annually may result in minor discontent – for instance, if at least 0.5% of them become reason for a complaint, there will be about 13 million such cases every year. The authority will not be able to process all of them.

Read more about recent data breaches in India: BEML sensitive data leaked, 7 million Indians got their data affected, HCL leaks confidential data, State Bank of India fixes an unprotected server

In point of this it is advised that a standalone Data Protection Ombudsman tackles these grievances. It will be possible to ensure redress as it can be the only objective to achieve. Continuous interaction between the Ombudsman and the Authority can improve the work of the DPA providing intelligence collected while processing complaints.

As the Indian Express emphasises, “…important details, like the terms of appointment, jurisdictional scope, and procedure for hearings, are, however, left to be decided by the central government” and aren’t yet determined in the draft. There’s also no indication in the Bill at whether any mediation preceding the adjudication process is allowed. The creation of a network of local facilitation centres was recommended by a task force in order to guarantee technology-enabled redress for everyone, including individuals in rural areas.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.