You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Board doesn't have suo moto cognisance - on receipt of an intimation of personal data breach or on a complaint made by a Data Principal only starts quality if sufficient grounds present. The Board not yet set up.
Highlights of the Act:
The fiduciary to notice how to withdraw consent and for what purpose data collected and get consent from the principal
When anytime questioned, fiduciary should be able to prove the consent received
If the principal is a child, parent or guardian consent is needed
The principal at any point of time should be able to view or update the information shared.
When the principal withdraws consent or the purpose is not anymore relevant whichever is earlier, the fiduciary via the processor should no longer store the data
Data principal can nominate someone else for deciding about withdrawing of the consent
Government when collected data for the purpose of fulfilling some act or benefits, this Act doesn't apply.
Approach:
PO: As data processors:
Add withdraw consent buttons
- If withdrawn consent by reporting to consent manager - do not show those individuals anywhere in webapp or mobile app
- Hard delete the transactional data
Org as a whole withdraw consent in the Admin tab or for a state
- Hard delete the transactional data
Withdraw permissions from mobile app(call, mobile, etc.,) asap
Toggle on or off - since not applicable for gov apps.
P1: To enable data fiduciaries:
To auto-delete once met the purpose: Add withdraw consent rule
- After it meets communicated purpose need to delete the info, or when data principal doesn't approach
- What is communicated purpose - student graduated, children removed from high risk, pregnant women migrated, a person de-addiction program ended or dead or migrated or exited from program
For getting consent:
- Option 1: they show notice in a paper and get signature. In the default first page of Person registration form,
- So upload image(specialized concept or by adding keyvalues to image concept) - image concept
- Mark consented or not
- In individual table store
- Option 2: Integrate with Glific/Exotel(voice recordings)
For sharing personal data with data principal:
- Glific
Data principal nomination: Subject concept should be sufficient.
Old:
Context:
provider based systems have more difficult job compared to consumer types, because one wants the provider to be able to see PII which is not required for consumer systems.
offline systems have their own additional vulnerability surface area
"Penalties: The schedule to the Bill specifies penalties for various offences such as up to: (i) Rs 200 crore for non-fulfilment of obligations for children, and (ii) Rs 250 crore for failure to take security measures to prevent data breaches. Penalties will be imposed by the Board after conducting an inquiry. "
Avni has become suddenly far more risky proposition
Context:
https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf
6)(6) and 8) relevant to us as data processors. Others as well are relevant to enable data fiduciaries to be able to work inline with the Act.
Priority:
Board doesn't have suo moto cognisance - on receipt of an intimation of personal data breach or on a complaint made by a Data Principal only starts quality if sufficient grounds present. The Board not yet set up.
Highlights of the Act:
Approach:
PO: As data processors:
- If withdrawn consent by reporting to consent manager - do not show those individuals anywhere in webapp or mobile app
- Hard delete the transactional data
- Hard delete the transactional data
P1: To enable data fiduciaries:
- After it meets communicated purpose need to delete the info, or when data principal doesn't approach
- What is communicated purpose - student graduated, children removed from high risk, pregnant women migrated, a person de-addiction program ended or dead or migrated or exited from program
- Option 1: they show notice in a paper and get signature. In the default first page of Person registration form,
- So upload image(specialized concept or by adding keyvalues to image concept) - image concept
- Mark consented or not
- In individual table store
- Option 2: Integrate with Glific/Exotel(voice recordings)
- Glific
Old:
Context:
Avni has become suddenly far more risky proposition
AC:
-document all the security measures we have
Analysis:
Inputs:
The text was updated successfully, but these errors were encountered: